[ 2887.518892] Running test [R:13283357 T:8 - KUNIT - Kernel: 5.14.0-243.1944_756456474.el9.x86_64+debug]
[ 2896.813894] # Subtest: bitfields
[ 2896.813908] 1..2
[ 2896.817536] ok 1 - test_bitfields_constants
[ 2896.818066] ok 2 - test_bitfields_variables
[ 2896.818564] ok 1 - bitfields
[ 2897.352039] # Subtest: cmdline
[ 2897.352047] 1..4
[ 2897.353216] ok 1 - cmdline_test_noint
[ 2897.354084] ok 2 - cmdline_test_lead_int
[ 2897.355107] ok 3 - cmdline_test_tail_int
[ 2897.356130] ok 4 - cmdline_test_range
[ 2897.356706] ok 2 - cmdline
[ 2897.797601] # Subtest: ext4_inode_test
[ 2897.797608] 1..1
[ 2897.798256] # inode_test_xtimestamp_decoding: ok 1 - 1901-12-13 Lower bound of 32bit < 0 timestamp, no extra bits
[ 2897.799212] # inode_test_xtimestamp_decoding: ok 2 - 1969-12-31 Upper bound of 32bit < 0 timestamp, no extra bits
[ 2897.800902] # inode_test_xtimestamp_decoding: ok 3 - 1970-01-01 Lower bound of 32bit >=0 timestamp, no extra bits
[ 2897.802659] # inode_test_xtimestamp_decoding: ok 4 - 2038-01-19 Upper bound of 32bit >=0 timestamp, no extra bits
[ 2897.804146] # inode_test_xtimestamp_decoding: ok 5 - 2038-01-19 Lower bound of 32bit <0 timestamp, lo extra sec bit on
[ 2897.805861] # inode_test_xtimestamp_decoding: ok 6 - 2106-02-07 Upper bound of 32bit <0 timestamp, lo extra sec bit on
[ 2897.807471] # inode_test_xtimestamp_decoding: ok 7 - 2106-02-07 Lower bound of 32bit >=0 timestamp, lo extra sec bit on
[ 2897.809661] # inode_test_xtimestamp_decoding: ok 8 - 2174-02-25 Upper bound of 32bit >=0 timestamp, lo extra sec bit on
[ 2897.811818] # inode_test_xtimestamp_decoding: ok 9 - 2174-02-25 Lower bound of 32bit <0 timestamp, hi extra sec bit on
[ 2897.813668] # inode_test_xtimestamp_decoding: ok 10 - 2242-03-16 Upper bound of 32bit <0 timestamp, hi extra sec bit on
[ 2897.815266] # inode_test_xtimestamp_decoding: ok 11 - 2242-03-16 Lower bound of 32bit >=0 timestamp, hi extra sec bit on
[ 2897.818253] # inode_test_xtimestamp_decoding: ok 12 - 2310-04-04 Upper bound of 32bit >=0 timestamp, hi extra sec bit on
[ 2897.819799] # inode_test_xtimestamp_decoding: ok 13 - 2310-04-04 Upper bound of 32bit>=0 timestamp, hi extra sec bit 1. 1 ns
[ 2897.821672] # inode_test_xtimestamp_decoding: ok 14 - 2378-04-22 Lower bound of 32bit>= timestamp. Extra sec bits 1. Max ns
[ 2897.823241] # inode_test_xtimestamp_decoding: ok 15 - 2378-04-22 Lower bound of 32bit >=0 timestamp. All extra sec bits on
[ 2897.825116] # inode_test_xtimestamp_decoding: ok 16 - 2446-05-10 Upper bound of 32bit >=0 timestamp. All extra sec bits on
[ 2897.826326] ok 1 - inode_test_xtimestamp_decoding
[ 2897.827481] ok 3 - ext4_inode_test
[ 2898.776919] # Subtest: kunit-try-catch-test
[ 2898.776938] 1..2
[ 2898.778408] ok 1 - kunit_test_try_catch_successful_try_no_catch
[ 2898.779582] ok 2 - kunit_test_try_catch_unsuccessful_try_does_catch
[ 2898.780205] ok 4 - kunit-try-catch-test
[ 2898.790948] # Subtest: kunit-resource-test
[ 2898.790955] 1..7
[ 2898.792182] ok 1 - kunit_resource_test_init_resources
[ 2898.793023] ok 2 - kunit_resource_test_alloc_resource
[ 2898.794226] ok 3 - kunit_resource_test_destroy_resource
[ 2898.795563] ok 4 - kunit_resource_test_cleanup_resources
[ 2898.796739] ok 5 - kunit_resource_test_proper_free_ordering
[ 2898.797957] ok 6 - kunit_resource_test_static
[ 2898.799074] ok 7 - kunit_resource_test_named
[ 2898.799622] ok 5 - kunit-resource-test
[ 2898.800665] # Subtest: kunit-log-test
[ 2898.800671] 1..1
[ 2898.802037] put this in log.
[ 2898.802298] this too.
[ 2898.802768] add to suite log.
[ 2898.803029] along with this.
[ 2898.803941] ok 1 - kunit_log_test
[ 2898.804240] ok 6 - kunit-log-test
[ 2898.805883] # Subtest: kunit_status
[ 2898.805889] 1..2
[ 2898.806822] ok 1 - kunit_status_set_failure_test
[ 2898.807634] ok 2 - kunit_status_mark_skipped_test
[ 2898.808127] ok 7 - kunit_status
[ 2898.909170] # Subtest: rtc_lib_test_cases
[ 2898.909178] 1..1
[ 2902.506315] ok 1 - rtc_time64_to_tm_test_date_range
[ 2902.506574] ok 8 - rtc_lib_test_cases
[ 2902.690214] # Subtest: list-kunit-test
[ 2902.690224] 1..36
[ 2902.691900] ok 1 - list_test_list_init
[ 2902.692625] ok 2 - list_test_list_add
[ 2902.693523] ok 3 - list_test_list_add_tail
[ 2902.694177] ok 4 - list_test_list_del
[ 2902.695433] ok 5 - list_test_list_replace
[ 2902.696081] ok 6 - list_test_list_replace_init
[ 2902.697139] ok 7 - list_test_list_swap
[ 2902.698442] ok 8 - list_test_list_del_init
[ 2902.699084] ok 9 - list_test_list_move
[ 2902.700211] ok 10 - list_test_list_move_tail
[ 2902.701159] ok 11 - list_test_list_bulk_move_tail
[ 2902.702179] ok 12 - list_test_list_is_first
[ 2902.703246] ok 13 - list_test_list_is_last
[ 2902.704247] ok 14 - list_test_list_empty
[ 2902.705239] ok 15 - list_test_list_empty_careful
[ 2902.706225] ok 16 - list_test_list_rotate_left
[ 2902.707236] ok 17 - list_test_list_rotate_to_front
[ 2902.708230] ok 18 - list_test_list_is_singular
[ 2902.709363] ok 19 - list_test_list_cut_position
[ 2902.710429] ok 20 - list_test_list_cut_before
[ 2902.711861] ok 21 - list_test_list_splice
[ 2902.712710] ok 22 - list_test_list_splice_tail
[ 2902.713780] ok 23 - list_test_list_splice_init
[ 2902.714778] ok 24 - list_test_list_splice_tail_init
[ 2902.715812] ok 25 - list_test_list_entry
[ 2902.716635] ok 26 - list_test_list_first_entry
[ 2902.719423] ok 27 - list_test_list_last_entry
[ 2902.720111] ok 28 - list_test_list_first_entry_or_null
[ 2902.726140] ok 29 - list_test_list_next_entry
[ 2902.726964] ok 30 - list_test_list_prev_entry
[ 2902.727963] ok 31 - list_test_list_for_each
[ 2902.729016] ok 32 - list_test_list_for_each_prev
[ 2902.729977] ok 33 - list_test_list_for_each_safe
[ 2902.730983] ok 34 - list_test_list_for_each_prev_safe
[ 2902.732003] ok 35 - list_test_list_for_each_entry
[ 2902.733082] ok 36 - list_test_list_for_each_entry_reverse
[ 2902.733681] ok 9 - list-kunit-test
[ 2902.840894] # Subtest: memcpy
[ 2902.840901] 1..4
[ 2902.841645] # memset_test: ok: memset() direct assignment
[ 2902.842395] # memset_test: ok: memset() complete overwrite
[ 2902.842915] # memset_test: ok: memset() middle overwrite
[ 2902.843434] # memset_test: ok: memset() argument side-effects
[ 2902.843969] # memset_test: ok: memset() memset_after()
[ 2902.844467] # memset_test: ok: memset() memset_startat()
[ 2902.845884] ok 1 - memset_test
[ 2902.846052] # memcpy_test: ok: memcpy() static initializers
[ 2902.846951] # memcpy_test: ok: memcpy() direct assignment
[ 2902.847515] # memcpy_test: ok: memcpy() complete overwrite
[ 2902.848149] # memcpy_test: ok: memcpy() middle overwrite
[ 2902.848667] # memcpy_test: ok: memcpy() argument side-effects
[ 2902.849974] ok 2 - memcpy_test
[ 2902.850334] # memmove_test: ok: memmove() static initializers
[ 2902.851191] # memmove_test: ok: memmove() direct assignment
[ 2902.851726] # memmove_test: ok: memmove() complete overwrite
[ 2902.852250] # memmove_test: ok: memmove() middle overwrite
[ 2902.852823] # memmove_test: ok: memmove() argument side-effects
[ 2902.853410] # memmove_test: ok: memmove() overlapping write
[ 2902.854876] ok 3 - memmove_test
[ 2902.855131] ok 4 - strtomem_test
[ 2902.855600] ok 10 - memcpy
[ 2902.961388] # Subtest: mptcp-crypto
[ 2902.961395] 1..1
[ 2902.962012] ok 1 - mptcp_crypto_test_basic
[ 2902.962235] ok 11 - mptcp-crypto
[ 2903.085208] # Subtest: mptcp-token
[ 2903.085215] 1..4
[ 2903.089173] ok 1 - mptcp_token_test_req_basic
[ 2903.089822] ok 2 - mptcp_token_test_msk_basic
[ 2903.090988] ok 3 - mptcp_token_test_accept
[ 2903.091800] ok 4 - mptcp_token_test_destroyed
[ 2903.092207] ok 12 - mptcp-token
[ 2903.388402] # Subtest: rational
[ 2903.388410] 1..1
[ 2903.388961] # rational_test: ok 1 - Exceeds bounds, semi-convergent term > 1/2 last term
[ 2903.392884] # rational_test: ok 2 - Exceeds bounds, semi-convergent term < 1/2 last term
[ 2903.394315] # rational_test: ok 3 - Closest to zero
[ 2903.395664] # rational_test: ok 4 - Closest to smallest non-zero
[ 2903.396698] # rational_test: ok 5 - Use convergent
[ 2903.397644] # rational_test: ok 6 - Exact answer
[ 2903.398787] # rational_test: ok 7 - Semiconvergent, numerator limit
[ 2903.399826] # rational_test: ok 8 - Semiconvergent, denominator limit
[ 2903.400552] ok 1 - rational_test
[ 2903.401141] ok 13 - rational
[ 2903.506547] # Subtest: resource
[ 2903.506554] 1..2
[ 2903.507079] ok 1 - resource_test_union
[ 2903.507936] ok 2 - resource_test_intersection
[ 2903.508358] ok 14 - resource
[ 2903.618749] # Subtest: slub_test
[ 2903.618756] 1..2
[ 2903.648654] ok 1 - test_clobber_zone
[ 2903.659471] ok 2 - test_clobber_redzone_free
[ 2903.659840] ok 15 - slub_test
[ 2903.876189] # Subtest: snd_soc_tplg_test
[ 2903.876199] 1..11
[ 2903.880998] ok 1 - snd_soc_tplg_test_load_with_null_comp
[ 2903.885762] ok 2 - snd_soc_tplg_test_load_with_null_ops
[ 2903.888703] ok 3 - snd_soc_tplg_test_load_with_null_fw
[ 2903.891731] ok 4 - snd_soc_tplg_test_load_empty_tplg
[ 2903.894752] ok 5 - snd_soc_tplg_test_load_empty_tplg_bad_magic
[ 2903.897768] ok 6 - snd_soc_tplg_test_load_empty_tplg_bad_abi
[ 2903.900761] ok 7 - snd_soc_tplg_test_load_empty_tplg_bad_size
[ 2903.903133] ok 8 - snd_soc_tplg_test_load_empty_tplg_bad_payload_size
[ 2903.904702] ok 9 - snd_soc_tplg_test_load_pcm_tplg
[ 2903.907110] ok 10 - snd_soc_tplg_test_load_pcm_tplg_reload_comp
[ 2903.911069] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2903.914186] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2903.961194] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2903.965026] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2903.994409] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2903.997989] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2904.019784] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2904.023044] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2904.048981] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2904.052858] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2904.073523] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2904.077323] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2904.098404] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2904.101986] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2904.122917] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2904.125981] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2904.147867] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2904.161122] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2904.187695] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2904.191061] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2904.213725] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2904.217003] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2904.238534] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2904.240267] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2904.266044] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2904.269960] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2904.296144] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2904.300972] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2904.324851] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2904.328036] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2904.352166] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2904.355961] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2904.380707] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2904.388629] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2904.416903] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2904.420006] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2904.441578] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2904.444997] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2904.469922] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2904.472986] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2904.501055] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2904.503930] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2904.531425] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2904.549817] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2904.577391] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2904.581036] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2904.606809] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2904.609977] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2904.635930] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2904.640987] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2904.665687] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2904.668996] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2904.692562] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2904.695919] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2904.720499] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2904.726407] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2904.749335] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2904.752979] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2904.773129] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2904.777061] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2904.806197] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2904.809978] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2904.831192] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2904.835979] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2904.855088] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2904.857074] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2904.884005] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2904.886954] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2904.907568] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2904.913512] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2904.935447] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2904.938951] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2904.961743] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2904.964991] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2904.991052] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2904.994955] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2905.023512] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2905.025249] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2905.046190] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2905.050022] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2905.071828] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2905.075974] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2905.100621] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2905.104637] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2905.130127] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2905.133940] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2905.155712] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2905.159941] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2905.181156] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2905.190792] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2905.263191] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2905.270634] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2905.299788] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2905.303930] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2905.326558] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2905.330813] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2905.350892] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2905.355916] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2905.376556] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2905.379902] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2905.405364] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2905.408993] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2905.433368] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2905.436942] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2905.458603] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2905.463039] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2905.482618] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2905.487985] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2905.508080] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2905.511929] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2905.537486] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2905.540984] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2905.561728] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2905.565017] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2905.589457] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2905.593021] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2905.614769] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2905.618923] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2905.647595] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2905.650943] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2905.674115] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2905.677921] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2905.700815] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2905.704993] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2905.727190] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2905.732872] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2905.753895] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2905.757938] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2905.778784] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2905.787196] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2905.813309] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2905.816069] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2905.836998] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2905.845556] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2905.868638] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2905.871847] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2905.894514] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2905.909810] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2905.934442] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2905.936503] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2905.957335] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2905.962531] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2905.984145] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2905.989096] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2906.009180] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2906.012908] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2906.040198] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2906.044946] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2906.071869] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2906.075923] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2906.097460] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2906.100936] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2906.124860] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2906.127939] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2906.151486] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2906.156730] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2906.177952] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2906.184438] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2906.205550] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2906.208895] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2906.231191] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2906.236170] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2906.270025] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2906.275958] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2906.298462] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2906.301983] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2906.325385] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2906.330873] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2906.353734] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2906.357964] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2906.380856] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2906.385007] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2906.406452] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2906.409894] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2906.431466] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2906.434860] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2906.454804] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2906.458888] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2906.487611] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2906.491863] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2906.512797] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2906.516939] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2906.537777] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2906.551001] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2906.573914] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2906.578993] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2906.598539] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2906.605928] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2906.628369] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2906.632633] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2906.654340] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2906.657101] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2906.684497] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2906.687963] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2906.710274] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2906.715351] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2906.738162] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2906.742887] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2906.764376] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 2906.768954] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 2906.791909] ok 11 - snd_soc_tplg_test_load_pcm_tplg_reload_card
[ 2906.791924] ok 16 - snd_soc_tplg_test
[ 2907.065062] # Subtest: soc-utils
[ 2907.065072] 1..1
[ 2907.071374] ok 1 - test_tdm_params_to_bclk
[ 2907.071652] ok 17 - soc-utils
[ 2907.671469] # Subtest: sysctl_test
[ 2907.671478] 1..10
[ 2907.674344] ok 1 - sysctl_test_api_dointvec_null_tbl_data
[ 2907.677378] ok 2 - sysctl_test_api_dointvec_table_maxlen_unset
[ 2907.681329] ok 3 - sysctl_test_api_dointvec_table_len_is_zero
[ 2907.683355] ok 4 - sysctl_test_api_dointvec_table_read_but_position_set
[ 2907.688357] ok 5 - sysctl_test_dointvec_read_happy_single_positive
[ 2907.690376] ok 6 - sysctl_test_dointvec_read_happy_single_negative
[ 2907.695418] ok 7 - sysctl_test_dointvec_write_happy_single_positive
[ 2907.697537] ok 8 - sysctl_test_dointvec_write_happy_single_negative
[ 2907.701417] ok 9 - sysctl_test_api_dointvec_write_single_less_int_min
[ 2907.703418] ok 10 - sysctl_test_api_dointvec_write_single_greater_int_max
[ 2907.704084] ok 18 - sysctl_test
[ 2907.930924] # Subtest: bits-test
[ 2907.930932] 1..3
[ 2907.935462] ok 1 - genmask_test
[ 2907.937298] ok 2 - genmask_ull_test
[ 2907.940395] ok 3 - genmask_input_check_test
[ 2907.940828] ok 19 - bits-test
[ 2908.966030] # Subtest: kasan
[ 2908.966039] 1..55
[ 2908.971326] ==================================================================
[ 2908.972271] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x4ed/0x510 [test_kasan]
[ 2908.973086] Write of size 1 at addr ffff888106262e73 by task kunit_try_catch/117519
[ 2908.973804]
[ 2908.973973] CPU: 0 PID: 117519 Comm: kunit_try_catch Kdump: loaded Not tainted 5.14.0-243.1944_756456474.el9.x86_64+debug #1
[ 2908.975052] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2908.975600] Call Trace:
[ 2908.975858]
[ 2908.976075] ? kmalloc_oob_right+0x4ed/0x510 [test_kasan]
[ 2908.976613] dump_stack_lvl+0x57/0x81
[ 2908.977067] print_address_description.constprop.0+0x1f/0x1e0
[ 2908.977651] ? kmalloc_oob_right+0x4ed/0x510 [test_kasan]
[ 2908.978160] print_report.cold+0x5c/0x237
[ 2908.978593] kasan_report+0xc9/0x100
[ 2908.978963] ? kmalloc_oob_right+0x4ed/0x510 [test_kasan]
[ 2908.979477] kmalloc_oob_right+0x4ed/0x510 [test_kasan]
[ 2908.979971] ? kmalloc_oob_left+0x2e0/0x2e0 [test_kasan]
[ 2908.980498] ? lockdep_hardirqs_on_prepare.part.0+0x18c/0x370
[ 2908.981085] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2908.981634] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2908.982132] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2908.982602] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2908.983082] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2908.983660] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2908.984146] kthread+0x2a7/0x350
[ 2908.984501] ? kthread_complete_and_exit+0x20/0x20
[ 2908.984983] ret_from_fork+0x22/0x30
[ 2908.985352]
[ 2908.991205]
[ 2908.991395] Allocated by task 117519:
[ 2908.991788] kasan_save_stack+0x1e/0x40
[ 2908.992158] __kasan_kmalloc+0x81/0xa0
[ 2908.992521] kmalloc_oob_right+0x98/0x510 [test_kasan]
[ 2908.993036] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2908.993511] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2908.994086] kthread+0x2a7/0x350
[ 2908.994426] ret_from_fork+0x22/0x30
[ 2908.994795]
[ 2908.994957] Last potentially related work creation:
[ 2908.995437] kasan_save_stack+0x1e/0x40
[ 2908.995827] __kasan_record_aux_stack+0x96/0xb0
[ 2908.996258] insert_work+0x47/0x310
[ 2908.996606] __queue_work+0x4dd/0xd60
[ 2908.996961] rcu_work_rcufn+0x42/0x70
[ 2908.997314] rcu_do_batch+0x3c5/0xdc0
[ 2908.997800] rcu_core+0x3de/0x5a0
[ 2908.998142] __do_softirq+0x2d3/0x9a8
[ 2908.998524]
[ 2908.998687] Second to last potentially related work creation:
[ 2908.999230] kasan_save_stack+0x1e/0x40
[ 2908.999630] __kasan_record_aux_stack+0x96/0xb0
[ 2909.000081] call_rcu+0xee/0x890
[ 2909.000403] queue_rcu_work+0x5a/0x70
[ 2909.000757] writeback_sb_inodes+0x373/0xd00
[ 2909.001184] wb_writeback+0x25a/0xa10
[ 2909.001564] wb_do_writeback+0x1dd/0x8a0
[ 2909.001963] wb_workfn+0x12c/0x670
[ 2909.002295] process_one_work+0x8e5/0x1520
[ 2909.002689] worker_thread+0x59e/0xf90
[ 2909.003049] kthread+0x2a7/0x350
[ 2909.003364] ret_from_fork+0x22/0x30
[ 2909.003746]
[ 2909.003922] The buggy address belongs to the object at ffff888106262e00
[ 2909.003922] which belongs to the cache kmalloc-128 of size 128
[ 2909.005121] The buggy address is located 115 bytes inside of
[ 2909.005121] 128-byte region [ffff888106262e00, ffff888106262e80)
[ 2909.006193]
[ 2909.006356] The buggy address belongs to the physical page:
[ 2909.006879] page:0000000029c61353 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106262
[ 2909.007873] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff)
[ 2909.008566] raw: 0017ffffc0000200 ffffea00003b7440 dead000000000003 ffff8881000418c0
[ 2909.009279] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[ 2909.009993] page dumped because: kasan: bad access detected
[ 2909.010516]
[ 2909.010679] Memory state around the buggy address:
[ 2909.011136] ffff888106262d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc
[ 2909.011855] ffff888106262d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2909.012529] >ffff888106262e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[ 2909.013198] ^
[ 2909.013837] ffff888106262e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2909.014511] ffff888106262f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc
[ 2909.015180] ==================================================================
[ 2909.016042] Disabling lock debugging due to kernel taint
[ 2909.016595] ==================================================================
[ 2909.017270] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x4e3/0x510 [test_kasan]
[ 2909.018021] Write of size 1 at addr ffff888106262e78 by task kunit_try_catch/117519
[ 2909.018734]
[ 2909.018898] CPU: 0 PID: 117519 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-243.1944_756456474.el9.x86_64+debug #1
[ 2909.020245] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2909.020843] Call Trace:
[ 2909.021110]
[ 2909.021340] ? kmalloc_oob_right+0x4e3/0x510 [test_kasan]
[ 2909.021873] dump_stack_lvl+0x57/0x81
[ 2909.022253] print_address_description.constprop.0+0x1f/0x1e0
[ 2909.022866] ? kmalloc_oob_right+0x4e3/0x510 [test_kasan]
[ 2909.023417] print_report.cold+0x5c/0x237
[ 2909.023845] kasan_report+0xc9/0x100
[ 2909.024281] ? kmalloc_oob_right+0x4e3/0x510 [test_kasan]
[ 2909.025023] kmalloc_oob_right+0x4e3/0x510 [test_kasan]
[ 2909.025570] ? kmalloc_oob_left+0x2e0/0x2e0 [test_kasan]
[ 2909.026125] ? lockdep_hardirqs_on_prepare.part.0+0x18c/0x370
[ 2909.026750] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2909.027329] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2909.028032] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2909.028521] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2909.029028] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2909.029604] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2909.030088] kthread+0x2a7/0x350
[ 2909.030426] ? kthread_complete_and_exit+0x20/0x20
[ 2909.030906] ret_from_fork+0x22/0x30
[ 2909.031258]
[ 2909.031504]
[ 2909.031672] Allocated by task 117519:
[ 2909.032041] kasan_save_stack+0x1e/0x40
[ 2909.032420] __kasan_kmalloc+0x81/0xa0
[ 2909.032798] kmalloc_oob_right+0x98/0x510 [test_kasan]
[ 2909.033481] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2909.034039] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2909.034770] kthread+0x2a7/0x350
[ 2909.035127] ret_from_fork+0x22/0x30
[ 2909.035544]
[ 2909.035732] Last potentially related work creation:
[ 2909.036229] kasan_save_stack+0x1e/0x40
[ 2909.036639] __kasan_record_aux_stack+0x96/0xb0
[ 2909.037088] insert_work+0x47/0x310
[ 2909.037450] __queue_work+0x4dd/0xd60
[ 2909.037848] rcu_work_rcufn+0x42/0x70
[ 2909.038240] rcu_do_batch+0x3c5/0xdc0
[ 2909.038647] rcu_core+0x3de/0x5a0
[ 2909.038987] __do_softirq+0x2d3/0x9a8
[ 2909.039339]
[ 2909.039524] Second to last potentially related work creation:
[ 2909.040084] kasan_save_stack+0x1e/0x40
[ 2909.040475] __kasan_record_aux_stack+0x96/0xb0
[ 2909.040929] call_rcu+0xee/0x890
[ 2909.041245] queue_rcu_work+0x5a/0x70
[ 2909.041603] writeback_sb_inodes+0x373/0xd00
[ 2909.042015] wb_writeback+0x25a/0xa10
[ 2909.042371] wb_do_writeback+0x1dd/0x8a0
[ 2909.042754] wb_workfn+0x12c/0x670
[ 2909.043087] process_one_work+0x8e5/0x1520
[ 2909.043501] worker_thread+0x59e/0xf90
[ 2909.043884] kthread+0x2a7/0x350
[ 2909.044201] ret_from_fork+0x22/0x30
[ 2909.044553]
[ 2909.044714] The buggy address belongs to the object at ffff888106262e00
[ 2909.044714] which belongs to the cache kmalloc-128 of size 128
[ 2909.045850] The buggy address is located 120 bytes inside of
[ 2909.045850] 128-byte region [ffff888106262e00, ffff888106262e80)
[ 2909.046922]
[ 2909.047084] The buggy address belongs to the physical page:
[ 2909.047629] page:0000000029c61353 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106262
[ 2909.048513] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff)
[ 2909.049156] raw: 0017ffffc0000200 ffffea00003b7440 dead000000000003 ffff8881000418c0
[ 2909.049884] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[ 2909.050624] page dumped because: kasan: bad access detected
[ 2909.051165]
[ 2909.051327] Memory state around the buggy address:
[ 2909.051826] ffff888106262d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc
[ 2909.052503] ffff888106262d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2909.053174] >ffff888106262e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[ 2909.053846] ^
[ 2909.054513] ffff888106262e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2909.055184] ffff888106262f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc
[ 2909.055915] ==================================================================
[ 2909.056693] ==================================================================
[ 2909.057395] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x4d9/0x510 [test_kasan]
[ 2909.058256] Read of size 1 at addr ffff888106262e80 by task kunit_try_catch/117519
[ 2909.058968]
[ 2909.059132] CPU: 0 PID: 117519 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-243.1944_756456474.el9.x86_64+debug #1
[ 2909.060437] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2909.060981] Call Trace:
[ 2909.061226]
[ 2909.061447] ? kmalloc_oob_right+0x4d9/0x510 [test_kasan]
[ 2909.061957] dump_stack_lvl+0x57/0x81
[ 2909.062314] print_address_description.constprop.0+0x1f/0x1e0
[ 2909.062861] ? kmalloc_oob_right+0x4d9/0x510 [test_kasan]
[ 2909.063401] print_report.cold+0x5c/0x237
[ 2909.063816] kasan_report+0xc9/0x100
[ 2909.064166] ? kmalloc_oob_right+0x4d9/0x510 [test_kasan]
[ 2909.064708] kmalloc_oob_right+0x4d9/0x510 [test_kasan]
[ 2909.065234] ? kmalloc_oob_left+0x2e0/0x2e0 [test_kasan]
[ 2909.065755] ? lockdep_hardirqs_on_prepare.part.0+0x18c/0x370
[ 2909.066304] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2909.066834] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2909.067316] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2909.067830] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2909.068311] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2909.068890] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2909.069383] kthread+0x2a7/0x350
[ 2909.069703] ? kthread_complete_and_exit+0x20/0x20
[ 2909.070163] ret_from_fork+0x22/0x30
[ 2909.070522]
[ 2909.070746]
[ 2909.070907] Allocated by task 117519:
[ 2909.071259] kasan_save_stack+0x1e/0x40
[ 2909.071659] __kasan_kmalloc+0x81/0xa0
[ 2909.072038] kmalloc_oob_right+0x98/0x510 [test_kasan]
[ 2909.072532] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2909.073002] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2909.073582] kthread+0x2a7/0x350
[ 2909.073902] ret_from_fork+0x22/0x30
[ 2909.074250]
[ 2909.074419] Last potentially related work creation:
[ 2909.074882] kasan_save_stack+0x1e/0x40
[ 2909.075253] __kasan_record_aux_stack+0x96/0xb0
[ 2909.075718] insert_work+0x47/0x310
[ 2909.076073] __queue_work+0x4dd/0xd60
[ 2909.076442] rcu_work_rcufn+0x42/0x70
[ 2909.076798] rcu_do_batch+0x3c5/0xdc0
[ 2909.077168] rcu_core+0x3de/0x5a0
[ 2909.077500] __do_softirq+0x2d3/0x9a8
[ 2909.077853]
[ 2909.078016] Second to last potentially related work creation:
[ 2909.078579] kasan_save_stack+0x1e/0x40
[ 2909.078995] __kasan_record_aux_stack+0x96/0xb0
[ 2909.079468] call_rcu+0xee/0x890
[ 2909.079811] queue_rcu_work+0x5a/0x70
[ 2909.080164] writeback_sb_inodes+0x373/0xd00
[ 2909.080603] wb_writeback+0x25a/0xa10
[ 2909.080982] wb_do_writeback+0x1dd/0x8a0
[ 2909.081362] wb_workfn+0x12c/0x670
[ 2909.081701] process_one_work+0x8e5/0x1520
[ 2909.082094] worker_thread+0x59e/0xf90
[ 2909.082462] kthread+0x2a7/0x350
[ 2909.082782] ret_from_fork+0x22/0x30
[ 2909.083131]
[ 2909.083293] The buggy address belongs to the object at ffff888106262e00
[ 2909.083293] which belongs to the cache kmalloc-128 of size 128
[ 2909.084500] The buggy address is located 0 bytes to the right of
[ 2909.084500] 128-byte region [ffff888106262e00, ffff888106262e80)
[ 2909.085634]
[ 2909.085783] The buggy address belongs to the physical page:
[ 2909.086322] page:0000000029c61353 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106262
[ 2909.087191] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff)
[ 2909.088039] raw: 0017ffffc0000200 ffffea00003b7440 dead000000000003 ffff8881000418c0
[ 2909.088805] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[ 2909.089525] page dumped because: kasan: bad access detected
[ 2909.090066]
[ 2909.090234] Memory state around the buggy address:
[ 2909.090709] ffff888106262d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2909.091401] ffff888106262e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[ 2909.092101] >ffff888106262e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2909.092778] ^
[ 2909.093095] ffff888106262f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc
[ 2909.093771] ffff888106262f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2909.094463] ==================================================================
[ 2909.095592] ok 1 - kmalloc_oob_right
[ 2909.097323] ==================================================================
[ 2909.098455] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x2bf/0x2e0 [test_kasan]
[ 2909.099201] Read of size 1 at addr ffff88808f8fe8ff by task kunit_try_catch/117520
[ 2909.099907]
[ 2909.100071] CPU: 0 PID: 117520 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-243.1944_756456474.el9.x86_64+debug #1
[ 2909.101332] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2909.101918] Call Trace:
[ 2909.102164]
[ 2909.102383] ? kmalloc_oob_left+0x2bf/0x2e0 [test_kasan]
[ 2909.102887] dump_stack_lvl+0x57/0x81
[ 2909.103243] print_address_description.constprop.0+0x1f/0x1e0
[ 2909.103815] ? kmalloc_oob_left+0x2bf/0x2e0 [test_kasan]
[ 2909.104314] print_report.cold+0x5c/0x237
[ 2909.104705] kasan_report+0xc9/0x100
[ 2909.105052] ? kmalloc_oob_left+0x2bf/0x2e0 [test_kasan]
[ 2909.105585] kmalloc_oob_left+0x2bf/0x2e0 [test_kasan]
[ 2909.106098] ? kmalloc_pagealloc_oob_right+0x290/0x290 [test_kasan]
[ 2909.106728] ? do_raw_spin_trylock+0xb5/0x180
[ 2909.107151] ? do_raw_spin_lock+0x270/0x270
[ 2909.107580] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2909.108125] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2909.108613] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2909.109081] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2909.109587] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2909.110181] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2909.110701] kthread+0x2a7/0x350
[ 2909.111038] ? kthread_complete_and_exit+0x20/0x20
[ 2909.111502] ret_from_fork+0x22/0x30
[ 2909.111855]
[ 2909.112076]
[ 2909.112238] Allocated by task 0:
[ 2909.112556] (stack is not available)
[ 2909.112900]
[ 2909.113061] The buggy address belongs to the object at ffff88808f8fe8e0
[ 2909.113061] which belongs to the cache kmalloc-16 of size 16
[ 2909.114228] The buggy address is located 15 bytes to the right of
[ 2909.114228] 16-byte region [ffff88808f8fe8e0, ffff88808f8fe8f0)
[ 2909.115330]
[ 2909.115497] The buggy address belongs to the physical page:
[ 2909.116017] page:000000005df17624 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8f8fe
[ 2909.116875] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2909.117632] raw: 000fffffc0000200 ffffea0002417140 dead000000000002 ffff8881000413c0
[ 2909.118396] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000
[ 2909.119108] page dumped because: kasan: bad access detected
[ 2909.119629]
[ 2909.119792] Memory state around the buggy address:
[ 2909.120242] ffff88808f8fe780: fa fb fc fc 00 00 fc fc fb fb fc fc 00 00 fc fc
[ 2909.120916] ffff88808f8fe800: fa fb fc fc fb fb fc fc fb fb fc fc fa fb fc fc
[ 2909.121616] >ffff88808f8fe880: fb fb fc fc fb fb fc fc 00 00 fc fc 00 00 fc fc
[ 2909.122307] ^
[ 2909.122973] ffff88808f8fe900: 00 07 fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[ 2909.123675] ffff88808f8fe980: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[ 2909.124370] ==================================================================
[ 2909.125153] ok 2 - kmalloc_oob_left
[ 2909.127242] ==================================================================
[ 2909.128362] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x2bf/0x2e0 [test_kasan]
[ 2909.129193] Read of size 1 at addr ffff8880a209b000 by task kunit_try_catch/117521
[ 2909.129915]
[ 2909.130080] CPU: 0 PID: 117521 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-243.1944_756456474.el9.x86_64+debug #1
[ 2909.131360] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2909.131905] Call Trace:
[ 2909.132151]
[ 2909.132372] ? kmalloc_node_oob_right+0x2bf/0x2e0 [test_kasan]
[ 2909.132930] dump_stack_lvl+0x57/0x81
[ 2909.133289] print_address_description.constprop.0+0x1f/0x1e0
[ 2909.133883] ? kmalloc_node_oob_right+0x2bf/0x2e0 [test_kasan]
[ 2909.134464] print_report.cold+0x5c/0x237
[ 2909.134879] kasan_report+0xc9/0x100
[ 2909.135229] ? kmalloc_node_oob_right+0x2bf/0x2e0 [test_kasan]
[ 2909.135832] kmalloc_node_oob_right+0x2bf/0x2e0 [test_kasan]
[ 2909.136378] ? pagealloc_uaf+0x2f0/0x2f0 [test_kasan]
[ 2909.136860] ? do_raw_spin_trylock+0xb5/0x180
[ 2909.137283] ? do_raw_spin_lock+0x270/0x270
[ 2909.137717] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2909.138276] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2909.138793] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2909.139263] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2909.139751] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2909.140326] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2909.140865] kthread+0x2a7/0x350
[ 2909.141185] ? kthread_complete_and_exit+0x20/0x20
[ 2909.141676] ret_from_fork+0x22/0x30
[ 2909.142047]
[ 2909.142270]
[ 2909.142440] Allocated by task 117521:
[ 2909.142792] kasan_save_stack+0x1e/0x40
[ 2909.143164] __kasan_kmalloc+0x81/0xa0
[ 2909.143530] kmalloc_node_oob_right+0x9a/0x2e0 [test_kasan]
[ 2909.144052] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2909.144522] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2909.145095] kthread+0x2a7/0x350
[ 2909.145433] ret_from_fork+0x22/0x30
[ 2909.145808]
[ 2909.145970] The buggy address belongs to the object at ffff8880a209a000
[ 2909.145970] which belongs to the cache kmalloc-4k of size 4096
[ 2909.147110] The buggy address is located 0 bytes to the right of
[ 2909.147110] 4096-byte region [ffff8880a209a000, ffff8880a209b000)
[ 2909.148362]
[ 2909.148534] The buggy address belongs to the physical page:
[ 2909.149057] page:00000000c99ffa40 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xa2098
[ 2909.149959] head:00000000c99ffa40 order:3 compound_mapcount:0 compound_pincount:0
[ 2909.150658] flags: 0xfffffc0010200(slab|head|node=0|zone=1|lastcpupid=0x1fffff)
[ 2909.151344] raw: 000fffffc0010200 ffffea0002847800 dead000000000002 ffff888100042140
[ 2909.152066] raw: 0000000000000000 0000000080040004 00000001ffffffff 0000000000000000
[ 2909.152790] page dumped because: kasan: bad access detected
[ 2909.153308]
[ 2909.153495] Memory state around the buggy address:
[ 2909.153973] ffff8880a209af00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2909.154700] ffff8880a209af80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2909.155396] >ffff8880a209b000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2909.156071] ^
[ 2909.156394] ffff8880a209b080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2909.157067] ffff8880a209b100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2909.157787] ==================================================================
[ 2909.158644] ok 3 - kmalloc_node_oob_right
[ 2909.160227] ==================================================================
[ 2909.161359] BUG: KASAN: slab-out-of-bounds in kmalloc_pagealloc_oob_right+0x27b/0x290 [test_kasan]
[ 2909.162205] Write of size 1 at addr ffff8880156a600a by task kunit_try_catch/117522
[ 2909.162986]
[ 2909.163171] CPU: 0 PID: 117522 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-243.1944_756456474.el9.x86_64+debug #1
[ 2909.164487] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2909.165033] Call Trace:
[ 2909.165279]
[ 2909.165501] ? kmalloc_pagealloc_oob_right+0x27b/0x290 [test_kasan]
[ 2909.166092] dump_stack_lvl+0x57/0x81
[ 2909.166474] print_address_description.constprop.0+0x1f/0x1e0
[ 2909.167047] ? kmalloc_pagealloc_oob_right+0x27b/0x290 [test_kasan]
[ 2909.167639] print_report.cold+0x5c/0x237
[ 2909.168027] kasan_report+0xc9/0x100
[ 2909.168385] ? kmalloc_pagealloc_oob_right+0x27b/0x290 [test_kasan]
[ 2909.168975] kmalloc_pagealloc_oob_right+0x27b/0x290 [test_kasan]
[ 2909.169556] ? kmalloc_pagealloc_uaf+0x280/0x280 [test_kasan]
[ 2909.170122] ? do_raw_spin_trylock+0xb5/0x180
[ 2909.170659] ? do_raw_spin_lock+0x270/0x270
[ 2909.171103] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2909.171638] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2909.172125] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2909.172604] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2909.173088] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2909.173672] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2909.174161] kthread+0x2a7/0x350
[ 2909.174504] ? kthread_complete_and_exit+0x20/0x20
[ 2909.174986] ret_from_fork+0x22/0x30
[ 2909.175343]
[ 2909.175570]
[ 2909.175734] The buggy address belongs to the physical page:
[ 2909.176259] page:0000000025eacbed refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x156a4
[ 2909.177117] head:0000000025eacbed order:2 compound_mapcount:0 compound_pincount:0
[ 2909.177989] flags: 0xfffffc0010000(head|node=0|zone=1|lastcpupid=0x1fffff)
[ 2909.178689] raw: 000fffffc0010000 0000000000000000 dead000000000122 0000000000000000
[ 2909.179469] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[ 2909.180187] page dumped because: kasan: bad access detected
[ 2909.180713]
[ 2909.180877] Memory state around the buggy address:
[ 2909.181350] ffff8880156a5f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2909.182255] ffff8880156a5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2909.183038] >ffff8880156a6000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[ 2909.183778] ^
[ 2909.184119] ffff8880156a6080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[ 2909.184880] ffff8880156a6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[ 2909.185590] ==================================================================
[ 2909.188665] ok 4 - kmalloc_pagealloc_oob_right
[ 2909.190276] ==================================================================
[ 2909.191511] BUG: KASAN: use-after-free in kmalloc_pagealloc_uaf+0x26b/0x280 [test_kasan]
[ 2909.192280] Read of size 1 at addr ffff8880156a4000 by task kunit_try_catch/117523
[ 2909.192985]
[ 2909.193149] CPU: 0 PID: 117523 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-243.1944_756456474.el9.x86_64+debug #1
[ 2909.194468] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2909.195028] Call Trace:
[ 2909.195274]
[ 2909.195496] ? kmalloc_pagealloc_uaf+0x26b/0x280 [test_kasan]
[ 2909.196039] dump_stack_lvl+0x57/0x81
[ 2909.196421] print_address_description.constprop.0+0x1f/0x1e0
[ 2909.196988] ? kmalloc_pagealloc_uaf+0x26b/0x280 [test_kasan]
[ 2909.197536] print_report.cold+0x5c/0x237
[ 2909.197922] kasan_report+0xc9/0x100
[ 2909.198271] ? kmalloc_pagealloc_uaf+0x26b/0x280 [test_kasan]
[ 2909.198863] kmalloc_pagealloc_uaf+0x26b/0x280 [test_kasan]
[ 2909.199392] ? kmalloc_pagealloc_invalid_free+0x250/0x250 [test_kasan]
[ 2909.199998] ? do_raw_spin_trylock+0xb5/0x180
[ 2909.200443] ? do_raw_spin_lock+0x270/0x270
[ 2909.200874] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2909.201404] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2909.201887] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2909.202352] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2909.202841] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2909.203438] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2909.203959] kthread+0x2a7/0x350
[ 2909.204280] ? kthread_complete_and_exit+0x20/0x20
[ 2909.204744] ret_from_fork+0x22/0x30
[ 2909.205095]
[ 2909.205317]
[ 2909.205486] The buggy address belongs to the physical page:
[ 2909.206001] page:0000000025eacbed refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x156a4
[ 2909.206856] flags: 0xfffffc0000000(node=0|zone=1|lastcpupid=0x1fffff)
[ 2909.207574] raw: 000fffffc0000000 ffffea000247fe08 ffff88810c200270 0000000000000000
[ 2909.208344] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[ 2909.209060] page dumped because: kasan: bad access detected
[ 2909.209581]
[ 2909.209743] Memory state around the buggy address:
[ 2909.210194] ffff8880156a3f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 2909.210888] ffff8880156a3f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 2909.211588] >ffff8880156a4000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 2909.212273] ^
[ 2909.212595] ffff8880156a4080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 2909.213268] ffff8880156a4100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 2909.213942] ==================================================================
[ 2909.214713] ok 5 - kmalloc_pagealloc_uaf
[ 2909.216265] ==================================================================
[ 2909.217398] BUG: KASAN: double-free or invalid-free in kmalloc_pagealloc_invalid_free+0x191/0x250 [test_kasan]
[ 2909.218327]
[ 2909.218516] CPU: 0 PID: 117524 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-243.1944_756456474.el9.x86_64+debug #1
[ 2909.219835] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2909.220377] Call Trace:
[ 2909.220622]
[ 2909.220840] dump_stack_lvl+0x57/0x81
[ 2909.221197] print_address_description.constprop.0+0x1f/0x1e0
[ 2909.221746] print_report.cold+0x5c/0x237
[ 2909.222131] ? kmalloc_pagealloc_invalid_free+0x191/0x250 [test_kasan]
[ 2909.222787] ? kmalloc_pagealloc_invalid_free+0x191/0x250 [test_kasan]
[ 2909.223442] kasan_report_invalid_free+0x99/0xc0
[ 2909.223959] ? kmalloc_pagealloc_invalid_free+0x191/0x250 [test_kasan]
[ 2909.224813] kfree+0x2ab/0x3c0
[ 2909.225157] kmalloc_pagealloc_invalid_free+0x191/0x250 [test_kasan]
[ 2909.225852] ? kmalloc_large_oob_right+0x2b0/0x2b0 [test_kasan]
[ 2909.226499] ? do_raw_spin_trylock+0xb5/0x180
[ 2909.226979] ? do_raw_spin_lock+0x270/0x270
[ 2909.227451] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2909.228026] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2909.228535] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2909.229020] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2909.229537] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2909.230128] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2909.230673] kthread+0x2a7/0x350
[ 2909.231029] ? kthread_complete_and_exit+0x20/0x20
[ 2909.231512] ret_from_fork+0x22/0x30
[ 2909.231891]
[ 2909.232113]
[ 2909.232277] The buggy address belongs to the physical page:
[ 2909.232801] page:0000000025eacbed refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x156a4
[ 2909.233683] head:0000000025eacbed order:2 compound_mapcount:0 compound_pincount:0
[ 2909.234396] flags: 0xfffffc0010000(head|node=0|zone=1|lastcpupid=0x1fffff)
[ 2909.235033] raw: 000fffffc0010000 0000000000000000 dead000000000122 0000000000000000
[ 2909.235796] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[ 2909.236515] page dumped because: kasan: bad access detected
[ 2909.237037]
[ 2909.237200] Memory state around the buggy address:
[ 2909.237803] ffff8880156a3f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 2909.238501] ffff8880156a3f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 2909.239216] >ffff8880156a4000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2909.239934] ^
[ 2909.240270] ffff8880156a4080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2909.240972] ffff8880156a4100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2909.241650] ==================================================================
[ 2909.242547] ok 6 - kmalloc_pagealloc_invalid_free
[ 2909.244252] ok 7 - pagealloc_oob_right # SKIP Test requires CONFIG_KASAN_GENERIC=n
[ 2909.246284] ==================================================================
[ 2909.247815] BUG: KASAN: use-after-free in pagealloc_uaf+0x2b5/0x2f0 [test_kasan]
[ 2909.248534] Read of size 1 at addr ffff888004590000 by task kunit_try_catch/117526
[ 2909.249261]
[ 2909.249431] CPU: 0 PID: 117526 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-243.1944_756456474.el9.x86_64+debug #1
[ 2909.250734] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2909.251278] Call Trace:
[ 2909.251528]
[ 2909.251747] ? pagealloc_uaf+0x2b5/0x2f0 [test_kasan]
[ 2909.252229] dump_stack_lvl+0x57/0x81
[ 2909.252616] print_address_description.constprop.0+0x1f/0x1e0
[ 2909.253180] ? pagealloc_uaf+0x2b5/0x2f0 [test_kasan]
[ 2909.253812] print_report.cold+0x5c/0x237
[ 2909.254263] kasan_report+0xc9/0x100
[ 2909.254648] ? pagealloc_uaf+0x2b5/0x2f0 [test_kasan]
[ 2909.255148] pagealloc_uaf+0x2b5/0x2f0 [test_kasan]
[ 2909.255624] ? krealloc_more_oob+0x10/0x10 [test_kasan]
[ 2909.256122] ? do_raw_spin_trylock+0xb5/0x180
[ 2909.256571] ? do_raw_spin_lock+0x270/0x270
[ 2909.256997] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2909.257532] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2909.258015] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2909.258509] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2909.259014] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2909.259598] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2909.260087] kthread+0x2a7/0x350
[ 2909.260445] ? kthread_complete_and_exit+0x20/0x20
[ 2909.260958] ret_from_fork+0x22/0x30
[ 2909.261312]
[ 2909.261538]
[ 2909.261701] The buggy address belongs to the physical page:
[ 2909.262223] page:000000007e8a14ea refcount:0 mapcount:-128 mapping:0000000000000000 index:0x0 pfn:0x4590
[ 2909.263138] flags: 0xfffffc0000000(node=0|zone=1|lastcpupid=0x1fffff)
[ 2909.263746] raw: 000fffffc0000000 ffffea000286e408 ffff88813ffd2aa0 0000000000000000
[ 2909.264489] raw: 0000000000000000 0000000000000004 00000000ffffff7f 0000000000000000
[ 2909.265228] page dumped because: kasan: bad access detected
[ 2909.265754]
[ 2909.265915] Memory state around the buggy address:
[ 2909.266412] ffff88800458ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2909.267112] ffff88800458ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2909.267933] >ffff888004590000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 2909.268637] ^
[ 2909.268973] ffff888004590080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 2909.269651] ffff888004590100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 2909.270323] ==================================================================
[ 2909.271313] ok 8 - pagealloc_uaf
[ 2909.273373] ==================================================================
[ 2909.274598] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x28c/0x2b0 [test_kasan]
[ 2909.275540] Write of size 1 at addr ffff88802f0c1f00 by task kunit_try_catch/117527
[ 2909.276307]
[ 2909.276505] CPU: 0 PID: 117527 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-243.1944_756456474.el9.x86_64+debug #1
[ 2909.277799] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2909.278343] Call Trace:
[ 2909.278616]
[ 2909.278851] ? kmalloc_large_oob_right+0x28c/0x2b0 [test_kasan]
[ 2909.279457] dump_stack_lvl+0x57/0x81
[ 2909.279859] print_address_description.constprop.0+0x1f/0x1e0
[ 2909.280428] ? kmalloc_large_oob_right+0x28c/0x2b0 [test_kasan]
[ 2909.281016] print_report.cold+0x5c/0x237
[ 2909.281407] kasan_report+0xc9/0x100
[ 2909.281907] ? kmalloc_large_oob_right+0x28c/0x2b0 [test_kasan]
[ 2909.282611] kmalloc_large_oob_right+0x28c/0x2b0 [test_kasan]
[ 2909.283200] ? kmalloc_oob_16+0x3b0/0x3b0 [test_kasan]
[ 2909.283792] ? do_raw_spin_trylock+0xb5/0x180
[ 2909.284241] ? do_raw_spin_lock+0x270/0x270
[ 2909.284741] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2909.285290] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2909.285820] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2909.286288] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2909.286815] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2909.287429] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2909.288006] kthread+0x2a7/0x350
[ 2909.288345] ? kthread_complete_and_exit+0x20/0x20
[ 2909.288912] ret_from_fork+0x22/0x30
[ 2909.289301]
[ 2909.289559]
[ 2909.289748] Allocated by task 117527:
[ 2909.290111] kasan_save_stack+0x1e/0x40
[ 2909.290541] __kasan_kmalloc+0x81/0xa0
[ 2909.290959] kmalloc_large_oob_right+0x98/0x2b0 [test_kasan]
[ 2909.291552] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2909.292036] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2909.292638] kthread+0x2a7/0x350
[ 2909.292974] ret_from_fork+0x22/0x30
[ 2909.293323]
[ 2909.293512] The buggy address belongs to the object at ffff88802f0c0000
[ 2909.293512] which belongs to the cache kmalloc-8k of size 8192
[ 2909.294649] The buggy address is located 7936 bytes inside of
[ 2909.294649] 8192-byte region [ffff88802f0c0000, ffff88802f0c2000)
[ 2909.295816]
[ 2909.295981] The buggy address belongs to the physical page:
[ 2909.296527] page:00000000003b5a50 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2f0c0
[ 2909.297430] head:00000000003b5a50 order:3 compound_mapcount:0 compound_pincount:0
[ 2909.298254] flags: 0xfffffc0010200(slab|head|node=0|zone=1|lastcpupid=0x1fffff)
[ 2909.298966] raw: 000fffffc0010200 ffffea00027cde00 dead000000000004 ffff888100042280
[ 2909.299750] raw: 0000000000000000 0000000080020002 00000001ffffffff 0000000000000000
[ 2909.300488] page dumped because: kasan: bad access detected
[ 2909.301029]
[ 2909.301192] Memory state around the buggy address:
[ 2909.301652] ffff88802f0c1e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2909.302325] ffff88802f0c1e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2909.303044] >ffff88802f0c1f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2909.303760] ^
[ 2909.304078] ffff88802f0c1f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2909.304809] ffff88802f0c2000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2909.305499] ==================================================================
[ 2909.306439] ok 9 - kmalloc_large_oob_right
[ 2909.308237] ==================================================================
[ 2909.309412] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c3/0x610 [test_kasan]
[ 2909.310220] Write of size 1 at addr ffff88801723a8eb by task kunit_try_catch/117528
[ 2909.310970]
[ 2909.311134] CPU: 0 PID: 117528 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-243.1944_756456474.el9.x86_64+debug #1
[ 2909.312414] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2909.312978] Call Trace:
[ 2909.313222]
[ 2909.313441] ? krealloc_more_oob_helper+0x5c3/0x610 [test_kasan]
[ 2909.314005] dump_stack_lvl+0x57/0x81
[ 2909.314366] print_address_description.constprop.0+0x1f/0x1e0
[ 2909.314911] ? krealloc_more_oob_helper+0x5c3/0x610 [test_kasan]
[ 2909.315480] print_report.cold+0x5c/0x237
[ 2909.315866] kasan_report+0xc9/0x100
[ 2909.316215] ? krealloc_more_oob_helper+0x5c3/0x610 [test_kasan]
[ 2909.316826] krealloc_more_oob_helper+0x5c3/0x610 [test_kasan]
[ 2909.317386] ? krealloc_less_oob+0x10/0x10 [test_kasan]
[ 2909.317878] ? rcu_read_lock_sched_held+0x12/0x80
[ 2909.318337] ? rcu_read_lock_sched_held+0x12/0x80
[ 2909.318789] ? lock_acquire+0x4ea/0x620
[ 2909.319159] ? rcu_read_unlock+0x40/0x40
[ 2909.319567] ? rcu_read_unlock+0x40/0x40
[ 2909.319957] ? rcu_read_lock_sched_held+0x12/0x80
[ 2909.320430] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2909.321007] ? do_raw_spin_lock+0x270/0x270
[ 2909.321412] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit]
[ 2909.322004] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 2909.322481] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2909.322962] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2909.323432] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2909.323939] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2909.324759] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2909.325334] kthread+0x2a7/0x350
[ 2909.325722] ? kthread_complete_and_exit+0x20/0x20
[ 2909.326201] ret_from_fork+0x22/0x30
[ 2909.326626]
[ 2909.326880]
[ 2909.327062] Allocated by task 117528:
[ 2909.327562] kasan_save_stack+0x1e/0x40
[ 2909.328007] __kasan_krealloc+0xee/0x160
[ 2909.328406] krealloc+0x50/0xe0
[ 2909.328752] krealloc_more_oob_helper+0x1d5/0x610 [test_kasan]
[ 2909.329302] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2909.329837] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2909.330448] kthread+0x2a7/0x350
[ 2909.330810] ret_from_fork+0x22/0x30
[ 2909.331154]
[ 2909.331315] Last potentially related work creation:
[ 2909.331821] kasan_save_stack+0x1e/0x40
[ 2909.332190] __kasan_record_aux_stack+0x96/0xb0
[ 2909.332650] kvfree_call_rcu+0x7d/0x840
[ 2909.333041] dma_resv_reserve_fences+0x35d/0x680
[ 2909.333567] ttm_eu_reserve_buffers+0x42c/0x1070 [ttm]
[ 2909.334129] qxl_release_reserve_list+0xe5/0x320 [qxl]
[ 2909.334665] qxl_draw_dirty_fb+0x40e/0x1c70 [qxl]
[ 2909.335136] qxl_framebuffer_surface_dirty+0x307/0x610 [qxl]
[ 2909.335677] drm_fb_helper_damage_work+0x537/0x8c0 [drm_kms_helper]
[ 2909.336416] process_one_work+0x8e5/0x1520
[ 2909.336855] worker_thread+0x59e/0xf90
[ 2909.337213] kthread+0x2a7/0x350
[ 2909.337554] ret_from_fork+0x22/0x30
[ 2909.337922]
[ 2909.338084] Second to last potentially related work creation:
[ 2909.338634] kasan_save_stack+0x1e/0x40
[ 2909.339021] __kasan_record_aux_stack+0x96/0xb0
[ 2909.339478] kvfree_call_rcu+0x7d/0x840
[ 2909.339855] dma_resv_list_free.part.0+0xd4/0x130
[ 2909.340300] dma_resv_fini+0x38/0x50
[ 2909.340676] drm_gem_object_release+0x73/0x100 [drm]
[ 2909.341311] qxl_ttm_bo_destroy+0x17f/0x200 [qxl]
[ 2909.341807] ttm_bo_release+0x68b/0xbc0 [ttm]
[ 2909.342231] ttm_bo_delayed_delete+0x312/0x550 [ttm]
[ 2909.342709] ttm_device_delayed_workqueue+0x18/0x70 [ttm]
[ 2909.343233] process_one_work+0x8e5/0x1520
[ 2909.343629] worker_thread+0x59e/0xf90
[ 2909.343989] kthread+0x2a7/0x350
[ 2909.344304] ret_from_fork+0x22/0x30
[ 2909.344681]
[ 2909.344860] The buggy address belongs to the object at ffff88801723a800
[ 2909.344860] which belongs to the cache kmalloc-256 of size 256
[ 2909.346032] The buggy address is located 235 bytes inside of
[ 2909.346032] 256-byte region [ffff88801723a800, ffff88801723a900)
[ 2909.347104]
[ 2909.347267] The buggy address belongs to the physical page:
[ 2909.347788] page:00000000a4a3ea57 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1723a
[ 2909.348666] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2909.349321] raw: 000fffffc0000200 ffffea0000562e40 dead000000000003 ffff888100041b40
[ 2909.350076] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000
[ 2909.350824] page dumped because: kasan: bad access detected
[ 2909.351356]
[ 2909.351523] Memory state around the buggy address:
[ 2909.351975] ffff88801723a780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2909.352672] ffff88801723a800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2909.353357] >ffff88801723a880: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[ 2909.354066] ^
[ 2909.354681] ffff88801723a900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2909.355345] ffff88801723a980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2909.356012] ==================================================================
[ 2909.356882] ==================================================================
[ 2909.357719] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5b6/0x610 [test_kasan]
[ 2909.358570] Write of size 1 at addr ffff88801723a8f0 by task kunit_try_catch/117528
[ 2909.359322]
[ 2909.359516] CPU: 0 PID: 117528 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-243.1944_756456474.el9.x86_64+debug #1
[ 2909.360853] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2909.361419] Call Trace:
[ 2909.361672]
[ 2909.361902] ? krealloc_more_oob_helper+0x5b6/0x610 [test_kasan]
[ 2909.362488] dump_stack_lvl+0x57/0x81
[ 2909.362845] print_address_description.constprop.0+0x1f/0x1e0
[ 2909.363396] ? krealloc_more_oob_helper+0x5b6/0x610 [test_kasan]
[ 2909.363961] print_report.cold+0x5c/0x237
[ 2909.364347] kasan_report+0xc9/0x100
[ 2909.364727] ? krealloc_more_oob_helper+0x5b6/0x610 [test_kasan]
[ 2909.365320] krealloc_more_oob_helper+0x5b6/0x610 [test_kasan]
[ 2909.365918] ? krealloc_less_oob+0x10/0x10 [test_kasan]
[ 2909.366416] ? rcu_read_lock_sched_held+0x12/0x80
[ 2909.366870] ? rcu_read_lock_sched_held+0x12/0x80
[ 2909.367318] ? lock_acquire+0x4ea/0x620
[ 2909.367693] ? rcu_read_unlock+0x40/0x40
[ 2909.368078] ? rcu_read_unlock+0x40/0x40
[ 2909.368458] ? rcu_read_lock_sched_held+0x12/0x80
[ 2909.368930] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2909.369479] ? do_raw_spin_lock+0x270/0x270
[ 2909.369906] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit]
[ 2909.370485] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 2909.370960] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2909.371447] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2909.371913] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2909.372396] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2909.372968] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2909.373477] kthread+0x2a7/0x350
[ 2909.373822] ? kthread_complete_and_exit+0x20/0x20
[ 2909.374279] ret_from_fork+0x22/0x30
[ 2909.374636]
[ 2909.374857]
[ 2909.375020] Allocated by task 117528:
[ 2909.375375] kasan_save_stack+0x1e/0x40
[ 2909.375747] __kasan_krealloc+0xee/0x160
[ 2909.376121] krealloc+0x50/0xe0
[ 2909.376436] krealloc_more_oob_helper+0x1d5/0x610 [test_kasan]
[ 2909.376985] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2909.377471] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2909.378090] kthread+0x2a7/0x350
[ 2909.378449] ret_from_fork+0x22/0x30
[ 2909.378825]
[ 2909.378989] Last potentially related work creation:
[ 2909.379454] kasan_save_stack+0x1e/0x40
[ 2909.379842] __kasan_record_aux_stack+0x96/0xb0
[ 2909.380299] kvfree_call_rcu+0x7d/0x840
[ 2909.380697] dma_resv_reserve_fences+0x35d/0x680
[ 2909.381162] ttm_eu_reserve_buffers+0x42c/0x1070 [ttm]
[ 2909.381817] qxl_release_reserve_list+0xe5/0x320 [qxl]
[ 2909.382465] qxl_draw_dirty_fb+0x40e/0x1c70 [qxl]
[ 2909.382972] qxl_framebuffer_surface_dirty+0x307/0x610 [qxl]
[ 2909.383588] drm_fb_helper_damage_work+0x537/0x8c0 [drm_kms_helper]
[ 2909.384246] process_one_work+0x8e5/0x1520
[ 2909.384742] worker_thread+0x59e/0xf90
[ 2909.385102] kthread+0x2a7/0x350
[ 2909.385442] ret_from_fork+0x22/0x30
[ 2909.385815]
[ 2909.385977] Second to last potentially related work creation:
[ 2909.386539] kasan_save_stack+0x1e/0x40
[ 2909.386927] __kasan_record_aux_stack+0x96/0xb0
[ 2909.387368] kvfree_call_rcu+0x7d/0x840
[ 2909.387873] dma_resv_list_free.part.0+0xd4/0x130
[ 2909.388335] dma_resv_fini+0x38/0x50
[ 2909.388727] drm_gem_object_release+0x73/0x100 [drm]
[ 2909.389249] qxl_ttm_bo_destroy+0x17f/0x200 [qxl]
[ 2909.389785] ttm_bo_release+0x68b/0xbc0 [ttm]
[ 2909.390212] ttm_bo_delayed_delete+0x312/0x550 [ttm]
[ 2909.390695] ttm_device_delayed_workqueue+0x18/0x70 [ttm]
[ 2909.391207] process_one_work+0x8e5/0x1520
[ 2909.391602] worker_thread+0x59e/0xf90
[ 2909.391965] kthread+0x2a7/0x350
[ 2909.392285] ret_from_fork+0x22/0x30
[ 2909.392638]
[ 2909.392799] The buggy address belongs to the object at ffff88801723a800
[ 2909.392799] which belongs to the cache kmalloc-256 of size 256
[ 2909.394001] The buggy address is located 240 bytes inside of
[ 2909.394001] 256-byte region [ffff88801723a800, ffff88801723a900)
[ 2909.395147]
[ 2909.395310] The buggy address belongs to the physical page:
[ 2909.395837] page:00000000a4a3ea57 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1723a
[ 2909.396699] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2909.397339] raw: 000fffffc0000200 ffffea0000562e40 dead000000000003 ffff888100041b40
[ 2909.398064] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000
[ 2909.398826] page dumped because: kasan: bad access detected
[ 2909.399369]
[ 2909.399538] Memory state around the buggy address:
[ 2909.400011] ffff88801723a780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2909.400731] ffff88801723a800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2909.401408] >ffff88801723a880: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[ 2909.402119] ^
[ 2909.402831] ffff88801723a900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2909.403510] ffff88801723a980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2909.404186] ==================================================================
[ 2909.405056] ok 10 - krealloc_more_oob
[ 2909.408267] ==================================================================
[ 2909.409407] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan]
[ 2909.410215] Write of size 1 at addr ffff888108ff68c9 by task kunit_try_catch/117529
[ 2909.410973]
[ 2909.411138] CPU: 0 PID: 117529 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-243.1944_756456474.el9.x86_64+debug #1
[ 2909.412424] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2909.412988] Call Trace:
[ 2909.413233]
[ 2909.413454] ? krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan]
[ 2909.414022] dump_stack_lvl+0x57/0x81
[ 2909.414403] print_address_description.constprop.0+0x1f/0x1e0
[ 2909.414971] ? krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan]
[ 2909.415611] print_report.cold+0x5c/0x237
[ 2909.416014] kasan_report+0xc9/0x100
[ 2909.416368] ? krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan]
[ 2909.416938] krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan]
[ 2909.417650] ? krealloc_uaf+0x450/0x450 [test_kasan]
[ 2909.418163] ? rcu_read_lock_sched_held+0x12/0x80
[ 2909.418621] ? rcu_read_lock_sched_held+0x12/0x80
[ 2909.419096] ? lock_acquire+0x4ea/0x620
[ 2909.419472] ? rcu_read_unlock+0x40/0x40
[ 2909.419849] ? rcu_read_unlock+0x40/0x40
[ 2909.420226] ? rcu_read_lock_sched_held+0x12/0x80
[ 2909.420720] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2909.421247] ? do_raw_spin_lock+0x270/0x270
[ 2909.421683] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit]
[ 2909.422273] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 2909.422789] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2909.423285] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2909.423798] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2909.424501] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2909.425216] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2909.425803] kthread+0x2a7/0x350
[ 2909.426144] ? kthread_complete_and_exit+0x20/0x20
[ 2909.426626] ret_from_fork+0x22/0x30
[ 2909.427013]
[ 2909.427241]
[ 2909.427463] Allocated by task 117529:
[ 2909.427856] kasan_save_stack+0x1e/0x40
[ 2909.428222] __kasan_krealloc+0xee/0x160
[ 2909.428623] krealloc+0x50/0xe0
[ 2909.428949] krealloc_less_oob_helper+0x1d9/0xa20 [test_kasan]
[ 2909.429527] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2909.430045] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2909.430677] kthread+0x2a7/0x350
[ 2909.431009] ret_from_fork+0x22/0x30
[ 2909.431357]
[ 2909.431527] Last potentially related work creation:
[ 2909.431995] kasan_save_stack+0x1e/0x40
[ 2909.432369] __kasan_record_aux_stack+0x96/0xb0
[ 2909.432804] kvfree_call_rcu+0x7d/0x840
[ 2909.433174] drop_sysctl_table+0x338/0x460
[ 2909.433611] unregister_sysctl_table+0x9c/0x180
[ 2909.434070] addrconf_exit_net+0x168/0x280
[ 2909.434449] ops_exit_list+0x9c/0x170
[ 2909.434830] cleanup_net+0x42b/0x9a0
[ 2909.435176] process_one_work+0x8e5/0x1520
[ 2909.435570] worker_thread+0x59e/0xf90
[ 2909.435929] kthread+0x2a7/0x350
[ 2909.436246] ret_from_fork+0x22/0x30
[ 2909.436597]
[ 2909.436758] Second to last potentially related work creation:
[ 2909.437295] kasan_save_stack+0x1e/0x40
[ 2909.437693] __kasan_record_aux_stack+0x96/0xb0
[ 2909.438139] kvfree_call_rcu+0x7d/0x840
[ 2909.438511] dma_resv_list_free.part.0+0xd4/0x130
[ 2909.438972] dma_resv_fini+0x38/0x50
[ 2909.439336] drm_gem_object_release+0x73/0x100 [drm]
[ 2909.439869] qxl_ttm_bo_destroy+0x17f/0x200 [qxl]
[ 2909.440309] ttm_bo_release+0x68b/0xbc0 [ttm]
[ 2909.440780] ttm_bo_delayed_delete+0x312/0x550 [ttm]
[ 2909.441257] ttm_device_delayed_workqueue+0x18/0x70 [ttm]
[ 2909.441801] process_one_work+0x8e5/0x1520
[ 2909.442211] worker_thread+0x59e/0xf90
[ 2909.442589] kthread+0x2a7/0x350
[ 2909.442932] ret_from_fork+0x22/0x30
[ 2909.443321]
[ 2909.443509] The buggy address belongs to the object at ffff888108ff6800
[ 2909.443509] which belongs to the cache kmalloc-256 of size 256
[ 2909.444659] The buggy address is located 201 bytes inside of
[ 2909.444659] 256-byte region [ffff888108ff6800, ffff888108ff6900)
[ 2909.445771]
[ 2909.445933] The buggy address belongs to the physical page:
[ 2909.446455] page:00000000c13c2da4 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108ff6
[ 2909.447314] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff)
[ 2909.448115] raw: 0017ffffc0000200 0000000000000000 dead000000000001 ffff888100041b40
[ 2909.448832] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000
[ 2909.449569] page dumped because: kasan: bad access detected
[ 2909.450105]
[ 2909.450267] Memory state around the buggy address:
[ 2909.450721] ffff888108ff6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2909.451393] ffff888108ff6800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2909.452060] >ffff888108ff6880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[ 2909.452731] ^
[ 2909.453247] ffff888108ff6900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2909.453963] ffff888108ff6980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2909.454668] ==================================================================
[ 2909.455494] ==================================================================
[ 2909.456244] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan]
[ 2909.457061] Write of size 1 at addr ffff888108ff68d0 by task kunit_try_catch/117529
[ 2909.457822]
[ 2909.457986] CPU: 0 PID: 117529 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-243.1944_756456474.el9.x86_64+debug #1
[ 2909.459247] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2909.459793] Call Trace:
[ 2909.460039]
[ 2909.460256] ? krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan]
[ 2909.460829] dump_stack_lvl+0x57/0x81
[ 2909.461186] print_address_description.constprop.0+0x1f/0x1e0
[ 2909.461781] ? krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan]
[ 2909.462350] print_report.cold+0x5c/0x237
[ 2909.462744] kasan_report+0xc9/0x100
[ 2909.463094] ? krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan]
[ 2909.463668] krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan]
[ 2909.464222] ? krealloc_uaf+0x450/0x450 [test_kasan]
[ 2909.464722] ? rcu_read_lock_sched_held+0x12/0x80
[ 2909.465175] ? rcu_read_lock_sched_held+0x12/0x80
[ 2909.465657] ? lock_acquire+0x4ea/0x620
[ 2909.466048] ? rcu_read_unlock+0x40/0x40
[ 2909.466433] ? rcu_read_unlock+0x40/0x40
[ 2909.466808] ? rcu_read_lock_sched_held+0x12/0x80
[ 2909.467262] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2909.467793] ? do_raw_spin_lock+0x270/0x270
[ 2909.468194] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit]
[ 2909.468770] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 2909.469241] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2909.469770] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2909.470237] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2909.470781] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2909.471411] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2909.471922] kthread+0x2a7/0x350
[ 2909.472242] ? kthread_complete_and_exit+0x20/0x20
[ 2909.472708] ret_from_fork+0x22/0x30
[ 2909.473060]
[ 2909.473282]
[ 2909.473470] Allocated by task 117529:
[ 2909.473848] kasan_save_stack+0x1e/0x40
[ 2909.474219] __kasan_krealloc+0xee/0x160
[ 2909.474601] krealloc+0x50/0xe0
[ 2909.474912] krealloc_less_oob_helper+0x1d9/0xa20 [test_kasan]
[ 2909.475471] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2909.475937] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2909.476516] kthread+0x2a7/0x350
[ 2909.476834] ret_from_fork+0x22/0x30
[ 2909.477186]
[ 2909.477349] Last potentially related work creation:
[ 2909.477961] kasan_save_stack+0x1e/0x40
[ 2909.478331] __kasan_record_aux_stack+0x96/0xb0
[ 2909.478812] kvfree_call_rcu+0x7d/0x840
[ 2909.479180] drop_sysctl_table+0x338/0x460
[ 2909.479600] unregister_sysctl_table+0x9c/0x180
[ 2909.480065] addrconf_exit_net+0x168/0x280
[ 2909.480483] ops_exit_list+0x9c/0x170
[ 2909.480837] cleanup_net+0x42b/0x9a0
[ 2909.481184] process_one_work+0x8e5/0x1520
[ 2909.481630] worker_thread+0x59e/0xf90
[ 2909.482160] kthread+0x2a7/0x350
[ 2909.482550] ret_from_fork+0x22/0x30
[ 2909.482950]
[ 2909.483117] Second to last potentially related work creation:
[ 2909.483722] kasan_save_stack+0x1e/0x40
[ 2909.484113] __kasan_record_aux_stack+0x96/0xb0
[ 2909.484637] kvfree_call_rcu+0x7d/0x840
[ 2909.485041] dma_resv_list_free.part.0+0xd4/0x130
[ 2909.485494] dma_resv_fini+0x38/0x50
[ 2909.485840] drm_gem_object_release+0x73/0x100 [drm]
[ 2909.486341] qxl_ttm_bo_destroy+0x17f/0x200 [qxl]
[ 2909.486798] ttm_bo_release+0x68b/0xbc0 [ttm]
[ 2909.487224] ttm_bo_delayed_delete+0x312/0x550 [ttm]
[ 2909.487732] ttm_device_delayed_workqueue+0x18/0x70 [ttm]
[ 2909.488261] process_one_work+0x8e5/0x1520
[ 2909.488657] worker_thread+0x59e/0xf90
[ 2909.489021] kthread+0x2a7/0x350
[ 2909.489338] ret_from_fork+0x22/0x30
[ 2909.489715]
[ 2909.489898] The buggy address belongs to the object at ffff888108ff6800
[ 2909.489898] which belongs to the cache kmalloc-256 of size 256
[ 2909.491078] The buggy address is located 208 bytes inside of
[ 2909.491078] 256-byte region [ffff888108ff6800, ffff888108ff6900)
[ 2909.492197]
[ 2909.492364] The buggy address belongs to the physical page:
[ 2909.492887] page:00000000c13c2da4 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108ff6
[ 2909.493747] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff)
[ 2909.494413] raw: 0017ffffc0000200 0000000000000000 dead000000000001 ffff888100041b40
[ 2909.495150] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000
[ 2909.495909] page dumped because: kasan: bad access detected
[ 2909.496452]
[ 2909.496620] Memory state around the buggy address:
[ 2909.497088] ffff888108ff6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2909.497766] ffff888108ff6800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2909.498461] >ffff888108ff6880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[ 2909.499150] ^
[ 2909.499729] ffff888108ff6900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2909.500437] ffff888108ff6980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2909.501150] ==================================================================
[ 2909.501839] ==================================================================
[ 2909.502541] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan]
[ 2909.503412] Write of size 1 at addr ffff888108ff68da by task kunit_try_catch/117529
[ 2909.504172]
[ 2909.504340] CPU: 0 PID: 117529 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-243.1944_756456474.el9.x86_64+debug #1
[ 2909.505690] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2909.506276] Call Trace:
[ 2909.506571]
[ 2909.506813] ? krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan]
[ 2909.507431] dump_stack_lvl+0x57/0x81
[ 2909.507928] print_address_description.constprop.0+0x1f/0x1e0
[ 2909.508500] ? krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan]
[ 2909.509085] print_report.cold+0x5c/0x237
[ 2909.509488] kasan_report+0xc9/0x100
[ 2909.509849] ? krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan]
[ 2909.510483] krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan]
[ 2909.511081] ? krealloc_uaf+0x450/0x450 [test_kasan]
[ 2909.511599] ? rcu_read_lock_sched_held+0x12/0x80
[ 2909.512085] ? rcu_read_lock_sched_held+0x12/0x80
[ 2909.512578] ? lock_acquire+0x4ea/0x620
[ 2909.512977] ? rcu_read_unlock+0x40/0x40
[ 2909.513373] ? rcu_read_unlock+0x40/0x40
[ 2909.513762] ? rcu_read_lock_sched_held+0x12/0x80
[ 2909.514230] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2909.514834] ? do_raw_spin_lock+0x270/0x270
[ 2909.515269] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit]
[ 2909.515912] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 2909.516409] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2909.516909] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2909.517396] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2909.517893] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2909.518512] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2909.519036] kthread+0x2a7/0x350
[ 2909.519345] ? kthread_complete_and_exit+0x20/0x20
[ 2909.519829] ret_from_fork+0x22/0x30
[ 2909.520198]
[ 2909.520450]
[ 2909.520625] Allocated by task 117529:
[ 2909.521008] kasan_save_stack+0x1e/0x40
[ 2909.521395] __kasan_krealloc+0xee/0x160
[ 2909.521782] krealloc+0x50/0xe0
[ 2909.522101] krealloc_less_oob_helper+0x1d9/0xa20 [test_kasan]
[ 2909.522717] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2909.523196] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2909.523793] kthread+0x2a7/0x350
[ 2909.524121] ret_from_fork+0x22/0x30
[ 2909.524533]
[ 2909.524722] Last potentially related work creation:
[ 2909.525213] kasan_save_stack+0x1e/0x40
[ 2909.525600] __kasan_record_aux_stack+0x96/0xb0
[ 2909.526046] kvfree_call_rcu+0x7d/0x840
[ 2909.526451] drop_sysctl_table+0x338/0x460
[ 2909.526881] unregister_sysctl_table+0x9c/0x180
[ 2909.527329] addrconf_exit_net+0x168/0x280
[ 2909.527777] ops_exit_list+0x9c/0x170
[ 2909.528143] cleanup_net+0x42b/0x9a0
[ 2909.528525] process_one_work+0x8e5/0x1520
[ 2909.528950] worker_thread+0x59e/0xf90
[ 2909.529321] kthread+0x2a7/0x350
[ 2909.529652] ret_from_fork+0x22/0x30
[ 2909.530011]
[ 2909.530194] Second to last potentially related work creation:
[ 2909.530886] kasan_save_stack+0x1e/0x40
[ 2909.531270] __kasan_record_aux_stack+0x96/0xb0
[ 2909.531721] kvfree_call_rcu+0x7d/0x840
[ 2909.532101] dma_resv_list_free.part.0+0xd4/0x130
[ 2909.532593] dma_resv_fini+0x38/0x50
[ 2909.532973] drm_gem_object_release+0x73/0x100 [drm]
[ 2909.533497] qxl_ttm_bo_destroy+0x17f/0x200 [qxl]
[ 2909.533964] ttm_bo_release+0x68b/0xbc0 [ttm]
[ 2909.534424] ttm_bo_delayed_delete+0x312/0x550 [ttm]
[ 2909.534937] ttm_device_delayed_workqueue+0x18/0x70 [ttm]
[ 2909.535468] process_one_work+0x8e5/0x1520
[ 2909.535872] worker_thread+0x59e/0xf90
[ 2909.536244] kthread+0x2a7/0x350
[ 2909.536604] ret_from_fork+0x22/0x30
[ 2909.536983]
[ 2909.537150] The buggy address belongs to the object at ffff888108ff6800
[ 2909.537150] which belongs to the cache kmalloc-256 of size 256
[ 2909.538499] The buggy address is located 218 bytes inside of
[ 2909.538499] 256-byte region [ffff888108ff6800, ffff888108ff6900)
[ 2909.539651]
[ 2909.539824] The buggy address belongs to the physical page:
[ 2909.540401] page:00000000c13c2da4 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108ff6
[ 2909.541316] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff)
[ 2909.541990] raw: 0017ffffc0000200 0000000000000000 dead000000000001 ffff888100041b40
[ 2909.542775] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000
[ 2909.543515] page dumped because: kasan: bad access detected
[ 2909.544055]
[ 2909.544222] Memory state around the buggy address:
[ 2909.544750] ffff888108ff6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2909.545466] ffff888108ff6800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2909.546159] >ffff888108ff6880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[ 2909.546897] ^
[ 2909.547494] ffff888108ff6900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2909.548190] ffff888108ff6980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2909.548932] ==================================================================
[ 2909.549644] ==================================================================
[ 2909.550343] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan]
[ 2909.551187] Write of size 1 at addr ffff888108ff68ea by task kunit_try_catch/117529
[ 2909.551965]
[ 2909.552133] CPU: 0 PID: 117529 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-243.1944_756456474.el9.x86_64+debug #1
[ 2909.553487] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2909.554047] Call Trace:
[ 2909.554299]
[ 2909.554549] ? krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan]
[ 2909.555158] dump_stack_lvl+0x57/0x81
[ 2909.555553] print_address_description.constprop.0+0x1f/0x1e0
[ 2909.556136] ? krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan]
[ 2909.556774] print_report.cold+0x5c/0x237
[ 2909.557174] kasan_report+0xc9/0x100
[ 2909.557562] ? krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan]
[ 2909.558148] krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan]
[ 2909.558724] ? krealloc_uaf+0x450/0x450 [test_kasan]
[ 2909.559210] ? rcu_read_lock_sched_held+0x12/0x80
[ 2909.559721] ? rcu_read_lock_sched_held+0x12/0x80
[ 2909.560188] ? lock_acquire+0x4ea/0x620
[ 2909.560608] ? rcu_read_unlock+0x40/0x40
[ 2909.561038] ? rcu_read_unlock+0x40/0x40
[ 2909.561453] ? rcu_read_lock_sched_held+0x12/0x80
[ 2909.561942] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2909.562489] ? do_raw_spin_lock+0x270/0x270
[ 2909.562904] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit]
[ 2909.563526] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 2909.564035] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2909.564562] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2909.565064] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2909.565588] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2909.566201] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2909.566714] kthread+0x2a7/0x350
[ 2909.567041] ? kthread_complete_and_exit+0x20/0x20
[ 2909.567653] ret_from_fork+0x22/0x30
[ 2909.568058]
[ 2909.568288]
[ 2909.568481] Allocated by task 117529:
[ 2909.568870] kasan_save_stack+0x1e/0x40
[ 2909.569249] __kasan_krealloc+0xee/0x160
[ 2909.569667] krealloc+0x50/0xe0
[ 2909.570002] krealloc_less_oob_helper+0x1d9/0xa20 [test_kasan]
[ 2909.570578] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2909.571058] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2909.571694] kthread+0x2a7/0x350
[ 2909.572024] ret_from_fork+0x22/0x30
[ 2909.572406]
[ 2909.572582] Last potentially related work creation:
[ 2909.573077] kasan_save_stack+0x1e/0x40
[ 2909.573482] __kasan_record_aux_stack+0x96/0xb0
[ 2909.573952] kvfree_call_rcu+0x7d/0x840
[ 2909.574335] drop_sysctl_table+0x338/0x460
[ 2909.574772] unregister_sysctl_table+0x9c/0x180
[ 2909.575235] addrconf_exit_net+0x168/0x280
[ 2909.575673] ops_exit_list+0x9c/0x170
[ 2909.576057] cleanup_net+0x42b/0x9a0
[ 2909.576441] process_one_work+0x8e5/0x1520
[ 2909.576869] worker_thread+0x59e/0xf90
[ 2909.577243] kthread+0x2a7/0x350
[ 2909.577599] ret_from_fork+0x22/0x30
[ 2909.578000]
[ 2909.578169] Second to last potentially related work creation:
[ 2909.578728] kasan_save_stack+0x1e/0x40
[ 2909.579109] __kasan_record_aux_stack+0x96/0xb0
[ 2909.579587] kvfree_call_rcu+0x7d/0x840
[ 2909.579988] dma_resv_list_free.part.0+0xd4/0x130
[ 2909.580500] dma_resv_fini+0x38/0x50
[ 2909.580905] drm_gem_object_release+0x73/0x100 [drm]
[ 2909.581447] qxl_ttm_bo_destroy+0x17f/0x200 [qxl]
[ 2909.582047] ttm_bo_release+0x68b/0xbc0 [ttm]
[ 2909.582612] ttm_bo_delayed_delete+0x312/0x550 [ttm]
[ 2909.583130] ttm_device_delayed_workqueue+0x18/0x70 [ttm]
[ 2909.583747] process_one_work+0x8e5/0x1520
[ 2909.584162] worker_thread+0x59e/0xf90
[ 2909.584593] kthread+0x2a7/0x350
[ 2909.584946] ret_from_fork+0x22/0x30
[ 2909.585291]
[ 2909.585476] The buggy address belongs to the object at ffff888108ff6800
[ 2909.585476] which belongs to the cache kmalloc-256 of size 256
[ 2909.586760] The buggy address is located 234 bytes inside of
[ 2909.586760] 256-byte region [ffff888108ff6800, ffff888108ff6900)
[ 2909.587874]
[ 2909.588037] The buggy address belongs to the physical page:
[ 2909.588582] page:00000000c13c2da4 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108ff6
[ 2909.589489] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff)
[ 2909.590181] raw: 0017ffffc0000200 0000000000000000 dead000000000001 ffff888100041b40
[ 2909.590998] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000
[ 2909.591760] page dumped because: kasan: bad access detected
[ 2909.592279]
[ 2909.592470] Memory state around the buggy address:
[ 2909.592946] ffff888108ff6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2909.593647] ffff888108ff6800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2909.594332] >ffff888108ff6880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[ 2909.595007] ^
[ 2909.595651] ffff888108ff6900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2909.596337] ffff888108ff6980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2909.597008] ==================================================================
[ 2909.597865] ==================================================================
[ 2909.598564] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan]
[ 2909.599396] Write of size 1 at addr ffff888108ff68eb by task kunit_try_catch/117529
[ 2909.600128]
[ 2909.600291] CPU: 0 PID: 117529 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-243.1944_756456474.el9.x86_64+debug #1
[ 2909.601599] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2909.602156] Call Trace:
[ 2909.602404]
[ 2909.602621] ? krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan]
[ 2909.603188] dump_stack_lvl+0x57/0x81
[ 2909.603573] print_address_description.constprop.0+0x1f/0x1e0
[ 2909.604134] ? krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan]
[ 2909.604752] print_report.cold+0x5c/0x237
[ 2909.605158] kasan_report+0xc9/0x100
[ 2909.605534] ? krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan]
[ 2909.606120] krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan]
[ 2909.606683] ? krealloc_uaf+0x450/0x450 [test_kasan]
[ 2909.607154] ? rcu_read_lock_sched_held+0x12/0x80
[ 2909.607676] ? rcu_read_lock_sched_held+0x12/0x80
[ 2909.608143] ? lock_acquire+0x4ea/0x620
[ 2909.608540] ? rcu_read_unlock+0x40/0x40
[ 2909.608938] ? rcu_read_unlock+0x40/0x40
[ 2909.609316] ? rcu_read_lock_sched_held+0x12/0x80
[ 2909.609812] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2909.610384] ? do_raw_spin_lock+0x270/0x270
[ 2909.610786] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit]
[ 2909.611383] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 2909.611883] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2909.612372] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2909.612840] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2909.613319] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2909.613941] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2909.614436] kthread+0x2a7/0x350
[ 2909.614754] ? kthread_complete_and_exit+0x20/0x20
[ 2909.615211] ret_from_fork+0x22/0x30
[ 2909.615592]
[ 2909.615832]
[ 2909.615995] Allocated by task 117529:
[ 2909.616346] kasan_save_stack+0x1e/0x40
[ 2909.616721] __kasan_krealloc+0xee/0x160
[ 2909.617096] krealloc+0x50/0xe0
[ 2909.617428] krealloc_less_oob_helper+0x1d9/0xa20 [test_kasan]
[ 2909.618002] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2909.618471] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2909.619046] kthread+0x2a7/0x350
[ 2909.619383] ret_from_fork+0x22/0x30
[ 2909.619757]
[ 2909.619919] Last potentially related work creation:
[ 2909.620399] kasan_save_stack+0x1e/0x40
[ 2909.620782] __kasan_record_aux_stack+0x96/0xb0
[ 2909.621230] kvfree_call_rcu+0x7d/0x840
[ 2909.621628] drop_sysctl_table+0x338/0x460
[ 2909.622038] unregister_sysctl_table+0x9c/0x180
[ 2909.622476] addrconf_exit_net+0x168/0x280
[ 2909.622865] ops_exit_list+0x9c/0x170
[ 2909.623220] cleanup_net+0x42b/0x9a0
[ 2909.623602] process_one_work+0x8e5/0x1520
[ 2909.624009] worker_thread+0x59e/0xf90
[ 2909.624579] kthread+0x2a7/0x350
[ 2909.624996] ret_from_fork+0x22/0x30
[ 2909.625403]
[ 2909.625578] Second to last potentially related work creation:
[ 2909.626174] kasan_save_stack+0x1e/0x40
[ 2909.626614] __kasan_record_aux_stack+0x96/0xb0
[ 2909.627102] kvfree_call_rcu+0x7d/0x840
[ 2909.627637] dma_resv_list_free.part.0+0xd4/0x130
[ 2909.628153] dma_resv_fini+0x38/0x50
[ 2909.628525] drm_gem_object_release+0x73/0x100 [drm]
[ 2909.629047] qxl_ttm_bo_destroy+0x17f/0x200 [qxl]
[ 2909.629527] ttm_bo_release+0x68b/0xbc0 [ttm]
[ 2909.629974] ttm_bo_delayed_delete+0x312/0x550 [ttm]
[ 2909.630482] ttm_device_delayed_workqueue+0x18/0x70 [ttm]
[ 2909.631075] process_one_work+0x8e5/0x1520
[ 2909.631512] worker_thread+0x59e/0xf90
[ 2909.631956] kthread+0x2a7/0x350
[ 2909.632274] ret_from_fork+0x22/0x30
[ 2909.632624]
[ 2909.632785] The buggy address belongs to the object at ffff888108ff6800
[ 2909.632785] which belongs to the cache kmalloc-256 of size 256
[ 2909.634008] The buggy address is located 235 bytes inside of
[ 2909.634008] 256-byte region [ffff888108ff6800, ffff888108ff6900)
[ 2909.635132]
[ 2909.635295] The buggy address belongs to the physical page:
[ 2909.635860] page:00000000c13c2da4 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108ff6
[ 2909.636772] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff)
[ 2909.637437] raw: 0017ffffc0000200 0000000000000000 dead000000000001 ffff888100041b40
[ 2909.638174] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000
[ 2909.638937] page dumped because: kasan: bad access detected
[ 2909.639478]
[ 2909.639646] Memory state around the buggy address:
[ 2909.640133] ffff888108ff6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2909.640833] ffff888108ff6800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2909.641531] >ffff888108ff6880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[ 2909.642222] ^
[ 2909.642841] ffff888108ff6900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2909.643520] ffff888108ff6980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2909.644195] ==================================================================
[ 2909.645266] ok 11 - krealloc_less_oob
[ 2909.649219] ==================================================================
[ 2909.650353] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c3/0x610 [test_kasan]
[ 2909.651219] Write of size 1 at addr ffff8880156a60eb by task kunit_try_catch/117530
[ 2909.651934]
[ 2909.652099] CPU: 0 PID: 117530 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-243.1944_756456474.el9.x86_64+debug #1
[ 2909.653380] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2909.653948] Call Trace:
[ 2909.654193]
[ 2909.654414] ? krealloc_more_oob_helper+0x5c3/0x610 [test_kasan]
[ 2909.654998] dump_stack_lvl+0x57/0x81
[ 2909.655353] print_address_description.constprop.0+0x1f/0x1e0
[ 2909.655907] ? krealloc_more_oob_helper+0x5c3/0x610 [test_kasan]
[ 2909.656495] print_report.cold+0x5c/0x237
[ 2909.656903] kasan_report+0xc9/0x100
[ 2909.657252] ? krealloc_more_oob_helper+0x5c3/0x610 [test_kasan]
[ 2909.657969] krealloc_more_oob_helper+0x5c3/0x610 [test_kasan]
[ 2909.658529] ? krealloc_less_oob+0x10/0x10 [test_kasan]
[ 2909.659020] ? rcu_read_lock_sched_held+0x12/0x80
[ 2909.659473] ? rcu_read_lock_sched_held+0x12/0x80
[ 2909.659921] ? lock_acquire+0x4ea/0x620
[ 2909.660290] ? rcu_read_unlock+0x40/0x40
[ 2909.660674] ? rcu_read_unlock+0x40/0x40
[ 2909.661052] ? rcu_read_lock_sched_held+0x12/0x80
[ 2909.661530] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2909.662078] ? do_raw_spin_lock+0x270/0x270
[ 2909.662483] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit]
[ 2909.663060] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 2909.663582] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2909.664110] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2909.664628] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2909.665144] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2909.665766] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2909.666253] kthread+0x2a7/0x350
[ 2909.666598] ? kthread_complete_and_exit+0x20/0x20
[ 2909.667071] ret_from_fork+0x22/0x30
[ 2909.667448]
[ 2909.667694]
[ 2909.667857] The buggy address belongs to the physical page:
[ 2909.668378] page:0000000025eacbed refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x156a4
[ 2909.669231] head:0000000025eacbed order:2 compound_mapcount:0 compound_pincount:0
[ 2909.669967] flags: 0xfffffc0010000(head|node=0|zone=1|lastcpupid=0x1fffff)
[ 2909.670611] raw: 000fffffc0010000 0000000000000000 dead000000000122 0000000000000000
[ 2909.671338] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[ 2909.672059] page dumped because: kasan: bad access detected
[ 2909.672583]
[ 2909.672746] Memory state around the buggy address:
[ 2909.673199] ffff8880156a5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2909.673914] ffff8880156a6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2909.674581] >ffff8880156a6080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[ 2909.675245] ^
[ 2909.675861] ffff8880156a6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[ 2909.676535] ffff8880156a6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[ 2909.677200] ==================================================================
[ 2909.677946] ==================================================================
[ 2909.678632] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5b6/0x610 [test_kasan]
[ 2909.679461] Write of size 1 at addr ffff8880156a60f0 by task kunit_try_catch/117530
[ 2909.680168]
[ 2909.680331] CPU: 0 PID: 117530 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-243.1944_756456474.el9.x86_64+debug #1
[ 2909.681715] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2909.682498] Call Trace:
[ 2909.682781]
[ 2909.683017] ? krealloc_more_oob_helper+0x5b6/0x610 [test_kasan]
[ 2909.683664] dump_stack_lvl+0x57/0x81
[ 2909.684070] print_address_description.constprop.0+0x1f/0x1e0
[ 2909.684725] ? krealloc_more_oob_helper+0x5b6/0x610 [test_kasan]
[ 2909.685292] print_report.cold+0x5c/0x237
[ 2909.685722] kasan_report+0xc9/0x100
[ 2909.686073] ? krealloc_more_oob_helper+0x5b6/0x610 [test_kasan]
[ 2909.686669] krealloc_more_oob_helper+0x5b6/0x610 [test_kasan]
[ 2909.687237] ? krealloc_less_oob+0x10/0x10 [test_kasan]
[ 2909.687875] ? rcu_read_lock_sched_held+0x12/0x80
[ 2909.688340] ? rcu_read_lock_sched_held+0x12/0x80
[ 2909.688834] ? lock_acquire+0x4ea/0x620
[ 2909.689206] ? rcu_read_unlock+0x40/0x40
[ 2909.689611] ? rcu_read_unlock+0x40/0x40
[ 2909.690022] ? rcu_read_lock_sched_held+0x12/0x80
[ 2909.690560] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2909.691105] ? do_raw_spin_lock+0x270/0x270
[ 2909.691513] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit]
[ 2909.692088] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 2909.692561] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2909.693042] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2909.693532] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2909.694029] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2909.694642] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2909.695167] kthread+0x2a7/0x350
[ 2909.695510] ? kthread_complete_and_exit+0x20/0x20
[ 2909.695988] ret_from_fork+0x22/0x30
[ 2909.696343]
[ 2909.696569]
[ 2909.696730] The buggy address belongs to the physical page:
[ 2909.697248] page:0000000025eacbed refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x156a4
[ 2909.698144] head:0000000025eacbed order:2 compound_mapcount:0 compound_pincount:0
[ 2909.698884] flags: 0xfffffc0010000(head|node=0|zone=1|lastcpupid=0x1fffff)
[ 2909.699544] raw: 000fffffc0010000 0000000000000000 dead000000000122 0000000000000000
[ 2909.700277] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[ 2909.700989] page dumped because: kasan: bad access detected
[ 2909.701529]
[ 2909.701709] Memory state around the buggy address:
[ 2909.702160] ffff8880156a5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2909.702873] ffff8880156a6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2909.703705] >ffff8880156a6080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[ 2909.704413] ^
[ 2909.705047] ffff8880156a6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[ 2909.705928] ffff8880156a6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[ 2909.711855] ==================================================================
[ 2909.712897] ok 12 - krealloc_pagealloc_more_oob
[ 2909.715307] ==================================================================
[ 2909.716520] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan]
[ 2909.717337] Write of size 1 at addr ffff8880156a60c9 by task kunit_try_catch/117531
[ 2909.718172]
[ 2909.718335] CPU: 0 PID: 117531 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-243.1944_756456474.el9.x86_64+debug #1
[ 2909.719701] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2909.720258] Call Trace:
[ 2909.720529]
[ 2909.720769] ? krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan]
[ 2909.721335] dump_stack_lvl+0x57/0x81
[ 2909.721696] print_address_description.constprop.0+0x1f/0x1e0
[ 2909.722237] ? krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan]
[ 2909.722807] print_report.cold+0x5c/0x237
[ 2909.723191] kasan_report+0xc9/0x100
[ 2909.723567] ? krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan]
[ 2909.724153] krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan]
[ 2909.724962] ? krealloc_uaf+0x450/0x450 [test_kasan]
[ 2909.725541] ? rcu_read_lock_sched_held+0x12/0x80
[ 2909.726046] ? rcu_read_lock_sched_held+0x12/0x80
[ 2909.726570] ? lock_acquire+0x4ea/0x620
[ 2909.726993] ? rcu_read_unlock+0x40/0x40
[ 2909.727434] ? rcu_read_unlock+0x40/0x40
[ 2909.727881] ? rcu_read_lock_sched_held+0x12/0x80
[ 2909.728337] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2909.728908] ? do_raw_spin_lock+0x270/0x270
[ 2909.729312] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit]
[ 2909.729932] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 2909.730427] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2909.730976] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2909.731492] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2909.731992] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2909.732595] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2909.733101] kthread+0x2a7/0x350
[ 2909.733446] ? kthread_complete_and_exit+0x20/0x20
[ 2909.733949] ret_from_fork+0x22/0x30
[ 2909.734302]
[ 2909.734528]
[ 2909.734691] The buggy address belongs to the physical page:
[ 2909.735208] page:0000000025eacbed refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x156a4
[ 2909.736103] head:0000000025eacbed order:2 compound_mapcount:0 compound_pincount:0
[ 2909.736867] flags: 0xfffffc0010000(head|node=0|zone=1|lastcpupid=0x1fffff)
[ 2909.737549] raw: 000fffffc0010000 0000000000000000 dead000000000122 0000000000000000
[ 2909.738287] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[ 2909.739006] page dumped because: kasan: bad access detected
[ 2909.739549]
[ 2909.739729] Memory state around the buggy address:
[ 2909.740185] ffff8880156a5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2909.740985] ffff8880156a6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2909.741684] >ffff8880156a6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[ 2909.742372] ^
[ 2909.742893] ffff8880156a6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[ 2909.743591] ffff8880156a6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[ 2909.744279] ==================================================================
[ 2909.745158] ==================================================================
[ 2909.745890] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan]
[ 2909.746707] Write of size 1 at addr ffff8880156a60d0 by task kunit_try_catch/117531
[ 2909.747508]
[ 2909.747733] CPU: 0 PID: 117531 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-243.1944_756456474.el9.x86_64+debug #1
[ 2909.749055] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2909.749625] Call Trace:
[ 2909.749889]
[ 2909.750106] ? krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan]
[ 2909.750703] dump_stack_lvl+0x57/0x81
[ 2909.751076] print_address_description.constprop.0+0x1f/0x1e0
[ 2909.751649] ? krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan]
[ 2909.752233] print_report.cold+0x5c/0x237
[ 2909.752655] kasan_report+0xc9/0x100
[ 2909.753020] ? krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan]
[ 2909.753619] krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan]
[ 2909.754193] ? krealloc_uaf+0x450/0x450 [test_kasan]
[ 2909.754698] ? rcu_read_lock_sched_held+0x12/0x80
[ 2909.755165] ? rcu_read_lock_sched_held+0x12/0x80
[ 2909.755646] ? lock_acquire+0x4ea/0x620
[ 2909.756033] ? rcu_read_unlock+0x40/0x40
[ 2909.756433] ? rcu_read_unlock+0x40/0x40
[ 2909.756834] ? rcu_read_lock_sched_held+0x12/0x80
[ 2909.757284] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2909.757856] ? do_raw_spin_lock+0x270/0x270
[ 2909.758261] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit]
[ 2909.758839] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 2909.759311] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2909.759835] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2909.760303] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2909.760829] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2909.761427] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2909.761939] kthread+0x2a7/0x350
[ 2909.762258] ? kthread_complete_and_exit+0x20/0x20
[ 2909.762721] ret_from_fork+0x22/0x30
[ 2909.763115]
[ 2909.763336]
[ 2909.763504] The buggy address belongs to the physical page:
[ 2909.764020] page:0000000025eacbed refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x156a4
[ 2909.764957] head:0000000025eacbed order:2 compound_mapcount:0 compound_pincount:0
[ 2909.765683] flags: 0xfffffc0010000(head|node=0|zone=1|lastcpupid=0x1fffff)
[ 2909.766341] raw: 000fffffc0010000 0000000000000000 dead000000000122 0000000000000000
[ 2909.767107] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[ 2909.767826] page dumped because: kasan: bad access detected
[ 2909.768345]
[ 2909.768512] Memory state around the buggy address:
[ 2909.768966] ffff8880156a5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2909.769669] ffff8880156a6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2909.770360] >ffff8880156a6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[ 2909.771080] ^
[ 2909.771631] ffff8880156a6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[ 2909.772303] ffff8880156a6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[ 2909.772980] ==================================================================
[ 2909.773698] ==================================================================
[ 2909.774399] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan]
[ 2909.775203] Write of size 1 at addr ffff8880156a60da by task kunit_try_catch/117531
[ 2909.775916]
[ 2909.776079] CPU: 0 PID: 117531 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-243.1944_756456474.el9.x86_64+debug #1
[ 2909.777416] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2909.778091] Call Trace:
[ 2909.778336]
[ 2909.778558] ? krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan]
[ 2909.779131] dump_stack_lvl+0x57/0x81
[ 2909.779514] print_address_description.constprop.0+0x1f/0x1e0
[ 2909.780077] ? krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan]
[ 2909.780651] print_report.cold+0x5c/0x237
[ 2909.781056] kasan_report+0xc9/0x100
[ 2909.781453] ? krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan]
[ 2909.782210] krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan]
[ 2909.782872] ? krealloc_uaf+0x450/0x450 [test_kasan]
[ 2909.783427] ? rcu_read_lock_sched_held+0x12/0x80
[ 2909.783923] ? rcu_read_lock_sched_held+0x12/0x80
[ 2909.784460] ? lock_acquire+0x4ea/0x620
[ 2909.784904] ? rcu_read_unlock+0x40/0x40
[ 2909.785282] ? rcu_read_unlock+0x40/0x40
[ 2909.785705] ? rcu_read_lock_sched_held+0x12/0x80
[ 2909.786157] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2909.786715] ? do_raw_spin_lock+0x270/0x270
[ 2909.787130] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit]
[ 2909.787752] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 2909.788226] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2909.788774] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2909.789250] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2909.789778] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2909.790361] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2909.790879] kthread+0x2a7/0x350
[ 2909.791211] ? kthread_complete_and_exit+0x20/0x20
[ 2909.791699] ret_from_fork+0x22/0x30
[ 2909.792069]
[ 2909.792290]
[ 2909.792459] The buggy address belongs to the physical page:
[ 2909.792982] page:0000000025eacbed refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x156a4
[ 2909.793885] head:0000000025eacbed order:2 compound_mapcount:0 compound_pincount:0
[ 2909.794668] flags: 0xfffffc0010000(head|node=0|zone=1|lastcpupid=0x1fffff)
[ 2909.795305] raw: 000fffffc0010000 0000000000000000 dead000000000122 0000000000000000
[ 2909.796067] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[ 2909.796784] page dumped because: kasan: bad access detected
[ 2909.797302]
[ 2909.797489] Memory state around the buggy address:
[ 2909.797963] ffff8880156a5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2909.798664] ffff8880156a6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2909.799351] >ffff8880156a6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[ 2909.800028] ^
[ 2909.800652] ffff8880156a6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[ 2909.801378] ffff8880156a6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[ 2909.802115] ==================================================================
[ 2909.802803] ==================================================================
[ 2909.803488] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan]
[ 2909.804297] Write of size 1 at addr ffff8880156a60ea by task kunit_try_catch/117531
[ 2909.805051]
[ 2909.805215] CPU: 0 PID: 117531 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-243.1944_756456474.el9.x86_64+debug #1
[ 2909.806539] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2909.807100] Call Trace:
[ 2909.807346]
[ 2909.807691] ? krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan]
[ 2909.808278] dump_stack_lvl+0x57/0x81
[ 2909.808667] print_address_description.constprop.0+0x1f/0x1e0
[ 2909.809231] ? krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan]
[ 2909.809845] print_report.cold+0x5c/0x237
[ 2909.810234] kasan_report+0xc9/0x100
[ 2909.810589] ? krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan]
[ 2909.811155] krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan]
[ 2909.811712] ? krealloc_uaf+0x450/0x450 [test_kasan]
[ 2909.812185] ? rcu_read_lock_sched_held+0x12/0x80
[ 2909.812664] ? rcu_read_lock_sched_held+0x12/0x80
[ 2909.813133] ? lock_acquire+0x4ea/0x620
[ 2909.813531] ? rcu_read_unlock+0x40/0x40
[ 2909.813930] ? rcu_read_unlock+0x40/0x40
[ 2909.814325] ? rcu_read_lock_sched_held+0x12/0x80
[ 2909.814812] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2909.815419] ? do_raw_spin_lock+0x270/0x270
[ 2909.815842] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit]
[ 2909.816485] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 2909.817001] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2909.817534] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2909.818042] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2909.818550] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2909.819124] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2909.819616] kthread+0x2a7/0x350
[ 2909.819933] ? kthread_complete_and_exit+0x20/0x20
[ 2909.820414] ret_from_fork+0x22/0x30
[ 2909.820802]
[ 2909.821023]
[ 2909.821185] The buggy address belongs to the physical page:
[ 2909.821747] page:0000000025eacbed refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x156a4
[ 2909.822605] head:0000000025eacbed order:2 compound_mapcount:0 compound_pincount:0
[ 2909.823322] flags: 0xfffffc0010000(head|node=0|zone=1|lastcpupid=0x1fffff)
[ 2909.823991] raw: 000fffffc0010000 0000000000000000 dead000000000122 0000000000000000
[ 2909.824754] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[ 2909.825542] page dumped because: kasan: bad access detected
[ 2909.826100]
[ 2909.826263] Memory state around the buggy address:
[ 2909.826724] ffff8880156a5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2909.827401] ffff8880156a6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2909.828075] >ffff8880156a6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[ 2909.828794] ^
[ 2909.829427] ffff8880156a6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[ 2909.830124] ffff8880156a6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[ 2909.830823] ==================================================================
[ 2909.831555] ==================================================================
[ 2909.832247] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan]
[ 2909.833104] Write of size 1 at addr ffff8880156a60eb by task kunit_try_catch/117531
[ 2909.833860]
[ 2909.834024] CPU: 0 PID: 117531 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-243.1944_756456474.el9.x86_64+debug #1
[ 2909.835289] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2909.835871] Call Trace:
[ 2909.836116]
[ 2909.836333] ? krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan]
[ 2909.836906] dump_stack_lvl+0x57/0x81
[ 2909.837263] print_address_description.constprop.0+0x1f/0x1e0
[ 2909.837994] ? krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan]
[ 2909.838568] print_report.cold+0x5c/0x237
[ 2909.838954] kasan_report+0xc9/0x100
[ 2909.839321] ? krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan]
[ 2909.839984] krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan]
[ 2909.840597] ? krealloc_uaf+0x450/0x450 [test_kasan]
[ 2909.841107] ? rcu_read_lock_sched_held+0x12/0x80
[ 2909.841586] ? rcu_read_lock_sched_held+0x12/0x80
[ 2909.842057] ? lock_acquire+0x4ea/0x620
[ 2909.842433] ? rcu_read_unlock+0x40/0x40
[ 2909.842810] ? rcu_read_unlock+0x40/0x40
[ 2909.843187] ? rcu_read_lock_sched_held+0x12/0x80
[ 2909.843647] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2909.844173] ? do_raw_spin_lock+0x270/0x270
[ 2909.844603] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit]
[ 2909.845203] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 2909.845708] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2909.846208] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2909.846682] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2909.847160] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2909.847738] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2909.848226] kthread+0x2a7/0x350
[ 2909.848548] ? kthread_complete_and_exit+0x20/0x20
[ 2909.849008] ret_from_fork+0x22/0x30
[ 2909.849365]
[ 2909.849589]
[ 2909.849752] The buggy address belongs to the physical page:
[ 2909.850290] page:0000000025eacbed refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x156a4
[ 2909.851219] head:0000000025eacbed order:2 compound_mapcount:0 compound_pincount:0
[ 2909.851912] flags: 0xfffffc0010000(head|node=0|zone=1|lastcpupid=0x1fffff)
[ 2909.852579] raw: 000fffffc0010000 0000000000000000 dead000000000122 0000000000000000
[ 2909.853328] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[ 2909.854069] page dumped because: kasan: bad access detected
[ 2909.854644]
[ 2909.854838] Memory state around the buggy address:
[ 2909.855324] ffff8880156a5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2909.856048] ffff8880156a6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2909.856727] >ffff8880156a6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[ 2909.857404] ^
[ 2909.858019] ffff8880156a6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[ 2909.858722] ffff8880156a6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[ 2909.859411] ==================================================================
[ 2909.860681] ok 13 - krealloc_pagealloc_less_oob
[ 2909.866114] ==================================================================
[ 2909.867324] BUG: KASAN: use-after-free in krealloc_uaf+0x1c7/0x450 [test_kasan]
[ 2909.868140] Read of size 1 at addr ffff8880175f2a00 by task kunit_try_catch/117532
[ 2909.868847]
[ 2909.869011] CPU: 0 PID: 117532 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-243.1944_756456474.el9.x86_64+debug #1
[ 2909.870269] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2909.870855] Call Trace:
[ 2909.871101]
[ 2909.871380] ? krealloc_uaf+0x1c7/0x450 [test_kasan]
[ 2909.871934] dump_stack_lvl+0x57/0x81
[ 2909.872336] print_address_description.constprop.0+0x1f/0x1e0
[ 2909.872910] ? krealloc_uaf+0x1c7/0x450 [test_kasan]
[ 2909.873406] print_report.cold+0x5c/0x237
[ 2909.873827] kasan_report+0xc9/0x100
[ 2909.874201] ? krealloc_uaf+0x1c7/0x450 [test_kasan]
[ 2909.874768] ? krealloc_uaf+0x1c7/0x450 [test_kasan]
[ 2909.875278] __kasan_check_byte+0x36/0x50
[ 2909.875687] krealloc+0x2e/0xe0
[ 2909.876000] krealloc_uaf+0x1c7/0x450 [test_kasan]
[ 2909.876467] ? kmalloc_memmove_negative_size+0x290/0x290 [test_kasan]
[ 2909.877071] ? rcu_read_lock_sched_held+0x12/0x80
[ 2909.877569] ? rcu_read_lock_sched_held+0x12/0x80
[ 2909.878023] ? lock_acquire+0x4ea/0x620
[ 2909.878415] ? rcu_read_unlock+0x40/0x40
[ 2909.878821] ? rcu_read_unlock+0x40/0x40
[ 2909.879197] ? rcu_read_lock_sched_held+0x12/0x80
[ 2909.879656] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2909.880185] ? do_raw_spin_lock+0x270/0x270
[ 2909.880592] ? trace_hardirqs_on+0x2d/0x160
[ 2909.881008] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 2909.881507] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2909.882238] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2909.882829] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2909.883394] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2909.884038] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2909.884633] kthread+0x2a7/0x350
[ 2909.885019] ? kthread_complete_and_exit+0x20/0x20
[ 2909.885562] ret_from_fork+0x22/0x30
[ 2909.885935]
[ 2909.886157]
[ 2909.886339] Allocated by task 117532:
[ 2909.886763] kasan_save_stack+0x1e/0x40
[ 2909.887132] __kasan_kmalloc+0x81/0xa0
[ 2909.887543] krealloc_uaf+0xaa/0x450 [test_kasan]
[ 2909.888030] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2909.888521] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2909.889114] kthread+0x2a7/0x350
[ 2909.889435] ret_from_fork+0x22/0x30
[ 2909.889806]
[ 2909.890002] Freed by task 117532:
[ 2909.890346] kasan_save_stack+0x1e/0x40
[ 2909.890747] kasan_set_track+0x21/0x30
[ 2909.891126] kasan_set_free_info+0x20/0x40
[ 2909.891544] __kasan_slab_free+0x108/0x170
[ 2909.891955] slab_free_freelist_hook+0x11d/0x1d0
[ 2909.892423] kfree+0xe2/0x3c0
[ 2909.892722] krealloc_uaf+0x147/0x450 [test_kasan]
[ 2909.893178] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2909.893647] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2909.894220] kthread+0x2a7/0x350
[ 2909.894541] ret_from_fork+0x22/0x30
[ 2909.894889]
[ 2909.895051] Last potentially related work creation:
[ 2909.895536] kasan_save_stack+0x1e/0x40
[ 2909.895925] __kasan_record_aux_stack+0x96/0xb0
[ 2909.896363] kvfree_call_rcu+0x7d/0x840
[ 2909.896735] dma_resv_list_free.part.0+0xd4/0x130
[ 2909.897183] dma_resv_fini+0x38/0x50
[ 2909.897636] drm_gem_object_release+0x73/0x100 [drm]
[ 2909.898184] qxl_ttm_bo_destroy+0x17f/0x200 [qxl]
[ 2909.898704] ttm_bo_release+0x68b/0xbc0 [ttm]
[ 2909.899130] ttm_bo_delayed_delete+0x312/0x550 [ttm]
[ 2909.899634] ttm_device_delayed_workqueue+0x18/0x70 [ttm]
[ 2909.900166] process_one_work+0x8e5/0x1520
[ 2909.900563] worker_thread+0x59e/0xf90
[ 2909.900924] kthread+0x2a7/0x350
[ 2909.901242] ret_from_fork+0x22/0x30
[ 2909.901596]
[ 2909.901758] Second to last potentially related work creation:
[ 2909.902294] kasan_save_stack+0x1e/0x40
[ 2909.902667] __kasan_record_aux_stack+0x96/0xb0
[ 2909.903101] kvfree_call_rcu+0x7d/0x840
[ 2909.903521] dma_resv_list_free.part.0+0xd4/0x130
[ 2909.904006] dma_resv_fini+0x38/0x50
[ 2909.904396] drm_gem_object_release+0x73/0x100 [drm]
[ 2909.904949] qxl_ttm_bo_destroy+0x17f/0x200 [qxl]
[ 2909.905447] ttm_bo_release+0x68b/0xbc0 [ttm]
[ 2909.905942] ttm_bo_delayed_delete+0x312/0x550 [ttm]
[ 2909.906481] ttm_device_delayed_workqueue+0x18/0x70 [ttm]
[ 2909.907030] process_one_work+0x8e5/0x1520
[ 2909.907445] worker_thread+0x59e/0xf90
[ 2909.907832] kthread+0x2a7/0x350
[ 2909.908149] ret_from_fork+0x22/0x30
[ 2909.908501]
[ 2909.908665] The buggy address belongs to the object at ffff8880175f2a00
[ 2909.908665] which belongs to the cache kmalloc-256 of size 256
[ 2909.909810] The buggy address is located 0 bytes inside of
[ 2909.909810] 256-byte region [ffff8880175f2a00, ffff8880175f2b00)
[ 2909.911185]
[ 2909.911407] The buggy address belongs to the physical page:
[ 2909.911992] page:00000000d737701e refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x175f2
[ 2909.912979] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2909.913675] raw: 000fffffc0000200 ffffea00041ece00 dead000000000006 ffff888100041b40
[ 2909.914465] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000
[ 2909.915210] page dumped because: kasan: bad access detected
[ 2909.915775]
[ 2909.915937] Memory state around the buggy address:
[ 2909.916414] ffff8880175f2900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2909.917105] ffff8880175f2980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2909.917783] >ffff8880175f2a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 2909.918483] ^
[ 2909.918825] ffff8880175f2a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 2909.919545] ffff8880175f2b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2909.920251] ==================================================================
[ 2909.921078] ==================================================================
[ 2909.921760] BUG: KASAN: use-after-free in krealloc_uaf+0x42e/0x450 [test_kasan]
[ 2909.922522] Read of size 1 at addr ffff8880175f2a00 by task kunit_try_catch/117532
[ 2909.923248]
[ 2909.923434] CPU: 0 PID: 117532 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-243.1944_756456474.el9.x86_64+debug #1
[ 2909.924928] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2909.925564] Call Trace:
[ 2909.925823]
[ 2909.926061] ? krealloc_uaf+0x42e/0x450 [test_kasan]
[ 2909.926591] dump_stack_lvl+0x57/0x81
[ 2909.926983] print_address_description.constprop.0+0x1f/0x1e0
[ 2909.927737] ? krealloc_uaf+0x42e/0x450 [test_kasan]
[ 2909.928246] print_report.cold+0x5c/0x237
[ 2909.928640] kasan_report+0xc9/0x100
[ 2909.928989] ? krealloc_uaf+0x42e/0x450 [test_kasan]
[ 2909.929473] krealloc_uaf+0x42e/0x450 [test_kasan]
[ 2909.929939] ? kmalloc_memmove_negative_size+0x290/0x290 [test_kasan]
[ 2909.930546] ? rcu_read_lock_sched_held+0x12/0x80
[ 2909.930998] ? rcu_read_lock_sched_held+0x12/0x80
[ 2909.931489] ? lock_acquire+0x4ea/0x620
[ 2909.931911] ? rcu_read_unlock+0x40/0x40
[ 2909.932290] ? rcu_read_unlock+0x40/0x40
[ 2909.932672] ? rcu_read_lock_sched_held+0x12/0x80
[ 2909.933125] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2909.933656] ? do_raw_spin_lock+0x270/0x270
[ 2909.934056] ? kunit_ptr_not_err_assert_format+0x210/0x210 [kunit]
[ 2909.934670] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 2909.935164] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2909.935677] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2909.936161] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2909.936648] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2909.937224] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2909.937715] kthread+0x2a7/0x350
[ 2909.938057] ? kthread_complete_and_exit+0x20/0x20
[ 2909.938537] ret_from_fork+0x22/0x30
[ 2909.938894]
[ 2909.939134]
[ 2909.939295] Allocated by task 117532:
[ 2909.939677] kasan_save_stack+0x1e/0x40
[ 2909.940062] __kasan_kmalloc+0x81/0xa0
[ 2909.940429] krealloc_uaf+0xaa/0x450 [test_kasan]
[ 2909.940883] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2909.941351] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2909.941926] kthread+0x2a7/0x350
[ 2909.942242] ret_from_fork+0x22/0x30
[ 2909.942594]
[ 2909.942757] Freed by task 117532:
[ 2909.943081] kasan_save_stack+0x1e/0x40
[ 2909.943480] kasan_set_track+0x21/0x30
[ 2909.943863] kasan_set_free_info+0x20/0x40
[ 2909.944253] __kasan_slab_free+0x108/0x170
[ 2909.944687] slab_free_freelist_hook+0x11d/0x1d0
[ 2909.945128] kfree+0xe2/0x3c0
[ 2909.945430] krealloc_uaf+0x147/0x450 [test_kasan]
[ 2909.945887] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2909.946357] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2909.946932] kthread+0x2a7/0x350
[ 2909.947250] ret_from_fork+0x22/0x30
[ 2909.947627]
[ 2909.947808] Last potentially related work creation:
[ 2909.948265] kasan_save_stack+0x1e/0x40
[ 2909.948638] __kasan_record_aux_stack+0x96/0xb0
[ 2909.949071] kvfree_call_rcu+0x7d/0x840
[ 2909.949443] dma_resv_list_free.part.0+0xd4/0x130
[ 2909.949891] dma_resv_fini+0x38/0x50
[ 2909.950237] drm_gem_object_release+0x73/0x100 [drm]
[ 2909.950773] qxl_ttm_bo_destroy+0x17f/0x200 [qxl]
[ 2909.951241] ttm_bo_release+0x68b/0xbc0 [ttm]
[ 2909.951697] ttm_bo_delayed_delete+0x312/0x550 [ttm]
[ 2909.952188] ttm_device_delayed_workqueue+0x18/0x70 [ttm]
[ 2909.952706] process_one_work+0x8e5/0x1520
[ 2909.953097] worker_thread+0x59e/0xf90
[ 2909.953465] kthread+0x2a7/0x350
[ 2909.953782] ret_from_fork+0x22/0x30
[ 2909.954128]
[ 2909.954291] Second to last potentially related work creation:
[ 2909.954835] kasan_save_stack+0x1e/0x40
[ 2909.955202] __kasan_record_aux_stack+0x96/0xb0
[ 2909.955665] kvfree_call_rcu+0x7d/0x840
[ 2909.956052] dma_resv_list_free.part.0+0xd4/0x130
[ 2909.956507] dma_resv_fini+0x38/0x50
[ 2909.956855] drm_gem_object_release+0x73/0x100 [drm]
[ 2909.957402] qxl_ttm_bo_destroy+0x17f/0x200 [qxl]
[ 2909.957968] ttm_bo_release+0x68b/0xbc0 [ttm]
[ 2909.958399] ttm_bo_delayed_delete+0x312/0x550 [ttm]
[ 2909.958874] ttm_device_delayed_workqueue+0x18/0x70 [ttm]
[ 2909.959407] process_one_work+0x8e5/0x1520
[ 2909.959824] worker_thread+0x59e/0xf90
[ 2909.960184] kthread+0x2a7/0x350
[ 2909.960504] ret_from_fork+0x22/0x30
[ 2909.960851]
[ 2909.961014] The buggy address belongs to the object at ffff8880175f2a00
[ 2909.961014] which belongs to the cache kmalloc-256 of size 256
[ 2909.962150] The buggy address is located 0 bytes inside of
[ 2909.962150] 256-byte region [ffff8880175f2a00, ffff8880175f2b00)
[ 2909.963251]
[ 2909.963445] The buggy address belongs to the physical page:
[ 2909.964005] page:00000000d737701e refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x175f2
[ 2909.964931] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2909.965573] raw: 000fffffc0000200 ffffea00041ece00 dead000000000006 ffff888100041b40
[ 2909.966288] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000
[ 2909.967046] page dumped because: kasan: bad access detected
[ 2909.967595]
[ 2909.967776] Memory state around the buggy address:
[ 2909.968231] ffff8880175f2900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2909.968909] ffff8880175f2980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2909.969584] >ffff8880175f2a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 2909.970253] ^
[ 2909.970574] ffff8880175f2a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 2909.971245] ffff8880175f2b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2909.971962] ==================================================================
[ 2909.972946] ok 14 - krealloc_uaf
[ 2909.979298] ==================================================================
[ 2909.980421] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x399/0x3b0 [test_kasan]
[ 2909.981177] Write of size 16 at addr ffff88808f8fe5e0 by task kunit_try_catch/117533
[ 2909.982069]
[ 2909.982290] CPU: 0 PID: 117533 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-243.1944_756456474.el9.x86_64+debug #1
[ 2909.983769] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2909.984394] Call Trace:
[ 2909.984657]
[ 2909.984902] ? kmalloc_oob_16+0x399/0x3b0 [test_kasan]
[ 2909.985414] dump_stack_lvl+0x57/0x81
[ 2909.985797] print_address_description.constprop.0+0x1f/0x1e0
[ 2909.986341] ? kmalloc_oob_16+0x399/0x3b0 [test_kasan]
[ 2909.986874] print_report.cold+0x5c/0x237
[ 2909.987264] kasan_report+0xc9/0x100
[ 2909.987816] ? kmalloc_oob_16+0x399/0x3b0 [test_kasan]
[ 2909.988387] kmalloc_oob_16+0x399/0x3b0 [test_kasan]
[ 2909.988886] ? kmalloc_uaf_16+0x3b0/0x3b0 [test_kasan]
[ 2909.989380] ? do_raw_spin_trylock+0xb5/0x180
[ 2909.989802] ? do_raw_spin_lock+0x270/0x270
[ 2909.990219] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2909.990910] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 2909.991510] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2909.992052] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2909.992594] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2909.993129] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2909.993809] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2909.994299] kthread+0x2a7/0x350
[ 2909.994675] ? kthread_complete_and_exit+0x20/0x20
[ 2909.995166] ret_from_fork+0x22/0x30
[ 2909.995548]
[ 2909.995790]
[ 2909.995953] Allocated by task 117533:
[ 2909.996307] kasan_save_stack+0x1e/0x40
[ 2909.996708] __kasan_kmalloc+0x81/0xa0
[ 2909.997084] kmalloc_oob_16+0xa4/0x3b0 [test_kasan]
[ 2909.997573] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2909.998057] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2909.998659] kthread+0x2a7/0x350
[ 2909.998989] ret_from_fork+0x22/0x30
[ 2909.999337]
[ 2909.999504] The buggy address belongs to the object at ffff88808f8fe5e0
[ 2909.999504] which belongs to the cache kmalloc-16 of size 16
[ 2910.000653] The buggy address is located 0 bytes inside of
[ 2910.000653] 16-byte region [ffff88808f8fe5e0, ffff88808f8fe5f0)
[ 2910.001725]
[ 2910.001888] The buggy address belongs to the physical page:
[ 2910.002482] page:000000005df17624 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8f8fe
[ 2910.003356] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2910.003997] raw: 000fffffc0000200 ffffea0002417140 dead000000000002 ffff8881000413c0
[ 2910.004764] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000
[ 2910.005486] page dumped because: kasan: bad access detected
[ 2910.006006]
[ 2910.006169] Memory state around the buggy address:
[ 2910.006627] ffff88808f8fe480: fb fb fc fc 00 00 fc fc 00 00 fc fc fb fb fc fc
[ 2910.007299] ffff88808f8fe500: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[ 2910.008009] >ffff88808f8fe580: fa fb fc fc fb fb fc fc 00 00 fc fc 00 05 fc fc
[ 2910.008716] ^
[ 2910.009345] ffff88808f8fe600: fb fb fc fc fb fb fc fc fb fb fc fc 00 00 fc fc
[ 2910.010020] ffff88808f8fe680: fb fb fc fc fb fb fc fc 00 00 fc fc fb fb fc fc
[ 2910.010763] ==================================================================
[ 2910.012441] ok 15 - kmalloc_oob_16
[ 2910.017622] ==================================================================
[ 2910.018763] BUG: KASAN: use-after-free in kmalloc_uaf_16+0x38a/0x3b0 [test_kasan]
[ 2910.019472] Read of size 16 at addr ffff88808f8fea00 by task kunit_try_catch/117534
[ 2910.020182]
[ 2910.020345] CPU: 0 PID: 117534 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-243.1944_756456474.el9.x86_64+debug #1
[ 2910.021641] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2910.022218] Call Trace:
[ 2910.022489]
[ 2910.022715] ? kmalloc_uaf_16+0x38a/0x3b0 [test_kasan]
[ 2910.023236] dump_stack_lvl+0x57/0x81
[ 2910.023649] print_address_description.constprop.0+0x1f/0x1e0
[ 2910.024372] ? kmalloc_uaf_16+0x38a/0x3b0 [test_kasan]
[ 2910.024998] print_report.cold+0x5c/0x237
[ 2910.025441] kasan_report+0xc9/0x100
[ 2910.025852] ? kmalloc_uaf_16+0x38a/0x3b0 [test_kasan]
[ 2910.026421] kmalloc_uaf_16+0x38a/0x3b0 [test_kasan]
[ 2910.026961] ? kmalloc_uaf+0x2b0/0x2b0 [test_kasan]
[ 2910.027499] ? do_raw_spin_trylock+0xb5/0x180
[ 2910.027961] ? do_raw_spin_lock+0x270/0x270
[ 2910.028385] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2910.028934] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 2910.029434] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2910.029941] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2910.030432] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2910.030941] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2910.031528] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2910.032043] kthread+0x2a7/0x350
[ 2910.032381] ? kthread_complete_and_exit+0x20/0x20
[ 2910.032842] ret_from_fork+0x22/0x30
[ 2910.033195]
[ 2910.033441]
[ 2910.033610] Allocated by task 117534:
[ 2910.033978] kasan_save_stack+0x1e/0x40
[ 2910.034355] __kasan_kmalloc+0x81/0xa0
[ 2910.034716] kmalloc_uaf_16+0x15d/0x3b0 [test_kasan]
[ 2910.035189] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2910.035686] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2910.036279] kthread+0x2a7/0x350
[ 2910.036603] ret_from_fork+0x22/0x30
[ 2910.036951]
[ 2910.037114] Freed by task 117534:
[ 2910.037462] kasan_save_stack+0x1e/0x40
[ 2910.037851] kasan_set_track+0x21/0x30
[ 2910.038233] kasan_set_free_info+0x20/0x40
[ 2910.038653] __kasan_slab_free+0x108/0x170
[ 2910.039045] slab_free_freelist_hook+0x11d/0x1d0
[ 2910.039511] kfree+0xe2/0x3c0
[ 2910.039829] kmalloc_uaf_16+0x1e8/0x3b0 [test_kasan]
[ 2910.040304] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2910.040806] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2910.041417] kthread+0x2a7/0x350
[ 2910.041758] ret_from_fork+0x22/0x30
[ 2910.042108]
[ 2910.042286] The buggy address belongs to the object at ffff88808f8fea00
[ 2910.042286] which belongs to the cache kmalloc-16 of size 16
[ 2910.043435] The buggy address is located 0 bytes inside of
[ 2910.043435] 16-byte region [ffff88808f8fea00, ffff88808f8fea10)
[ 2910.044517]
[ 2910.044680] The buggy address belongs to the physical page:
[ 2910.045203] page:000000005df17624 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8f8fe
[ 2910.046097] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2910.046784] raw: 000fffffc0000200 ffffea0002417140 dead000000000002 ffff8881000413c0
[ 2910.047712] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000
[ 2910.048484] page dumped because: kasan: bad access detected
[ 2910.049006]
[ 2910.049168] Memory state around the buggy address:
[ 2910.049627] ffff88808f8fe900: fa fb fc fc fb fb fc fc fa fb fc fc 00 00 fc fc
[ 2910.050297] ffff88808f8fe980: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[ 2910.051014] >ffff88808f8fea00: fa fb fc fc fb fb fc fc fb fb fc fc 00 00 fc fc
[ 2910.051719] ^
[ 2910.052052] ffff88808f8fea80: fb fb fc fc fb fb fc fc fa fb fc fc fb fb fc fc
[ 2910.052730] ffff88808f8feb00: 00 00 fc fc 00 00 fc fc fb fb fc fc 00 00 fc fc
[ 2910.053408] ==================================================================
[ 2910.054593] ok 16 - kmalloc_uaf_16
[ 2910.056251] ==================================================================
[ 2910.057365] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x1b3/0x280 [test_kasan]
[ 2910.058156] Write of size 128 at addr ffff88800343b700 by task kunit_try_catch/117535
[ 2910.058887]
[ 2910.059051] CPU: 0 PID: 117535 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-243.1944_756456474.el9.x86_64+debug #1
[ 2910.060354] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2910.060895] Call Trace:
[ 2910.061140]
[ 2910.061359] ? kmalloc_oob_in_memset+0x1b3/0x280 [test_kasan]
[ 2910.061948] dump_stack_lvl+0x57/0x81
[ 2910.062306] print_address_description.constprop.0+0x1f/0x1e0
[ 2910.062855] ? kmalloc_oob_in_memset+0x1b3/0x280 [test_kasan]
[ 2910.063402] print_report.cold+0x5c/0x237
[ 2910.063790] kasan_report+0xc9/0x100
[ 2910.064139] ? kmalloc_oob_in_memset+0x1b3/0x280 [test_kasan]
[ 2910.064687] kasan_check_range+0xfd/0x1e0
[ 2910.065074] memset+0x20/0x50
[ 2910.065415] kmalloc_oob_in_memset+0x1b3/0x280 [test_kasan]
[ 2910.066006] ? kmalloc_oob_memset_2+0x290/0x290 [test_kasan]
[ 2910.066555] ? do_raw_spin_trylock+0xb5/0x180
[ 2910.066975] ? do_raw_spin_lock+0x270/0x270
[ 2910.067380] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2910.067902] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 2910.068400] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2910.068905] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2910.069413] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2910.069941] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2910.070596] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2910.071130] kthread+0x2a7/0x350
[ 2910.071477] ? kthread_complete_and_exit+0x20/0x20
[ 2910.071956] ret_from_fork+0x22/0x30
[ 2910.072312]
[ 2910.072539]
[ 2910.072701] Allocated by task 117535:
[ 2910.073055] kasan_save_stack+0x1e/0x40
[ 2910.073448] __kasan_kmalloc+0x81/0xa0
[ 2910.073836] kmalloc_oob_in_memset+0x9c/0x280 [test_kasan]
[ 2910.074356] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2910.074823] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2910.075417] kthread+0x2a7/0x350
[ 2910.075759] ret_from_fork+0x22/0x30
[ 2910.076104]
[ 2910.076266] Last potentially related work creation:
[ 2910.076741] kasan_save_stack+0x1e/0x40
[ 2910.077113] __kasan_record_aux_stack+0x96/0xb0
[ 2910.077680] kvfree_call_rcu+0x7d/0x840
[ 2910.078086] drop_sysctl_table+0x338/0x460
[ 2910.078505] unregister_sysctl_table+0x9c/0x180
[ 2910.078958] devinet_exit_net+0x6d/0x270
[ 2910.079370] ops_exit_list+0x9c/0x170
[ 2910.079764] cleanup_net+0x42b/0x9a0
[ 2910.080139] process_one_work+0x8e5/0x1520
[ 2910.080536] worker_thread+0x59e/0xf90
[ 2910.080898] kthread+0x2a7/0x350
[ 2910.081221] ret_from_fork+0x22/0x30
[ 2910.081712]
[ 2910.081908] The buggy address belongs to the object at ffff88800343b700
[ 2910.081908] which belongs to the cache kmalloc-128 of size 128
[ 2910.083235] The buggy address is located 0 bytes inside of
[ 2910.083235] 128-byte region [ffff88800343b700, ffff88800343b780)
[ 2910.084495]
[ 2910.084692] The buggy address belongs to the physical page:
[ 2910.085271] page:000000001dc6f57c refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x343b
[ 2910.086179] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2910.086863] raw: 000fffffc0000200 ffffea0000b9d6c0 dead000000000005 ffff8881000418c0
[ 2910.087586] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[ 2910.088321] page dumped because: kasan: bad access detected
[ 2910.088913]
[ 2910.089075] Memory state around the buggy address:
[ 2910.089558] ffff88800343b600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc
[ 2910.090249] ffff88800343b680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2910.090968] >ffff88800343b700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[ 2910.091672] ^
[ 2910.092359] ffff88800343b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2910.093033] ffff88800343b800: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc
[ 2910.093756] ==================================================================
[ 2910.094794] ok 17 - kmalloc_oob_in_memset
[ 2910.101759] ==================================================================
[ 2910.102917] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x1b6/0x290 [test_kasan]
[ 2910.103737] Write of size 2 at addr ffff88802e75bd77 by task kunit_try_catch/117536
[ 2910.104471]
[ 2910.104639] CPU: 0 PID: 117536 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-243.1944_756456474.el9.x86_64+debug #1
[ 2910.105912] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2910.106455] Call Trace:
[ 2910.106699]
[ 2910.106914] ? kmalloc_oob_memset_2+0x1b6/0x290 [test_kasan]
[ 2910.107551] dump_stack_lvl+0x57/0x81
[ 2910.107936] print_address_description.constprop.0+0x1f/0x1e0
[ 2910.108510] ? kmalloc_oob_memset_2+0x1b6/0x290 [test_kasan]
[ 2910.109076] print_report.cold+0x5c/0x237
[ 2910.109467] kasan_report+0xc9/0x100
[ 2910.109815] ? kmalloc_oob_memset_2+0x1b6/0x290 [test_kasan]
[ 2910.110355] kasan_check_range+0xfd/0x1e0
[ 2910.110744] memset+0x20/0x50
[ 2910.111041] kmalloc_oob_memset_2+0x1b6/0x290 [test_kasan]
[ 2910.111561] ? kmalloc_oob_memset_4+0x290/0x290 [test_kasan]
[ 2910.112094] ? do_raw_spin_trylock+0xb5/0x180
[ 2910.112543] ? do_raw_spin_lock+0x270/0x270
[ 2910.112967] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2910.113500] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 2910.113974] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2910.114480] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2910.114978] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2910.115464] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2910.116036] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2910.116548] kthread+0x2a7/0x350
[ 2910.116886] ? kthread_complete_and_exit+0x20/0x20
[ 2910.117344] ret_from_fork+0x22/0x30
[ 2910.117705]
[ 2910.117927]
[ 2910.118090] Allocated by task 117536:
[ 2910.118446] kasan_save_stack+0x1e/0x40
[ 2910.118813] __kasan_kmalloc+0x81/0xa0
[ 2910.119171] kmalloc_oob_memset_2+0x9c/0x290 [test_kasan]
[ 2910.119682] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2910.120145] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2910.120764] kthread+0x2a7/0x350
[ 2910.121080] ret_from_fork+0x22/0x30
[ 2910.121433]
[ 2910.121596] The buggy address belongs to the object at ffff88802e75bd00
[ 2910.121596] which belongs to the cache kmalloc-128 of size 128
[ 2910.122776] The buggy address is located 119 bytes inside of
[ 2910.122776] 128-byte region [ffff88802e75bd00, ffff88802e75bd80)
[ 2910.123853]
[ 2910.124016] The buggy address belongs to the physical page:
[ 2910.124580] page:00000000aa70acbf refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2e75b
[ 2910.125473] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2910.126138] raw: 000fffffc0000200 ffffea00005ea400 dead000000000004 ffff8881000418c0
[ 2910.126857] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[ 2910.127620] page dumped because: kasan: bad access detected
[ 2910.128140]
[ 2910.128301] Memory state around the buggy address:
[ 2910.128801] ffff88802e75bc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 2910.129478] ffff88802e75bc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2910.130174] >ffff88802e75bd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[ 2910.130950] ^
[ 2910.131644] ffff88802e75bd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2910.132373] ffff88802e75be00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 2910.133081] ==================================================================
[ 2910.133814] ok 18 - kmalloc_oob_memset_2
[ 2910.135218] ==================================================================
[ 2910.136405] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x1b6/0x290 [test_kasan]
[ 2910.137203] Write of size 4 at addr ffff888017a90075 by task kunit_try_catch/117537
[ 2910.138076]
[ 2910.138238] CPU: 0 PID: 117537 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-243.1944_756456474.el9.x86_64+debug #1
[ 2910.139546] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2910.140087] Call Trace:
[ 2910.140332]
[ 2910.140555] ? kmalloc_oob_memset_4+0x1b6/0x290 [test_kasan]
[ 2910.141092] dump_stack_lvl+0x57/0x81
[ 2910.141498] print_address_description.constprop.0+0x1f/0x1e0
[ 2910.142078] ? kmalloc_oob_memset_4+0x1b6/0x290 [test_kasan]
[ 2910.142618] print_report.cold+0x5c/0x237
[ 2910.143002] kasan_report+0xc9/0x100
[ 2910.143356] ? kmalloc_oob_memset_4+0x1b6/0x290 [test_kasan]
[ 2910.143895] kasan_check_range+0xfd/0x1e0
[ 2910.144277] memset+0x20/0x50
[ 2910.144602] kmalloc_oob_memset_4+0x1b6/0x290 [test_kasan]
[ 2910.145143] ? kmalloc_oob_memset_8+0x290/0x290 [test_kasan]
[ 2910.145710] ? do_raw_spin_trylock+0xb5/0x180
[ 2910.146144] ? do_raw_spin_lock+0x270/0x270
[ 2910.146551] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2910.147076] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 2910.147554] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2910.148036] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2910.148527] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2910.149031] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2910.149633] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2910.150136] kthread+0x2a7/0x350
[ 2910.150461] ? kthread_complete_and_exit+0x20/0x20
[ 2910.150920] ret_from_fork+0x22/0x30
[ 2910.151293]
[ 2910.151522]
[ 2910.151685] Allocated by task 117537:
[ 2910.152037] kasan_save_stack+0x1e/0x40
[ 2910.152412] __kasan_kmalloc+0x81/0xa0
[ 2910.152780] kmalloc_oob_memset_4+0x9c/0x290 [test_kasan]
[ 2910.153289] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2910.153799] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2910.154375] kthread+0x2a7/0x350
[ 2910.154691] ret_from_fork+0x22/0x30
[ 2910.155037]
[ 2910.155197] The buggy address belongs to the object at ffff888017a90000
[ 2910.155197] which belongs to the cache kmalloc-128 of size 128
[ 2910.156333] The buggy address is located 117 bytes inside of
[ 2910.156333] 128-byte region [ffff888017a90000, ffff888017a90080)
[ 2910.157423]
[ 2910.157592] The buggy address belongs to the physical page:
[ 2910.158127] page:00000000be6bc071 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x17a90
[ 2910.158983] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2910.159627] raw: 000fffffc0000200 ffffea00003b7440 dead000000000003 ffff8881000418c0
[ 2910.160342] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[ 2910.161103] page dumped because: kasan: bad access detected
[ 2910.161652]
[ 2910.161831] Memory state around the buggy address:
[ 2910.162289] ffff888017a8ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2910.162966] ffff888017a8ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2910.163643] >ffff888017a90000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[ 2910.164358] ^
[ 2910.165020] ffff888017a90080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2910.165721] ffff888017a90100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 2910.166409] ==================================================================
[ 2910.167236] ok 19 - kmalloc_oob_memset_4
[ 2910.168703] ==================================================================
[ 2910.169859] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x1b6/0x290 [test_kasan]
[ 2910.170638] Write of size 8 at addr ffff888017a90e71 by task kunit_try_catch/117538
[ 2910.171347]
[ 2910.171517] CPU: 0 PID: 117538 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-243.1944_756456474.el9.x86_64+debug #1
[ 2910.172816] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2910.173374] Call Trace:
[ 2910.173626]
[ 2910.173858] ? kmalloc_oob_memset_8+0x1b6/0x290 [test_kasan]
[ 2910.174417] dump_stack_lvl+0x57/0x81
[ 2910.174802] print_address_description.constprop.0+0x1f/0x1e0
[ 2910.175366] ? kmalloc_oob_memset_8+0x1b6/0x290 [test_kasan]
[ 2910.175905] print_report.cold+0x5c/0x237
[ 2910.176288] kasan_report+0xc9/0x100
[ 2910.176641] ? kmalloc_oob_memset_8+0x1b6/0x290 [test_kasan]
[ 2910.177177] kasan_check_range+0xfd/0x1e0
[ 2910.177591] memset+0x20/0x50
[ 2910.177929] kmalloc_oob_memset_8+0x1b6/0x290 [test_kasan]
[ 2910.178451] ? kmalloc_oob_memset_16+0x290/0x290 [test_kasan]
[ 2910.178996] ? do_raw_spin_trylock+0xb5/0x180
[ 2910.179420] ? do_raw_spin_lock+0x270/0x270
[ 2910.179820] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2910.180342] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 2910.180819] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2910.181298] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2910.181936] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2910.182559] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2910.183190] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2910.183784] kthread+0x2a7/0x350
[ 2910.184130] ? kthread_complete_and_exit+0x20/0x20
[ 2910.184699] ret_from_fork+0x22/0x30
[ 2910.185052]
[ 2910.185276]
[ 2910.185461] Allocated by task 117538:
[ 2910.185840] kasan_save_stack+0x1e/0x40
[ 2910.186208] __kasan_kmalloc+0x81/0xa0
[ 2910.186597] kmalloc_oob_memset_8+0x9c/0x290 [test_kasan]
[ 2910.187122] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2910.187616] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2910.188209] kthread+0x2a7/0x350
[ 2910.188553] ret_from_fork+0x22/0x30
[ 2910.188944]
[ 2910.189123] The buggy address belongs to the object at ffff888017a90e00
[ 2910.189123] which belongs to the cache kmalloc-128 of size 128
[ 2910.190306] The buggy address is located 113 bytes inside of
[ 2910.190306] 128-byte region [ffff888017a90e00, ffff888017a90e80)
[ 2910.191499]
[ 2910.191669] The buggy address belongs to the physical page:
[ 2910.192203] page:00000000be6bc071 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x17a90
[ 2910.193061] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2910.193752] raw: 000fffffc0000200 ffffea00003b7440 dead000000000003 ffff8881000418c0
[ 2910.194477] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[ 2910.195192] page dumped because: kasan: bad access detected
[ 2910.195718]
[ 2910.195880] Memory state around the buggy address:
[ 2910.196336] ffff888017a90d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 2910.197014] ffff888017a90d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2910.197826] >ffff888017a90e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[ 2910.198519] ^
[ 2910.199187] ffff888017a90e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2910.199865] ffff888017a90f00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 2910.200542] ==================================================================
[ 2910.201452] ok 20 - kmalloc_oob_memset_8
[ 2910.203327] ==================================================================
[ 2910.204488] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x1b6/0x290 [test_kasan]
[ 2910.205341] Write of size 16 at addr ffff888017a90c69 by task kunit_try_catch/117539
[ 2910.206062]
[ 2910.206226] CPU: 0 PID: 117539 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-243.1944_756456474.el9.x86_64+debug #1
[ 2910.207533] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2910.208075] Call Trace:
[ 2910.208319]
[ 2910.208560] ? kmalloc_oob_memset_16+0x1b6/0x290 [test_kasan]
[ 2910.209126] dump_stack_lvl+0x57/0x81
[ 2910.209488] print_address_description.constprop.0+0x1f/0x1e0
[ 2910.210051] ? kmalloc_oob_memset_16+0x1b6/0x290 [test_kasan]
[ 2910.210704] print_report.cold+0x5c/0x237
[ 2910.211093] kasan_report+0xc9/0x100
[ 2910.211448] ? kmalloc_oob_memset_16+0x1b6/0x290 [test_kasan]
[ 2910.211987] kasan_check_range+0xfd/0x1e0
[ 2910.212393] memset+0x20/0x50
[ 2910.212701] kmalloc_oob_memset_16+0x1b6/0x290 [test_kasan]
[ 2910.213243] ? kmalloc_uaf_memset+0x280/0x280 [test_kasan]
[ 2910.213767] ? do_raw_spin_trylock+0xb5/0x180
[ 2910.214185] ? do_raw_spin_lock+0x270/0x270
[ 2910.214615] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2910.215155] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 2910.215635] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2910.216117] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2910.216613] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2910.217114] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2910.217694] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2910.218182] kthread+0x2a7/0x350
[ 2910.218524] ? kthread_complete_and_exit+0x20/0x20
[ 2910.219003] ret_from_fork+0x22/0x30
[ 2910.219362]
[ 2910.219585]
[ 2910.219749] Allocated by task 117539:
[ 2910.220100] kasan_save_stack+0x1e/0x40
[ 2910.220500] __kasan_kmalloc+0x81/0xa0
[ 2910.220907] kmalloc_oob_memset_16+0x9c/0x290 [test_kasan]
[ 2910.221431] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2910.221895] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2910.222490] kthread+0x2a7/0x350
[ 2910.222826] ret_from_fork+0x22/0x30
[ 2910.223171]
[ 2910.223355] The buggy address belongs to the object at ffff888017a90c00
[ 2910.223355] which belongs to the cache kmalloc-128 of size 128
[ 2910.224534] The buggy address is located 105 bytes inside of
[ 2910.224534] 128-byte region [ffff888017a90c00, ffff888017a90c80)
[ 2910.225666]
[ 2910.225849] The buggy address belongs to the physical page:
[ 2910.226412] page:00000000be6bc071 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x17a90
[ 2910.227286] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2910.228065] raw: 000fffffc0000200 ffffea00003b7440 dead000000000003 ffff8881000418c0
[ 2910.228848] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[ 2910.229573] page dumped because: kasan: bad access detected
[ 2910.230094]
[ 2910.230255] Memory state around the buggy address:
[ 2910.230753] ffff888017a90b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 2910.231453] ffff888017a90b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2910.232141] >ffff888017a90c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[ 2910.232906] ^
[ 2910.233574] ffff888017a90c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2910.234252] ffff888017a90d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 2910.234982] ==================================================================
[ 2910.235675] ok 21 - kmalloc_oob_memset_16
[ 2910.237498] ==================================================================
[ 2910.238651] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0x1c4/0x290 [test_kasan]
[ 2910.239522] Read of size 18446744073709551614 at addr ffff88802e42a084 by task kunit_try_catch/117540
[ 2910.240380]
[ 2910.240543] CPU: 0 PID: 117540 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-243.1944_756456474.el9.x86_64+debug #1
[ 2910.241806] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2910.242354] Call Trace:
[ 2910.242599]
[ 2910.242816] ? kmalloc_memmove_negative_size+0x1c4/0x290 [test_kasan]
[ 2910.243440] dump_stack_lvl+0x57/0x81
[ 2910.243824] print_address_description.constprop.0+0x1f/0x1e0
[ 2910.244374] ? kmalloc_memmove_negative_size+0x1c4/0x290 [test_kasan]
[ 2910.244974] print_report.cold+0x5c/0x237
[ 2910.245364] kasan_report+0xc9/0x100
[ 2910.245717] ? kmalloc_memmove_negative_size+0x1c4/0x290 [test_kasan]
[ 2910.246320] kasan_check_range+0xfd/0x1e0
[ 2910.246708] memmove+0x20/0x60
[ 2910.247014] kmalloc_memmove_negative_size+0x1c4/0x290 [test_kasan]
[ 2910.247632] ? kmalloc_memmove_invalid_size+0x2a0/0x2a0 [test_kasan]
[ 2910.248251] ? do_raw_spin_trylock+0xb5/0x180
[ 2910.248679] ? do_raw_spin_lock+0x270/0x270
[ 2910.249081] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2910.249610] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 2910.250086] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2910.250600] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2910.251090] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2910.251601] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2910.252196] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2910.252690] kthread+0x2a7/0x350
[ 2910.253010] ? kthread_complete_and_exit+0x20/0x20
[ 2910.253474] ret_from_fork+0x22/0x30
[ 2910.253827]
[ 2910.254049]
[ 2910.254211] Allocated by task 117540:
[ 2910.254589] kasan_save_stack+0x1e/0x40
[ 2910.254961] __kasan_kmalloc+0x81/0xa0
[ 2910.255340] kmalloc_memmove_negative_size+0x9c/0x290 [test_kasan]
[ 2910.256034] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2910.256505] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2910.257081] kthread+0x2a7/0x350
[ 2910.257427] ret_from_fork+0x22/0x30
[ 2910.257876]
[ 2910.258040] Last potentially related work creation:
[ 2910.258508] kasan_save_stack+0x1e/0x40
[ 2910.258877] __kasan_record_aux_stack+0x96/0xb0
[ 2910.259309] kvfree_call_rcu+0x7d/0x840
[ 2910.259705] dma_resv_reserve_fences+0x35d/0x680
[ 2910.260163] ttm_eu_reserve_buffers+0x42c/0x1070 [ttm]
[ 2910.260686] qxl_release_reserve_list+0xe5/0x320 [qxl]
[ 2910.261191] qxl_draw_dirty_fb+0x40e/0x1c70 [qxl]
[ 2910.261649] qxl_framebuffer_surface_dirty+0x307/0x610 [qxl]
[ 2910.262190] drm_fb_helper_damage_work+0x537/0x8c0 [drm_kms_helper]
[ 2910.262807] process_one_work+0x8e5/0x1520
[ 2910.263213] worker_thread+0x59e/0xf90
[ 2910.263604] kthread+0x2a7/0x350
[ 2910.263941] ret_from_fork+0x22/0x30
[ 2910.264290]
[ 2910.264474] Second to last potentially related work creation:
[ 2910.265054] kasan_save_stack+0x1e/0x40
[ 2910.265396] __kasan_record_aux_stack+0x96/0xb0
[ 2910.265793] kvfree_call_rcu+0x7d/0x840
[ 2910.266131] dma_resv_fini+0x38/0x50
[ 2910.266508] drm_gem_object_release+0x73/0x100 [drm]
[ 2910.267031] qxl_ttm_bo_destroy+0x17f/0x200 [qxl]
[ 2910.267510] ttm_bo_release+0x68b/0xbc0 [ttm]
[ 2910.267955] ttm_bo_delayed_delete+0x312/0x550 [ttm]
[ 2910.268437] ttm_device_delayed_workqueue+0x18/0x70 [ttm]
[ 2910.268951] process_one_work+0x8e5/0x1520
[ 2910.269363] worker_thread+0x59e/0xf90
[ 2910.269749] kthread+0x2a7/0x350
[ 2910.270066] ret_from_fork+0x22/0x30
[ 2910.270439]
[ 2910.270607] The buggy address belongs to the object at ffff88802e42a080
[ 2910.270607] which belongs to the cache kmalloc-64 of size 64
[ 2910.271792] The buggy address is located 4 bytes inside of
[ 2910.271792] 64-byte region [ffff88802e42a080, ffff88802e42a0c0)
[ 2910.272848]
[ 2910.273011] The buggy address belongs to the physical page:
[ 2910.273537] page:00000000bb3d5aa6 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2e42a
[ 2910.274399] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2910.275037] raw: 000fffffc0000200 ffffea000247d380 dead000000000005 ffff888100041640
[ 2910.275797] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000
[ 2910.276518] page dumped because: kasan: bad access detected
[ 2910.277052]
[ 2910.277215] Memory state around the buggy address:
[ 2910.277681] ffff88802e429f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 2910.278360] ffff88802e42a000: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[ 2910.279030] >ffff88802e42a080: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[ 2910.279747] ^
[ 2910.280066] ffff88802e42a100: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[ 2910.280766] ffff88802e42a180: 00 00 00 00 04 fc fc fc fc fc fc fc fc fc fc fc
[ 2910.281484] ==================================================================
[ 2910.282731] ok 22 - kmalloc_memmove_negative_size
[ 2910.284334] ==================================================================
[ 2910.285620] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x1cf/0x2a0 [test_kasan]
[ 2910.286503] Read of size 64 at addr ffff88802e42ac04 by task kunit_try_catch/117541
[ 2910.287251]
[ 2910.287506] CPU: 0 PID: 117541 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-243.1944_756456474.el9.x86_64+debug #1
[ 2910.288917] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2910.289499] Call Trace:
[ 2910.289764]
[ 2910.289981] ? kmalloc_memmove_invalid_size+0x1cf/0x2a0 [test_kasan]
[ 2910.290588] dump_stack_lvl+0x57/0x81
[ 2910.290947] print_address_description.constprop.0+0x1f/0x1e0
[ 2910.291519] ? kmalloc_memmove_invalid_size+0x1cf/0x2a0 [test_kasan]
[ 2910.292138] print_report.cold+0x5c/0x237
[ 2910.292554] kasan_report+0xc9/0x100
[ 2910.292924] ? kmalloc_memmove_invalid_size+0x1cf/0x2a0 [test_kasan]
[ 2910.293527] kasan_check_range+0xfd/0x1e0
[ 2910.293914] memmove+0x20/0x60
[ 2910.294219] kmalloc_memmove_invalid_size+0x1cf/0x2a0 [test_kasan]
[ 2910.294888] ? kmalloc_oob_in_memset+0x280/0x280 [test_kasan]
[ 2910.295465] ? do_raw_spin_trylock+0xb5/0x180
[ 2910.295907] ? do_raw_spin_lock+0x270/0x270
[ 2910.296314] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2910.296886] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2910.297377] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2910.297863] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2910.298364] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2910.298941] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2910.299452] kthread+0x2a7/0x350
[ 2910.299795] ? kthread_complete_and_exit+0x20/0x20
[ 2910.300257] ret_from_fork+0x22/0x30
[ 2910.300644]
[ 2910.300884]
[ 2910.301047] Allocated by task 117541:
[ 2910.301422] kasan_save_stack+0x1e/0x40
[ 2910.301816] __kasan_kmalloc+0x81/0xa0
[ 2910.302180] kmalloc_memmove_invalid_size+0xac/0x2a0 [test_kasan]
[ 2910.302819] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2910.303289] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2910.303926] kthread+0x2a7/0x350
[ 2910.304257] ret_from_fork+0x22/0x30
[ 2910.304635]
[ 2910.304814] Last potentially related work creation:
[ 2910.305276] kasan_save_stack+0x1e/0x40
[ 2910.305652] __kasan_record_aux_stack+0x96/0xb0
[ 2910.306090] kvfree_call_rcu+0x7d/0x840
[ 2910.306475] dma_resv_reserve_fences+0x35d/0x680
[ 2910.306919] ttm_eu_reserve_buffers+0x42c/0x1070 [ttm]
[ 2910.307433] qxl_release_reserve_list+0xe5/0x320 [qxl]
[ 2910.307948] qxl_draw_dirty_fb+0x40e/0x1c70 [qxl]
[ 2910.308440] qxl_framebuffer_surface_dirty+0x307/0x610 [qxl]
[ 2910.309028] drm_fb_helper_damage_work+0x537/0x8c0 [drm_kms_helper]
[ 2910.309674] process_one_work+0x8e5/0x1520
[ 2910.310068] worker_thread+0x59e/0xf90
[ 2910.310478] kthread+0x2a7/0x350
[ 2910.310823] ret_from_fork+0x22/0x30
[ 2910.311205]
[ 2910.311396] Second to last potentially related work creation:
[ 2910.311981] kasan_save_stack+0x1e/0x40
[ 2910.312353] __kasan_record_aux_stack+0x96/0xb0
[ 2910.312831] kvfree_call_rcu+0x7d/0x840
[ 2910.313198] dma_resv_fini+0x38/0x50
[ 2910.313551] drm_gem_object_release+0x73/0x100 [drm]
[ 2910.314052] qxl_ttm_bo_destroy+0x17f/0x200 [qxl]
[ 2910.314510] ttm_bo_release+0x68b/0xbc0 [ttm]
[ 2910.314934] ttm_bo_delayed_delete+0x312/0x550 [ttm]
[ 2910.315434] ttm_device_delayed_workqueue+0x18/0x70 [ttm]
[ 2910.316008] process_one_work+0x8e5/0x1520
[ 2910.316423] worker_thread+0x59e/0xf90
[ 2910.316812] kthread+0x2a7/0x350
[ 2910.317129] ret_from_fork+0x22/0x30
[ 2910.317581]
[ 2910.317768] The buggy address belongs to the object at ffff88802e42ac00
[ 2910.317768] which belongs to the cache kmalloc-64 of size 64
[ 2910.318958] The buggy address is located 4 bytes inside of
[ 2910.318958] 64-byte region [ffff88802e42ac00, ffff88802e42ac40)
[ 2910.320054]
[ 2910.320217] The buggy address belongs to the physical page:
[ 2910.320785] page:00000000bb3d5aa6 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2e42a
[ 2910.321649] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2910.322293] raw: 000fffffc0000200 ffffea000247d380 dead000000000005 ffff888100041640
[ 2910.323016] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000
[ 2910.323775] page dumped because: kasan: bad access detected
[ 2910.324298]
[ 2910.324490] Memory state around the buggy address:
[ 2910.324992] ffff88802e42ab00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[ 2910.325724] ffff88802e42ab80: 00 00 00 00 00 00 04 fc fc fc fc fc fc fc fc fc
[ 2910.326440] >ffff88802e42ac00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[ 2910.327114] ^
[ 2910.327703] ffff88802e42ac80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 2910.328398] ffff88802e42ad00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc
[ 2910.329094] ==================================================================
[ 2910.331164] ok 23 - kmalloc_memmove_invalid_size
[ 2910.333278] ==================================================================
[ 2910.334503] BUG: KASAN: use-after-free in kmalloc_uaf+0x286/0x2b0 [test_kasan]
[ 2910.335206] Read of size 1 at addr ffff88808f8fe508 by task kunit_try_catch/117542
[ 2910.335976]
[ 2910.336141] CPU: 0 PID: 117542 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-243.1944_756456474.el9.x86_64+debug #1
[ 2910.337468] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2910.338051] Call Trace:
[ 2910.338319]
[ 2910.338540] ? kmalloc_uaf+0x286/0x2b0 [test_kasan]
[ 2910.339007] dump_stack_lvl+0x57/0x81
[ 2910.339393] print_address_description.constprop.0+0x1f/0x1e0
[ 2910.339956] ? kmalloc_uaf+0x286/0x2b0 [test_kasan]
[ 2910.340466] print_report.cold+0x5c/0x237
[ 2910.340901] kasan_report+0xc9/0x100
[ 2910.341270] ? kmalloc_uaf+0x286/0x2b0 [test_kasan]
[ 2910.341811] kmalloc_uaf+0x286/0x2b0 [test_kasan]
[ 2910.342267] ? kmalloc_uaf2+0x430/0x430 [test_kasan]
[ 2910.342745] ? do_raw_spin_trylock+0xb5/0x180
[ 2910.343167] ? do_raw_spin_lock+0x270/0x270
[ 2910.343574] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2910.344099] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2910.344588] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2910.345053] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2910.345561] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2910.346156] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2910.346689] kthread+0x2a7/0x350
[ 2910.347015] ? kthread_complete_and_exit+0x20/0x20
[ 2910.347594] ret_from_fork+0x22/0x30
[ 2910.347975]
[ 2910.348199]
[ 2910.348369] Allocated by task 117542:
[ 2910.348723] kasan_save_stack+0x1e/0x40
[ 2910.349095] __kasan_kmalloc+0x81/0xa0
[ 2910.349484] kmalloc_uaf+0x98/0x2b0 [test_kasan]
[ 2910.349971] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2910.350445] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2910.351019] kthread+0x2a7/0x350
[ 2910.351335] ret_from_fork+0x22/0x30
[ 2910.351688]
[ 2910.351868] Freed by task 117542:
[ 2910.352191] kasan_save_stack+0x1e/0x40
[ 2910.352569] kasan_set_track+0x21/0x30
[ 2910.352932] kasan_set_free_info+0x20/0x40
[ 2910.353323] __kasan_slab_free+0x108/0x170
[ 2910.353720] slab_free_freelist_hook+0x11d/0x1d0
[ 2910.354164] kfree+0xe2/0x3c0
[ 2910.354505] kmalloc_uaf+0x12b/0x2b0 [test_kasan]
[ 2910.355004] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2910.355494] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2910.356086] kthread+0x2a7/0x350
[ 2910.356410] ret_from_fork+0x22/0x30
[ 2910.356759]
[ 2910.356922] The buggy address belongs to the object at ffff88808f8fe500
[ 2910.356922] which belongs to the cache kmalloc-16 of size 16
[ 2910.358089] The buggy address is located 8 bytes inside of
[ 2910.358089] 16-byte region [ffff88808f8fe500, ffff88808f8fe510)
[ 2910.359205]
[ 2910.359396] The buggy address belongs to the physical page:
[ 2910.359958] page:000000005df17624 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8f8fe
[ 2910.360821] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2910.361467] raw: 000fffffc0000200 ffffea0002417140 dead000000000002 ffff8881000413c0
[ 2910.362186] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000
[ 2910.362950] page dumped because: kasan: bad access detected
[ 2910.363494]
[ 2910.363677] Memory state around the buggy address:
[ 2910.364131] ffff88808f8fe400: 00 00 fc fc fa fb fc fc fa fb fc fc fb fb fc fc
[ 2910.364808] ffff88808f8fe480: fb fb fc fc 00 00 fc fc 00 00 fc fc fb fb fc fc
[ 2910.365503] >ffff88808f8fe500: fa fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[ 2910.366194] ^
[ 2910.366582] ffff88808f8fe580: fa fb fc fc fb fb fc fc 00 00 fc fc fa fb fc fc
[ 2910.367274] ffff88808f8fe600: fb fb fc fc 00 00 fc fc fb fb fc fc fa fb fc fc
[ 2910.367989] ==================================================================
[ 2910.368729] ok 24 - kmalloc_uaf
[ 2910.370294] ==================================================================
[ 2910.371437] BUG: KASAN: use-after-free in kmalloc_uaf_memset+0x1b4/0x280 [test_kasan]
[ 2910.372190] Write of size 33 at addr ffff88802f78b900 by task kunit_try_catch/117543
[ 2910.372958]
[ 2910.373123] CPU: 0 PID: 117543 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-243.1944_756456474.el9.x86_64+debug #1
[ 2910.374464] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2910.375033] Call Trace:
[ 2910.375280]
[ 2910.375524] ? kmalloc_uaf_memset+0x1b4/0x280 [test_kasan]
[ 2910.376065] dump_stack_lvl+0x57/0x81
[ 2910.376428] print_address_description.constprop.0+0x1f/0x1e0
[ 2910.376975] ? kmalloc_uaf_memset+0x1b4/0x280 [test_kasan]
[ 2910.377606] print_report.cold+0x5c/0x237
[ 2910.378019] kasan_report+0xc9/0x100
[ 2910.378395] ? kmalloc_uaf_memset+0xc1/0x280 [test_kasan]
[ 2910.378953] ? kmalloc_uaf_memset+0x1b4/0x280 [test_kasan]
[ 2910.379497] kasan_check_range+0xfd/0x1e0
[ 2910.379907] memset+0x20/0x50
[ 2910.380207] kmalloc_uaf_memset+0x1b4/0x280 [test_kasan]
[ 2910.380716] ? kmem_cache_accounted+0x170/0x170 [test_kasan]
[ 2910.381256] ? do_raw_spin_trylock+0xb5/0x180
[ 2910.381683] ? do_raw_spin_lock+0x270/0x270
[ 2910.382088] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2910.382650] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2910.383203] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2910.383715] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2910.384216] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2910.384874] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2910.385375] kthread+0x2a7/0x350
[ 2910.385700] ? kthread_complete_and_exit+0x20/0x20
[ 2910.386160] ret_from_fork+0x22/0x30
[ 2910.386541]
[ 2910.386785]
[ 2910.386949] Allocated by task 117543:
[ 2910.387304] kasan_save_stack+0x1e/0x40
[ 2910.387719] __kasan_kmalloc+0x81/0xa0
[ 2910.388081] kmalloc_uaf_memset+0x9a/0x280 [test_kasan]
[ 2910.388581] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2910.389047] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2910.389654] kthread+0x2a7/0x350
[ 2910.389989] ret_from_fork+0x22/0x30
[ 2910.390338]
[ 2910.390505] Freed by task 117543:
[ 2910.390828] kasan_save_stack+0x1e/0x40
[ 2910.391198] kasan_set_track+0x21/0x30
[ 2910.391588] kasan_set_free_info+0x20/0x40
[ 2910.391999] __kasan_slab_free+0x108/0x170
[ 2910.392406] slab_free_freelist_hook+0x11d/0x1d0
[ 2910.392848] kfree+0xe2/0x3c0
[ 2910.393146] kmalloc_uaf_memset+0x137/0x280 [test_kasan]
[ 2910.393693] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2910.394186] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2910.394783] kthread+0x2a7/0x350
[ 2910.395103] ret_from_fork+0x22/0x30
[ 2910.395478]
[ 2910.395646] Last potentially related work creation:
[ 2910.396125] kasan_save_stack+0x1e/0x40
[ 2910.396520] __kasan_record_aux_stack+0x96/0xb0
[ 2910.396977] kvfree_call_rcu+0x7d/0x840
[ 2910.397344] dma_resv_fini+0x38/0x50
[ 2910.397698] drm_gem_object_release+0x73/0x100 [drm]
[ 2910.398198] qxl_ttm_bo_destroy+0x17f/0x200 [qxl]
[ 2910.398670] ttm_bo_release+0x68b/0xbc0 [ttm]
[ 2910.399095] ttm_bo_delayed_delete+0x312/0x550 [ttm]
[ 2910.399597] ttm_device_delayed_workqueue+0x18/0x70 [ttm]
[ 2910.400130] process_one_work+0x8e5/0x1520
[ 2910.400574] worker_thread+0x59e/0xf90
[ 2910.400972] kthread+0x2a7/0x350
[ 2910.401292] ret_from_fork+0x22/0x30
[ 2910.401648]
[ 2910.401812] Second to last potentially related work creation:
[ 2910.402397] kasan_save_stack+0x1e/0x40
[ 2910.402769] __kasan_record_aux_stack+0x96/0xb0
[ 2910.403205] kvfree_call_rcu+0x7d/0x840
[ 2910.403603] dma_resv_fini+0x38/0x50
[ 2910.403971] drm_gem_object_release+0x73/0x100 [drm]
[ 2910.404477] qxl_ttm_bo_destroy+0x17f/0x200 [qxl]
[ 2910.404925] ttm_bo_release+0x68b/0xbc0 [ttm]
[ 2910.405351] ttm_bo_delayed_delete+0x312/0x550 [ttm]
[ 2910.405829] ttm_device_delayed_workqueue+0x18/0x70 [ttm]
[ 2910.406342] process_one_work+0x8e5/0x1520
[ 2910.406742] worker_thread+0x59e/0xf90
[ 2910.407104] kthread+0x2a7/0x350
[ 2910.407507] ret_from_fork+0x22/0x30
[ 2910.407929]
[ 2910.408093] The buggy address belongs to the object at ffff88802f78b900
[ 2910.408093] which belongs to the cache kmalloc-64 of size 64
[ 2910.409223] The buggy address is located 0 bytes inside of
[ 2910.409223] 64-byte region [ffff88802f78b900, ffff88802f78b940)
[ 2910.410281]
[ 2910.410448] The buggy address belongs to the physical page:
[ 2910.410970] page:000000007a870b5f refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2f78b
[ 2910.411875] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2910.412526] raw: 000fffffc0000200 ffffea0000417b80 dead000000000005 ffff888100041640
[ 2910.413246] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000
[ 2910.413968] page dumped because: kasan: bad access detected
[ 2910.414512]
[ 2910.414681] Memory state around the buggy address:
[ 2910.415153] ffff88802f78b800: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[ 2910.415872] ffff88802f78b880: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 2910.416578] >ffff88802f78b900: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 2910.417265] ^
[ 2910.417590] ffff88802f78b980: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[ 2910.418310] ffff88802f78ba00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 2910.419028] ==================================================================
[ 2910.419866] ok 25 - kmalloc_uaf_memset
[ 2910.421220] ==================================================================
[ 2910.422319] BUG: KASAN: use-after-free in kmalloc_uaf2+0x402/0x430 [test_kasan]
[ 2910.423012] Read of size 1 at addr ffff88802f78b6a8 by task kunit_try_catch/117544
[ 2910.423763]
[ 2910.423943] CPU: 0 PID: 117544 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-243.1944_756456474.el9.x86_64+debug #1
[ 2910.425565] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2910.426160] Call Trace:
[ 2910.426469]
[ 2910.426727] ? kmalloc_uaf2+0x402/0x430 [test_kasan]
[ 2910.427228] dump_stack_lvl+0x57/0x81
[ 2910.431776] print_address_description.constprop.0+0x1f/0x1e0
[ 2910.432359] ? kmalloc_uaf2+0x402/0x430 [test_kasan]
[ 2910.432862] print_report.cold+0x5c/0x237
[ 2910.433278] kasan_report+0xc9/0x100
[ 2910.433676] ? kmalloc_uaf2+0x402/0x430 [test_kasan]
[ 2910.434171] kmalloc_uaf2+0x402/0x430 [test_kasan]
[ 2910.434662] ? kfree_via_page+0x290/0x290 [test_kasan]
[ 2910.435169] ? rcu_read_lock_sched_held+0x12/0x80
[ 2910.435652] ? lock_acquire+0x4ea/0x620
[ 2910.436041] ? rcu_read_unlock+0x40/0x40
[ 2910.436428] ? rcu_read_unlock+0x40/0x40
[ 2910.436808] ? rcu_read_lock_sched_held+0x12/0x80
[ 2910.437259] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2910.437948] ? do_raw_spin_lock+0x270/0x270
[ 2910.438360] ? trace_hardirqs_on+0x2d/0x160
[ 2910.438760] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 2910.439248] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2910.439824] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2910.440327] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2910.440843] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2910.441441] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2910.441972] kthread+0x2a7/0x350
[ 2910.442317] ? kthread_complete_and_exit+0x20/0x20
[ 2910.442781] ret_from_fork+0x22/0x30
[ 2910.443134]
[ 2910.443375]
[ 2910.443548] Allocated by task 117544:
[ 2910.443921] kasan_save_stack+0x1e/0x40
[ 2910.444290] __kasan_kmalloc+0x81/0xa0
[ 2910.444684] kmalloc_uaf2+0xad/0x430 [test_kasan]
[ 2910.445155] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2910.445649] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2910.446241] kthread+0x2a7/0x350
[ 2910.446564] ret_from_fork+0x22/0x30
[ 2910.446913]
[ 2910.447075] Freed by task 117544:
[ 2910.447402] kasan_save_stack+0x1e/0x40
[ 2910.447772] kasan_set_track+0x21/0x30
[ 2910.448133] kasan_set_free_info+0x20/0x40
[ 2910.448550] __kasan_slab_free+0x108/0x170
[ 2910.448957] slab_free_freelist_hook+0x11d/0x1d0
[ 2910.449436] kfree+0xe2/0x3c0
[ 2910.449754] kmalloc_uaf2+0x144/0x430 [test_kasan]
[ 2910.450208] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2910.450676] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2910.451250] kthread+0x2a7/0x350
[ 2910.451572] ret_from_fork+0x22/0x30
[ 2910.451920]
[ 2910.452083] Last potentially related work creation:
[ 2910.452570] kasan_save_stack+0x1e/0x40
[ 2910.452956] __kasan_record_aux_stack+0x96/0xb0
[ 2910.453410] kvfree_call_rcu+0x7d/0x840
[ 2910.453805] dma_resv_fini+0x38/0x50
[ 2910.454153] drm_gem_object_release+0x73/0x100 [drm]
[ 2910.454657] qxl_ttm_bo_destroy+0x17f/0x200 [qxl]
[ 2910.455110] ttm_bo_release+0x68b/0xbc0 [ttm]
[ 2910.455541] ttm_bo_delayed_delete+0x312/0x550 [ttm]
[ 2910.456017] ttm_device_delayed_workqueue+0x18/0x70 [ttm]
[ 2910.456585] process_one_work+0x8e5/0x1520
[ 2910.457010] worker_thread+0x59e/0xf90
[ 2910.457390] kthread+0x2a7/0x350
[ 2910.457717] ret_from_fork+0x22/0x30
[ 2910.458080]
[ 2910.458243] Second to last potentially related work creation:
[ 2910.458826] kasan_save_stack+0x1e/0x40
[ 2910.459192] __kasan_record_aux_stack+0x96/0xb0
[ 2910.459629] kvfree_call_rcu+0x7d/0x840
[ 2910.460026] dma_resv_fini+0x38/0x50
[ 2910.460424] drm_gem_object_release+0x73/0x100 [drm]
[ 2910.460990] qxl_ttm_bo_destroy+0x17f/0x200 [qxl]
[ 2910.461484] ttm_bo_release+0x68b/0xbc0 [ttm]
[ 2910.461944] ttm_bo_delayed_delete+0x312/0x550 [ttm]
[ 2910.462437] ttm_device_delayed_workqueue+0x18/0x70 [ttm]
[ 2910.462968] process_one_work+0x8e5/0x1520
[ 2910.463399] worker_thread+0x59e/0xf90
[ 2910.463810] kthread+0x2a7/0x350
[ 2910.464157] ret_from_fork+0x22/0x30
[ 2910.464531]
[ 2910.464713] The buggy address belongs to the object at ffff88802f78b680
[ 2910.464713] which belongs to the cache kmalloc-64 of size 64
[ 2910.465902] The buggy address is located 40 bytes inside of
[ 2910.465902] 64-byte region [ffff88802f78b680, ffff88802f78b6c0)
[ 2910.467023]
[ 2910.467186] The buggy address belongs to the physical page:
[ 2910.467899] page:000000007a870b5f refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2f78b
[ 2910.468814] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2910.469479] raw: 000fffffc0000200 ffffea0000417b80 dead000000000005 ffff888100041640
[ 2910.470245] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000
[ 2910.471005] page dumped because: kasan: bad access detected
[ 2910.471566]
[ 2910.471746] Memory state around the buggy address:
[ 2910.472219] ffff88802f78b580: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 2910.472963] ffff88802f78b600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 2910.473663] >ffff88802f78b680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 2910.474371] ^
[ 2910.474871] ffff88802f78b700: 00 00 00 00 00 04 fc fc fc fc fc fc fc fc fc fc
[ 2910.475565] ffff88802f78b780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 2910.476251] ==================================================================
[ 2910.477272] ok 26 - kmalloc_uaf2
[ 2910.479243] ok 27 - kfree_via_page
[ 2910.479849] ok 28 - kfree_via_phys
[ 2910.483034] ==================================================================
[ 2910.484237] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x2d4/0x2e0 [test_kasan]
[ 2910.485088] Read of size 1 at addr ffff88802f8cd5f0 by task kunit_try_catch/117547
[ 2910.485854]
[ 2910.486017] CPU: 0 PID: 117547 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-243.1944_756456474.el9.x86_64+debug #1
[ 2910.487315] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2910.487905] Call Trace:
[ 2910.488148]
[ 2910.488387] ? kmem_cache_oob+0x2d4/0x2e0 [test_kasan]
[ 2910.488899] dump_stack_lvl+0x57/0x81
[ 2910.489259] print_address_description.constprop.0+0x1f/0x1e0
[ 2910.489876] ? kmem_cache_oob+0x2d4/0x2e0 [test_kasan]
[ 2910.490406] print_report.cold+0x5c/0x237
[ 2910.490806] kasan_report+0xc9/0x100
[ 2910.491170] ? kmem_cache_oob+0x2d4/0x2e0 [test_kasan]
[ 2910.491690] kmem_cache_oob+0x2d4/0x2e0 [test_kasan]
[ 2910.492180] ? kmem_cache_double_free+0x280/0x280 [test_kasan]
[ 2910.492735] ? do_raw_spin_trylock+0xb5/0x180
[ 2910.493152] ? do_raw_spin_lock+0x270/0x270
[ 2910.493560] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2910.494087] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2910.494597] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2910.495079] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2910.495640] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2910.496273] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2910.496766] kthread+0x2a7/0x350
[ 2910.497084] ? kthread_complete_and_exit+0x20/0x20
[ 2910.497644] ret_from_fork+0x22/0x30
[ 2910.498019]
[ 2910.498241]
[ 2910.498410] Allocated by task 117547:
[ 2910.498761] kasan_save_stack+0x1e/0x40
[ 2910.499130] __kasan_slab_alloc+0x66/0x80
[ 2910.499539] kmem_cache_alloc+0x161/0x310
[ 2910.499943] kmem_cache_oob+0x121/0x2e0 [test_kasan]
[ 2910.500443] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2910.500906] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2910.501484] kthread+0x2a7/0x350
[ 2910.501800] ret_from_fork+0x22/0x30
[ 2910.502148]
[ 2910.502310] The buggy address belongs to the object at ffff88802f8cd528
[ 2910.502310] which belongs to the cache test_cache of size 200
[ 2910.503463] The buggy address is located 0 bytes to the right of
[ 2910.503463] 200-byte region [ffff88802f8cd528, ffff88802f8cd5f0)
[ 2910.504639]
[ 2910.504807] The buggy address belongs to the physical page:
[ 2910.505348] page:00000000040705b9 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2f8cd
[ 2910.506207] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2910.506892] raw: 000fffffc0000200 0000000000000000 dead000000000122 ffff888001d753c0
[ 2910.507636] raw: 0000000000000000 00000000800f000f 00000001ffffffff 0000000000000000
[ 2910.508372] page dumped because: kasan: bad access detected
[ 2910.508893]
[ 2910.509057] Memory state around the buggy address:
[ 2910.509515] ffff88802f8cd480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2910.510195] ffff88802f8cd500: fc fc fc fc fc 00 00 00 00 00 00 00 00 00 00 00
[ 2910.510875] >ffff88802f8cd580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc
[ 2910.511573] ^
[ 2910.512230] ffff88802f8cd600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2910.512901] ffff88802f8cd680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2910.513573] ==================================================================
[ 2910.587016] ok 29 - kmem_cache_oob
[ 2911.116500] ok 30 - kmem_cache_accounted
[ 2911.128399] ok 31 - kmem_cache_bulk
[ 2911.130220] ==================================================================
[ 2911.131359] BUG: KASAN: global-out-of-bounds in kasan_global_oob_right+0x1df/0x1f0 [test_kasan]
[ 2911.132194] Read of size 1 at addr ffffffffc1a3790d by task kunit_try_catch/117550
[ 2911.132908]
[ 2911.133070] CPU: 0 PID: 117550 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-243.1944_756456474.el9.x86_64+debug #1
[ 2911.134317] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2911.134905] Call Trace:
[ 2911.135148]
[ 2911.135408] ? kasan_global_oob_right+0x1df/0x1f0 [test_kasan]
[ 2911.136001] dump_stack_lvl+0x57/0x81
[ 2911.136369] print_address_description.constprop.0+0x1f/0x1e0
[ 2911.136914] ? kasan_global_oob_right+0x1df/0x1f0 [test_kasan]
[ 2911.137465] print_report.cold+0x5c/0x237
[ 2911.137851] kasan_report+0xc9/0x100
[ 2911.138196] ? kasan_global_oob_right+0x1df/0x1f0 [test_kasan]
[ 2911.138768] kasan_global_oob_right+0x1df/0x1f0 [test_kasan]
[ 2911.139328] ? kasan_stack_oob+0x200/0x200 [test_kasan]
[ 2911.139830] ? do_raw_spin_trylock+0xb5/0x180
[ 2911.140250] ? do_raw_spin_lock+0x270/0x270
[ 2911.140685] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2911.141260] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2911.141749] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2911.142218] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2911.142702] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2911.143270] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2911.143758] kthread+0x2a7/0x350
[ 2911.144075] ? kthread_complete_and_exit+0x20/0x20
[ 2911.144561] ret_from_fork+0x22/0x30
[ 2911.144934]
[ 2911.145157]
[ 2911.145320] The buggy address belongs to the variable:
[ 2911.145805] global_array+0xd/0xfffffffffffe5700 [test_kasan]
[ 2911.146351]
[ 2911.146514] Memory state around the buggy address:
[ 2911.146980] ffffffffc1a37800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2911.147672] ffffffffc1a37880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2911.148362] >ffffffffc1a37900: 00 02 f9 f9 f9 f9 f9 f9 01 f9 f9 f9 f9 f9 f9 f9
[ 2911.149053] ^
[ 2911.149397] ffffffffc1a37980: 02 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 f9 f9
[ 2911.150067] ffffffffc1a37a00: f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9
[ 2911.150767] ==================================================================
[ 2911.151561] ok 32 - kasan_global_oob_right
[ 2911.154256] ok 33 - kasan_global_oob_left # SKIP Test requires CONFIG_CC_IS_CLANG=y
[ 2911.157191] ==================================================================
[ 2911.158854] BUG: KASAN: stack-out-of-bounds in kasan_stack_oob+0x1eb/0x200 [test_kasan]
[ 2911.159599] Read of size 1 at addr ffffc90001387e7a by task kunit_try_catch/117552
[ 2911.160296]
[ 2911.160463] CPU: 0 PID: 117552 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-243.1944_756456474.el9.x86_64+debug #1
[ 2911.161718] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2911.162257] Call Trace:
[ 2911.162526]
[ 2911.162762] ? kasan_stack_oob+0x1eb/0x200 [test_kasan]
[ 2911.163255] dump_stack_lvl+0x57/0x81
[ 2911.163615] print_address_description.constprop.0+0x1f/0x1e0
[ 2911.164156] ? kasan_stack_oob+0x1eb/0x200 [test_kasan]
[ 2911.164681] print_report.cold+0x5c/0x237
[ 2911.165105] kasan_report+0xc9/0x100
[ 2911.165503] ? kasan_stack_oob+0x1eb/0x200 [test_kasan]
[ 2911.166201] kasan_stack_oob+0x1eb/0x200 [test_kasan]
[ 2911.166779] ? match_all_mem_tag+0x20/0x20 [test_kasan]
[ 2911.167375] ? rcu_read_unlock+0x40/0x40
[ 2911.167817] ? rcu_read_lock_sched_held+0x12/0x80
[ 2911.168323] ? do_raw_spin_trylock+0xb5/0x180
[ 2911.168810] ? do_raw_spin_lock+0x270/0x270
[ 2911.169214] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2911.169798] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 2911.170533] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2911.171059] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2911.171554] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2911.172053] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2911.172655] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2911.173157] kthread+0x2a7/0x350
[ 2911.173482] ? kthread_complete_and_exit+0x20/0x20
[ 2911.173937] ret_from_fork+0x22/0x30
[ 2911.174287]
[ 2911.174538]
[ 2911.174715] The buggy address belongs to stack of task kunit_try_catch/117552
[ 2911.175402] and is located at offset 266 in frame:
[ 2911.175891] kasan_stack_oob+0x0/0x200 [test_kasan]
[ 2911.176355]
[ 2911.176516] This frame has 4 objects:
[ 2911.176866] [48, 56) 'array'
[ 2911.176869] [80, 128) '__assertion'
[ 2911.177162] [160, 224) '__assertion'
[ 2911.177518] [256, 266) 'stack_array'
[ 2911.177855]
[ 2911.178396] The buggy address belongs to the virtual mapping at
[ 2911.178396] [ffffc90001380000, ffffc90001389000) created by:
[ 2911.178396] dup_task_struct+0x5e/0x5a0
[ 2911.179874]
[ 2911.180037] The buggy address belongs to the physical page:
[ 2911.180579] page:0000000043defb31 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2f85b
[ 2911.181455] flags: 0xfffffc0000000(node=0|zone=1|lastcpupid=0x1fffff)
[ 2911.182255] raw: 000fffffc0000000 0000000000000000 dead000000000122 0000000000000000
[ 2911.183151] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[ 2911.183982] page dumped because: kasan: bad access detected
[ 2911.184571]
[ 2911.184774] Memory state around the buggy address:
[ 2911.185259] ffffc90001387d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1
[ 2911.186027] ffffc90001387d80: f1 f1 f1 f1 00 f2 f2 f2 00 00 00 00 00 00 f2 f2
[ 2911.186739] >ffffc90001387e00: f2 f2 00 00 00 00 00 00 00 00 f2 f2 f2 f2 00 02
[ 2911.187445] ^
[ 2911.188226] ffffc90001387e80: f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2911.188962] ffffc90001387f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2911.189710] ==================================================================
[ 2911.192389] ok 34 - kasan_stack_oob
[ 2911.195216] ==================================================================
[ 2911.196340] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_left+0x27d/0x2a0 [test_kasan]
[ 2911.197144] Read of size 1 at addr ffffc90001d37d1f by task kunit_try_catch/117553
[ 2911.197894]
[ 2911.198058] CPU: 0 PID: 117553 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-243.1944_756456474.el9.x86_64+debug #1
[ 2911.199319] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2911.199861] Call Trace:
[ 2911.200103]
[ 2911.200319] ? kasan_alloca_oob_left+0x27d/0x2a0 [test_kasan]
[ 2911.200899] dump_stack_lvl+0x57/0x81
[ 2911.201255] print_address_description.constprop.0+0x1f/0x1e0
[ 2911.201844] ? kasan_alloca_oob_left+0x27d/0x2a0 [test_kasan]
[ 2911.202388] print_report.cold+0x5c/0x237
[ 2911.202773] kasan_report+0xc9/0x100
[ 2911.203119] ? kasan_alloca_oob_left+0x27d/0x2a0 [test_kasan]
[ 2911.203665] kasan_alloca_oob_left+0x27d/0x2a0 [test_kasan]
[ 2911.204186] ? rcu_read_lock_sched_held+0x12/0x80
[ 2911.204637] ? rcu_read_lock_sched_held+0x12/0x80
[ 2911.205080] ? lock_acquire+0x4ea/0x620
[ 2911.205474] ? kasan_alloca_oob_right+0x290/0x290 [test_kasan]
[ 2911.206046] ? rcu_read_lock_sched_held+0x12/0x80
[ 2911.206503] ? do_raw_spin_trylock+0xb5/0x180
[ 2911.206924] ? do_raw_spin_lock+0x270/0x270
[ 2911.207325] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2911.207857] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 2911.208344] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2911.208829] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2911.209298] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2911.209824] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2911.210424] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2911.210943] kthread+0x2a7/0x350
[ 2911.211263] ? kthread_complete_and_exit+0x20/0x20
[ 2911.211726] ret_from_fork+0x22/0x30
[ 2911.212078]
[ 2911.212298]
[ 2911.212465] The buggy address belongs to stack of task kunit_try_catch/117553
[ 2911.213126]
[ 2911.213289] The buggy address belongs to the virtual mapping at
[ 2911.213289] [ffffc90001d30000, ffffc90001d39000) created by:
[ 2911.213289] dup_task_struct+0x5e/0x5a0
[ 2911.214742]
[ 2911.214904] The buggy address belongs to the physical page:
[ 2911.215429] page:0000000047fa4f93 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xeeb9
[ 2911.216279] flags: 0xfffffc0000000(node=0|zone=1|lastcpupid=0x1fffff)
[ 2911.216884] raw: 000fffffc0000000 0000000000000000 dead000000000122 0000000000000000
[ 2911.217768] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[ 2911.218507] page dumped because: kasan: bad access detected
[ 2911.219024]
[ 2911.219186] Memory state around the buggy address:
[ 2911.219645] ffffc90001d37c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2911.220317] ffffc90001d37c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2911.220992] >ffffc90001d37d00: ca ca ca ca 00 02 cb cb cb cb cb cb 00 00 00 00
[ 2911.221697] ^
[ 2911.222092] ffffc90001d37d80: f1 f1 f1 f1 04 f2 00 f2 f2 f2 00 00 00 00 00 00
[ 2911.222804] ffffc90001d37e00: f2 f2 f2 f2 00 00 00 00 00 00 00 00 f3 f3 f3 f3
[ 2911.223505] ==================================================================
[ 2911.224311] ok 35 - kasan_alloca_oob_left
[ 2911.226262] ==================================================================
[ 2911.227448] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_right+0x275/0x290 [test_kasan]
[ 2911.228295] Read of size 1 at addr ffffc90002647d2a by task kunit_try_catch/117554
[ 2911.229040]
[ 2911.229204] CPU: 0 PID: 117554 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-243.1944_756456474.el9.x86_64+debug #1
[ 2911.230486] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2911.231046] Call Trace:
[ 2911.231289]
[ 2911.231529] ? kasan_alloca_oob_right+0x275/0x290 [test_kasan]
[ 2911.232102] dump_stack_lvl+0x57/0x81
[ 2911.232464] print_address_description.constprop.0+0x1f/0x1e0
[ 2911.233006] ? kasan_alloca_oob_right+0x275/0x290 [test_kasan]
[ 2911.233562] print_report.cold+0x5c/0x237
[ 2911.233944] kasan_report+0xc9/0x100
[ 2911.234291] ? kasan_alloca_oob_right+0x275/0x290 [test_kasan]
[ 2911.234890] kasan_alloca_oob_right+0x275/0x290 [test_kasan]
[ 2911.235437] ? rcu_read_lock_sched_held+0x12/0x80
[ 2911.235913] ? rcu_read_lock_sched_held+0x12/0x80
[ 2911.236380] ? lock_acquire+0x4ea/0x620
[ 2911.236750] ? ksize_unpoisons_memory+0x300/0x300 [test_kasan]
[ 2911.237609] ? rcu_read_lock_sched_held+0x12/0x80
[ 2911.238098] ? do_raw_spin_trylock+0xb5/0x180
[ 2911.238591] ? do_raw_spin_lock+0x270/0x270
[ 2911.239059] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2911.239639] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 2911.240136] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2911.240691] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2911.241176] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2911.241657] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2911.242230] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2911.242764] kthread+0x2a7/0x350
[ 2911.243082] ? kthread_complete_and_exit+0x20/0x20
[ 2911.243566] ret_from_fork+0x22/0x30
[ 2911.243936]
[ 2911.244156]
[ 2911.244318] The buggy address belongs to stack of task kunit_try_catch/117554
[ 2911.244985]
[ 2911.245146] The buggy address belongs to the virtual mapping at
[ 2911.245146] [ffffc90002640000, ffffc90002649000) created by:
[ 2911.245146] dup_task_struct+0x5e/0x5a0
[ 2911.246583]
[ 2911.246765] The buggy address belongs to the physical page:
[ 2911.247303] page:000000000f752480 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x142f5
[ 2911.248321] flags: 0xfffffc0000000(node=0|zone=1|lastcpupid=0x1fffff)
[ 2911.248925] raw: 000fffffc0000000 0000000000000000 dead000000000122 0000000000000000
[ 2911.249640] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[ 2911.250429] page dumped because: kasan: bad access detected
[ 2911.250999]
[ 2911.251159] Memory state around the buggy address:
[ 2911.251628] ffffc90002647c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2911.252291] ffffc90002647c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2911.252964] >ffffc90002647d00: ca ca ca ca 00 02 cb cb cb cb cb cb 00 00 00 00
[ 2911.253663] ^
[ 2911.254110] ffffc90002647d80: f1 f1 f1 f1 04 f2 00 f2 f2 f2 00 00 00 00 00 00
[ 2911.254870] ffffc90002647e00: f2 f2 f2 f2 00 00 00 00 00 00 00 00 f3 f3 f3 f3
[ 2911.255545] ==================================================================
[ 2911.256426] ok 36 - kasan_alloca_oob_right
[ 2911.261030] ==================================================================
[ 2911.262162] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x2cf/0x300 [test_kasan]
[ 2911.263001] Read of size 1 at addr ffff88810c329a80 by task kunit_try_catch/117555
[ 2911.263709]
[ 2911.263873] CPU: 0 PID: 117555 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-243.1944_756456474.el9.x86_64+debug #1
[ 2911.265132] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2911.265678] Call Trace:
[ 2911.265924]
[ 2911.266140] ? ksize_unpoisons_memory+0x2cf/0x300 [test_kasan]
[ 2911.266739] dump_stack_lvl+0x57/0x81
[ 2911.267097] print_address_description.constprop.0+0x1f/0x1e0
[ 2911.267644] ? ksize_unpoisons_memory+0x2cf/0x300 [test_kasan]
[ 2911.268189] print_report.cold+0x5c/0x237
[ 2911.268578] kasan_report+0xc9/0x100
[ 2911.268925] ? ksize_unpoisons_memory+0x2cf/0x300 [test_kasan]
[ 2911.269481] ksize_unpoisons_memory+0x2cf/0x300 [test_kasan]
[ 2911.270014] ? ksize_uaf+0x4a0/0x4a0 [test_kasan]
[ 2911.270509] ? do_raw_spin_trylock+0xb5/0x180
[ 2911.270975] ? do_raw_spin_lock+0x270/0x270
[ 2911.271404] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2911.271949] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2911.272438] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2911.272905] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2911.273388] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2911.274002] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2911.274554] kthread+0x2a7/0x350
[ 2911.274902] ? kthread_complete_and_exit+0x20/0x20
[ 2911.275393] ret_from_fork+0x22/0x30
[ 2911.275764]
[ 2911.275986]
[ 2911.276148] Allocated by task 117555:
[ 2911.276528] kasan_save_stack+0x1e/0x40
[ 2911.276913] __kasan_kmalloc+0x81/0xa0
[ 2911.277286] ksize_unpoisons_memory+0x9a/0x300 [test_kasan]
[ 2911.277957] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2911.278446] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2911.279043] kthread+0x2a7/0x350
[ 2911.279364] ret_from_fork+0x22/0x30
[ 2911.279709]
[ 2911.279892] The buggy address belongs to the object at ffff88810c329a00
[ 2911.279892] which belongs to the cache kmalloc-128 of size 128
[ 2911.281028] The buggy address is located 0 bytes to the right of
[ 2911.281028] 128-byte region [ffff88810c329a00, ffff88810c329a80)
[ 2911.282128]
[ 2911.282290] The buggy address belongs to the physical page:
[ 2911.282852] page:000000002ff49dbe refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10c329
[ 2911.283751] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff)
[ 2911.284422] raw: 0017ffffc0000200 0000000000000000 dead000000000001 ffff8881000418c0
[ 2911.285182] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[ 2911.285922] page dumped because: kasan: bad access detected
[ 2911.286478]
[ 2911.286647] Memory state around the buggy address:
[ 2911.287114] ffff88810c329980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2911.287833] ffff88810c329a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2911.288514] >ffff88810c329a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2911.289199] ^
[ 2911.289531] ffff88810c329b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc
[ 2911.290211] ffff88810c329b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2911.290927] ==================================================================
[ 2911.291733] ok 37 - ksize_unpoisons_memory
[ 2911.293616] ==================================================================
[ 2911.294788] BUG: KASAN: use-after-free in ksize_uaf+0x1ad/0x4a0 [test_kasan]
[ 2911.295492] Read of size 1 at addr ffff88810c329800 by task kunit_try_catch/117556
[ 2911.296273]
[ 2911.296442] CPU: 0 PID: 117556 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-243.1944_756456474.el9.x86_64+debug #1
[ 2911.297699] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2911.298237] Call Trace:
[ 2911.298505]
[ 2911.298741] ? ksize_uaf+0x1ad/0x4a0 [test_kasan]
[ 2911.299192] dump_stack_lvl+0x57/0x81
[ 2911.299574] print_address_description.constprop.0+0x1f/0x1e0
[ 2911.300135] ? ksize_uaf+0x1ad/0x4a0 [test_kasan]
[ 2911.300615] print_report.cold+0x5c/0x237
[ 2911.301024] kasan_report+0xc9/0x100
[ 2911.301373] ? ksize_uaf+0x1ad/0x4a0 [test_kasan]
[ 2911.301825] ? ksize_uaf+0x1ad/0x4a0 [test_kasan]
[ 2911.302271] __kasan_check_byte+0x36/0x50
[ 2911.302686] ksize+0x1b/0x50
[ 2911.302990] ksize_uaf+0x1ad/0x4a0 [test_kasan]
[ 2911.303451] ? kmem_cache_oob+0x2e0/0x2e0 [test_kasan]
[ 2911.303959] ? do_raw_spin_trylock+0xb5/0x180
[ 2911.304386] ? do_raw_spin_lock+0x270/0x270
[ 2911.304786] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2911.305310] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2911.305796] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2911.306258] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2911.306785] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2911.307387] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2911.308016] kthread+0x2a7/0x350
[ 2911.308341] ? kthread_complete_and_exit+0x20/0x20
[ 2911.308797] ret_from_fork+0x22/0x30
[ 2911.309148]
[ 2911.309391]
[ 2911.309559] Allocated by task 117556:
[ 2911.309927] kasan_save_stack+0x1e/0x40
[ 2911.310293] __kasan_kmalloc+0x81/0xa0
[ 2911.310704] ksize_uaf+0x9a/0x4a0 [test_kasan]
[ 2911.311197] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2911.311746] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2911.312359] kthread+0x2a7/0x350
[ 2911.312736] ret_from_fork+0x22/0x30
[ 2911.313094]
[ 2911.313261] Freed by task 117556:
[ 2911.313624] kasan_save_stack+0x1e/0x40
[ 2911.314019] kasan_set_track+0x21/0x30
[ 2911.314416] kasan_set_free_info+0x20/0x40
[ 2911.314906] __kasan_slab_free+0x108/0x170
[ 2911.315294] slab_free_freelist_hook+0x11d/0x1d0
[ 2911.315801] kfree+0xe2/0x3c0
[ 2911.316094] ksize_uaf+0x137/0x4a0 [test_kasan]
[ 2911.316573] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2911.317071] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2911.317719] kthread+0x2a7/0x350
[ 2911.318031] ret_from_fork+0x22/0x30
[ 2911.318405]
[ 2911.318583] The buggy address belongs to the object at ffff88810c329800
[ 2911.318583] which belongs to the cache kmalloc-128 of size 128
[ 2911.319835] The buggy address is located 0 bytes inside of
[ 2911.319835] 128-byte region [ffff88810c329800, ffff88810c329880)
[ 2911.320980]
[ 2911.321142] The buggy address belongs to the physical page:
[ 2911.321755] page:000000002ff49dbe refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10c329
[ 2911.322666] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff)
[ 2911.323327] raw: 0017ffffc0000200 0000000000000000 dead000000000001 ffff8881000418c0
[ 2911.324241] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[ 2911.325125] page dumped because: kasan: bad access detected
[ 2911.325766]
[ 2911.325947] Memory state around the buggy address:
[ 2911.326476] ffff88810c329700: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc
[ 2911.327285] ffff88810c329780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2911.328148] >ffff88810c329800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 2911.328921] ^
[ 2911.329236] ffff88810c329880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2911.329986] ffff88810c329900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 2911.330762] ==================================================================
[ 2911.331580] ==================================================================
[ 2911.332641] BUG: KASAN: use-after-free in ksize_uaf+0x47d/0x4a0 [test_kasan]
[ 2911.333419] Read of size 1 at addr ffff88810c329800 by task kunit_try_catch/117556
[ 2911.334210]
[ 2911.334451] CPU: 0 PID: 117556 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-243.1944_756456474.el9.x86_64+debug #1
[ 2911.335892] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2911.336483] Call Trace:
[ 2911.336748]
[ 2911.336964] ? ksize_uaf+0x47d/0x4a0 [test_kasan]
[ 2911.337506] dump_stack_lvl+0x57/0x81
[ 2911.337937] print_address_description.constprop.0+0x1f/0x1e0
[ 2911.338507] ? ksize_uaf+0x47d/0x4a0 [test_kasan]
[ 2911.338976] print_report.cold+0x5c/0x237
[ 2911.339401] kasan_report+0xc9/0x100
[ 2911.339799] ? ksize_uaf+0x47d/0x4a0 [test_kasan]
[ 2911.340250] ksize_uaf+0x47d/0x4a0 [test_kasan]
[ 2911.340733] ? kmem_cache_oob+0x2e0/0x2e0 [test_kasan]
[ 2911.341218] ? do_raw_spin_trylock+0xb5/0x180
[ 2911.341670] ? do_raw_spin_lock+0x270/0x270
[ 2911.342087] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2911.342643] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2911.343138] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2911.343633] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2911.344230] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2911.344901] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2911.345412] kthread+0x2a7/0x350
[ 2911.345758] ? kthread_complete_and_exit+0x20/0x20
[ 2911.346217] ret_from_fork+0x22/0x30
[ 2911.346599]
[ 2911.346836]
[ 2911.346999] Allocated by task 117556:
[ 2911.347374] kasan_save_stack+0x1e/0x40
[ 2911.347767] __kasan_kmalloc+0x81/0xa0
[ 2911.348126] ksize_uaf+0x9a/0x4a0 [test_kasan]
[ 2911.348582] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2911.349063] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2911.349667] kthread+0x2a7/0x350
[ 2911.349998] ret_from_fork+0x22/0x30
[ 2911.350368]
[ 2911.350536] Freed by task 117556:
[ 2911.350877] kasan_save_stack+0x1e/0x40
[ 2911.351245] kasan_set_track+0x21/0x30
[ 2911.351636] kasan_set_free_info+0x20/0x40
[ 2911.352042] __kasan_slab_free+0x108/0x170
[ 2911.352456] slab_free_freelist_hook+0x11d/0x1d0
[ 2911.352920] kfree+0xe2/0x3c0
[ 2911.353216] ksize_uaf+0x137/0x4a0 [test_kasan]
[ 2911.353685] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2911.354179] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2911.354755] kthread+0x2a7/0x350
[ 2911.355073] ret_from_fork+0x22/0x30
[ 2911.355445]
[ 2911.355611] The buggy address belongs to the object at ffff88810c329800
[ 2911.355611] which belongs to the cache kmalloc-128 of size 128
[ 2911.356798] The buggy address is located 0 bytes inside of
[ 2911.356798] 128-byte region [ffff88810c329800, ffff88810c329880)
[ 2911.357896]
[ 2911.358057] The buggy address belongs to the physical page:
[ 2911.358580] page:000000002ff49dbe refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10c329
[ 2911.359489] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff)
[ 2911.360171] raw: 0017ffffc0000200 0000000000000000 dead000000000001 ffff8881000418c0
[ 2911.360961] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[ 2911.361717] page dumped because: kasan: bad access detected
[ 2911.362239]
[ 2911.362407] Memory state around the buggy address:
[ 2911.362859] ffff88810c329700: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc
[ 2911.363559] ffff88810c329780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2911.364245] >ffff88810c329800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 2911.364960] ^
[ 2911.365274] ffff88810c329880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2911.365989] ffff88810c329900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 2911.366670] ==================================================================
[ 2911.367395] ==================================================================
[ 2911.368208] BUG: KASAN: use-after-free in ksize_uaf+0x470/0x4a0 [test_kasan]
[ 2911.368916] Read of size 1 at addr ffff88810c329878 by task kunit_try_catch/117556
[ 2911.369645]
[ 2911.369825] CPU: 0 PID: 117556 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-243.1944_756456474.el9.x86_64+debug #1
[ 2911.371084] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2911.371670] Call Trace:
[ 2911.371915]
[ 2911.372131] ? ksize_uaf+0x470/0x4a0 [test_kasan]
[ 2911.372612] dump_stack_lvl+0x57/0x81
[ 2911.372985] print_address_description.constprop.0+0x1f/0x1e0
[ 2911.373554] ? ksize_uaf+0x470/0x4a0 [test_kasan]
[ 2911.374024] print_report.cold+0x5c/0x237
[ 2911.374434] kasan_report+0xc9/0x100
[ 2911.374795] ? ksize_uaf+0x470/0x4a0 [test_kasan]
[ 2911.375283] ksize_uaf+0x470/0x4a0 [test_kasan]
[ 2911.375785] ? kmem_cache_oob+0x2e0/0x2e0 [test_kasan]
[ 2911.376272] ? do_raw_spin_trylock+0xb5/0x180
[ 2911.376736] ? do_raw_spin_lock+0x270/0x270
[ 2911.377140] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2911.377695] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2911.378218] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2911.378713] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2911.379194] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2911.379827] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2911.380319] kthread+0x2a7/0x350
[ 2911.380641] ? kthread_complete_and_exit+0x20/0x20
[ 2911.381100] ret_from_fork+0x22/0x30
[ 2911.381479]
[ 2911.381825]
[ 2911.382052] Allocated by task 117556:
[ 2911.382484] kasan_save_stack+0x1e/0x40
[ 2911.382905] __kasan_kmalloc+0x81/0xa0
[ 2911.383307] ksize_uaf+0x9a/0x4a0 [test_kasan]
[ 2911.383804] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2911.384327] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2911.384969] kthread+0x2a7/0x350
[ 2911.385286] ret_from_fork+0x22/0x30
[ 2911.385663]
[ 2911.385841] Freed by task 117556:
[ 2911.386183] kasan_save_stack+0x1e/0x40
[ 2911.386602] kasan_set_track+0x21/0x30
[ 2911.386976] kasan_set_free_info+0x20/0x40
[ 2911.387379] __kasan_slab_free+0x108/0x170
[ 2911.387790] slab_free_freelist_hook+0x11d/0x1d0
[ 2911.388226] kfree+0xe2/0x3c0
[ 2911.388525] ksize_uaf+0x137/0x4a0 [test_kasan]
[ 2911.388957] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2911.389443] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2911.390077] kthread+0x2a7/0x350
[ 2911.390420] ret_from_fork+0x22/0x30
[ 2911.390779]
[ 2911.390957] The buggy address belongs to the object at ffff88810c329800
[ 2911.390957] which belongs to the cache kmalloc-128 of size 128
[ 2911.392136] The buggy address is located 120 bytes inside of
[ 2911.392136] 128-byte region [ffff88810c329800, ffff88810c329880)
[ 2911.393209]
[ 2911.393393] The buggy address belongs to the physical page:
[ 2911.393955] page:000000002ff49dbe refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10c329
[ 2911.394842] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff)
[ 2911.395510] raw: 0017ffffc0000200 0000000000000000 dead000000000001 ffff8881000418c0
[ 2911.396244] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[ 2911.397003] page dumped because: kasan: bad access detected
[ 2911.397656]
[ 2911.397840] Memory state around the buggy address:
[ 2911.398306] ffff88810c329700: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc
[ 2911.398979] ffff88810c329780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2911.399678] >ffff88810c329800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 2911.400368] ^
[ 2911.401028] ffff88810c329880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2911.401742] ffff88810c329900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 2911.402411] ==================================================================
[ 2911.403438] ok 38 - ksize_uaf
[ 2911.409423] ==================================================================
[ 2911.410516] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x152/0x400
[ 2911.411241]
[ 2911.411413] CPU: 0 PID: 117557 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-243.1944_756456474.el9.x86_64+debug #1
[ 2911.412664] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2911.413206] Call Trace:
[ 2911.413455]
[ 2911.413672] dump_stack_lvl+0x57/0x81
[ 2911.414030] print_address_description.constprop.0+0x1f/0x1e0
[ 2911.414602] print_report.cold+0x5c/0x237
[ 2911.415005] ? kmem_cache_free+0x152/0x400
[ 2911.415404] ? kmem_cache_free+0x152/0x400
[ 2911.415792] kasan_report_invalid_free+0x99/0xc0
[ 2911.416232] ? kmem_cache_free+0x152/0x400
[ 2911.416623] ? kmem_cache_free+0x152/0x400
[ 2911.417010] __kasan_slab_free+0x152/0x170
[ 2911.417405] slab_free_freelist_hook+0x11d/0x1d0
[ 2911.417849] ? kmem_cache_double_free+0x1bd/0x280 [test_kasan]
[ 2911.418418] kmem_cache_free+0x152/0x400
[ 2911.418821] kmem_cache_double_free+0x1bd/0x280 [test_kasan]
[ 2911.419381] ? kmem_cache_invalid_free+0x280/0x280 [test_kasan]
[ 2911.419962] ? do_raw_spin_trylock+0xb5/0x180
[ 2911.420403] ? do_raw_spin_lock+0x270/0x270
[ 2911.420818] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2911.421378] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 2911.421871] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2911.422375] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2911.422867] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2911.423367] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2911.423962] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2911.424454] kthread+0x2a7/0x350
[ 2911.424771] ? kthread_complete_and_exit+0x20/0x20
[ 2911.425228] ret_from_fork+0x22/0x30
[ 2911.425610]
[ 2911.425847]
[ 2911.426009] Allocated by task 117557:
[ 2911.426380] kasan_save_stack+0x1e/0x40
[ 2911.426775] __kasan_slab_alloc+0x66/0x80
[ 2911.427159] kmem_cache_alloc+0x161/0x310
[ 2911.427665] kmem_cache_double_free+0x123/0x280 [test_kasan]
[ 2911.428247] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2911.428734] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2911.429307] kthread+0x2a7/0x350
[ 2911.429627] ret_from_fork+0x22/0x30
[ 2911.429973]
[ 2911.430133] Freed by task 117557:
[ 2911.430498] kasan_save_stack+0x1e/0x40
[ 2911.430887] kasan_set_track+0x21/0x30
[ 2911.431246] kasan_set_free_info+0x20/0x40
[ 2911.431642] __kasan_slab_free+0x108/0x170
[ 2911.432031] slab_free_freelist_hook+0x11d/0x1d0
[ 2911.432478] kmem_cache_free+0x152/0x400
[ 2911.432858] kmem_cache_double_free+0x144/0x280 [test_kasan]
[ 2911.433399] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2911.433866] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2911.434479] kthread+0x2a7/0x350
[ 2911.434830] ret_from_fork+0x22/0x30
[ 2911.435189]
[ 2911.435354] The buggy address belongs to the object at ffff88808fa18630
[ 2911.435354] which belongs to the cache test_cache of size 200
[ 2911.436506] The buggy address is located 0 bytes inside of
[ 2911.436506] 200-byte region [ffff88808fa18630, ffff88808fa186f8)
[ 2911.437580]
[ 2911.437741] The buggy address belongs to the physical page:
[ 2911.438259] page:000000003174f9c2 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8fa18
[ 2911.439156] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2911.439821] raw: 000fffffc0000200 0000000000000000 dead000000000122 ffff888001d75780
[ 2911.440572] raw: 0000000000000000 00000000800f000f 00000001ffffffff 0000000000000000
[ 2911.441290] page dumped because: kasan: bad access detected
[ 2911.441813]
[ 2911.441973] Memory state around the buggy address:
[ 2911.442446] ffff88808fa18500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2911.443139] ffff88808fa18580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2911.443812] >ffff88808fa18600: fc fc fc fc fc fc fa fb fb fb fb fb fb fb fb fb
[ 2911.444485] ^
[ 2911.444940] ffff88808fa18680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 2911.445610] ffff88808fa18700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2911.446285] ==================================================================
[ 2911.496661] ok 39 - kmem_cache_double_free
[ 2911.498498] ==================================================================
[ 2911.499663] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x152/0x400
[ 2911.500389]
[ 2911.500553] CPU: 0 PID: 117558 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-243.1944_756456474.el9.x86_64+debug #1
[ 2911.501806] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2911.502349] Call Trace:
[ 2911.502593]
[ 2911.502809] dump_stack_lvl+0x57/0x81
[ 2911.503162] print_address_description.constprop.0+0x1f/0x1e0
[ 2911.503807] print_report.cold+0x5c/0x237
[ 2911.504220] ? kmem_cache_free+0x152/0x400
[ 2911.504618] ? kmem_cache_free+0x152/0x400
[ 2911.505004] kasan_report_invalid_free+0x99/0xc0
[ 2911.505448] ? kmem_cache_free+0x152/0x400
[ 2911.505836] ? kmem_cache_free+0x152/0x400
[ 2911.506223] __kasan_slab_free+0x152/0x170
[ 2911.506641] slab_free_freelist_hook+0x11d/0x1d0
[ 2911.507086] ? kmem_cache_invalid_free+0x1b6/0x280 [test_kasan]
[ 2911.507674] kmem_cache_free+0x152/0x400
[ 2911.508069] kmem_cache_invalid_free+0x1b6/0x280 [test_kasan]
[ 2911.508642] ? kmem_cache_double_destroy+0x250/0x250 [test_kasan]
[ 2911.509228] ? do_raw_spin_trylock+0xb5/0x180
[ 2911.509656] ? do_raw_spin_lock+0x270/0x270
[ 2911.510055] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2911.510604] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 2911.511096] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2911.511606] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2911.512089] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2911.512574] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2911.513142] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2911.513628] kthread+0x2a7/0x350
[ 2911.513943] ? kthread_complete_and_exit+0x20/0x20
[ 2911.514403] ret_from_fork+0x22/0x30
[ 2911.514752]
[ 2911.514972]
[ 2911.515135] Allocated by task 117558:
[ 2911.515511] kasan_save_stack+0x1e/0x40
[ 2911.515899] __kasan_slab_alloc+0x66/0x80
[ 2911.516277] kmem_cache_alloc+0x161/0x310
[ 2911.516659] kmem_cache_invalid_free+0x126/0x280 [test_kasan]
[ 2911.517195] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2911.517781] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2911.518373] kthread+0x2a7/0x350
[ 2911.518690] ret_from_fork+0x22/0x30
[ 2911.519040]
[ 2911.519202] The buggy address belongs to the object at ffff8880146a1528
[ 2911.519202] which belongs to the cache test_cache of size 200
[ 2911.520384] The buggy address is located 1 bytes inside of
[ 2911.520384] 200-byte region [ffff8880146a1528, ffff8880146a15f0)
[ 2911.521441]
[ 2911.521602] The buggy address belongs to the physical page:
[ 2911.522117] page:00000000d15895fd refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x146a1
[ 2911.523011] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2911.523677] raw: 000fffffc0000200 0000000000000000 dead000000000122 ffff888001d75140
[ 2911.524460] raw: 0000000000000000 00000000800f000f 00000001ffffffff 0000000000000000
[ 2911.525442] page dumped because: kasan: bad access detected
[ 2911.526016]
[ 2911.526182] Memory state around the buggy address:
[ 2911.526737] ffff8880146a1400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2911.527494] ffff8880146a1480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2911.528217] >ffff8880146a1500: fc fc fc fc fc 00 00 00 00 00 00 00 00 00 00 00
[ 2911.528956] ^
[ 2911.529409] ffff8880146a1580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc
[ 2911.530101] ffff8880146a1600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2911.530800] ==================================================================
[ 2911.574196] ok 40 - kmem_cache_invalid_free
[ 2911.575852] ==================================================================
[ 2911.576993] BUG: KASAN: use-after-free in kmem_cache_double_destroy+0x1a0/0x250 [test_kasan]
[ 2911.577941] Read of size 1 at addr ffff888001d75280 by task kunit_try_catch/117559
[ 2911.578697]
[ 2911.578862] CPU: 0 PID: 117559 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-243.1944_756456474.el9.x86_64+debug #1
[ 2911.580114] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2911.580659] Call Trace:
[ 2911.580904]
[ 2911.581120] ? kmem_cache_double_destroy+0x1a0/0x250 [test_kasan]
[ 2911.581740] dump_stack_lvl+0x57/0x81
[ 2911.582095] print_address_description.constprop.0+0x1f/0x1e0
[ 2911.582698] ? kmem_cache_double_destroy+0x1a0/0x250 [test_kasan]
[ 2911.583541] print_report.cold+0x5c/0x237
[ 2911.583979] kasan_report+0xc9/0x100
[ 2911.584408] ? kmem_cache_free+0x100/0x400
[ 2911.584872] ? kmem_cache_double_destroy+0x1a0/0x250 [test_kasan]
[ 2911.585538] ? kmem_cache_double_destroy+0x1a0/0x250 [test_kasan]
[ 2911.586172] __kasan_check_byte+0x36/0x50
[ 2911.586605] kmem_cache_destroy+0x21/0x170
[ 2911.587012] kmem_cache_double_destroy+0x1a0/0x250 [test_kasan]
[ 2911.587615] ? kmalloc_oob_right+0x510/0x510 [test_kasan]
[ 2911.588137] ? do_raw_spin_trylock+0xb5/0x180
[ 2911.588561] ? do_raw_spin_lock+0x270/0x270
[ 2911.588964] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2911.589514] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2911.590017] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2911.590534] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2911.591044] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2911.591622] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2911.592110] kthread+0x2a7/0x350
[ 2911.592433] ? kthread_complete_and_exit+0x20/0x20
[ 2911.592889] ret_from_fork+0x22/0x30
[ 2911.593242]
[ 2911.593488]
[ 2911.593657] Allocated by task 117559:
[ 2911.594023] kasan_save_stack+0x1e/0x40
[ 2911.594425] __kasan_slab_alloc+0x66/0x80
[ 2911.594830] kmem_cache_alloc+0x161/0x310
[ 2911.595210] kmem_cache_create_usercopy+0x1b9/0x310
[ 2911.595676] kmem_cache_create+0x12/0x20
[ 2911.596051] kmem_cache_double_destroy+0x8d/0x250 [test_kasan]
[ 2911.596611] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2911.597075] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2911.597675] kthread+0x2a7/0x350
[ 2911.598007] ret_from_fork+0x22/0x30
[ 2911.598393]
[ 2911.598560] Freed by task 117559:
[ 2911.598899] kasan_save_stack+0x1e/0x40
[ 2911.599265] kasan_set_track+0x21/0x30
[ 2911.599630] kasan_set_free_info+0x20/0x40
[ 2911.600020] __kasan_slab_free+0x108/0x170
[ 2911.600433] slab_free_freelist_hook+0x11d/0x1d0
[ 2911.600898] kmem_cache_free+0x152/0x400
[ 2911.601272] kobject_cleanup+0x104/0x390
[ 2911.601692] kmem_cache_double_destroy+0x12a/0x250 [test_kasan]
[ 2911.602263] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2911.602770] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2911.603347] kthread+0x2a7/0x350
[ 2911.603661] ret_from_fork+0x22/0x30
[ 2911.604031]
[ 2911.604211] The buggy address belongs to the object at ffff888001d75280
[ 2911.604211] which belongs to the cache kmem_cache of size 240
[ 2911.605357] The buggy address is located 0 bytes inside of
[ 2911.605357] 240-byte region [ffff888001d75280, ffff888001d75370)
[ 2911.606456]
[ 2911.606624] The buggy address belongs to the physical page:
[ 2911.607159] page:0000000050319d50 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1d75
[ 2911.608166] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2911.608830] raw: 000fffffc0000200 0000000000000000 dead000000000122 ffff888100041000
[ 2911.609593] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[ 2911.610366] page dumped because: kasan: bad access detected
[ 2911.610921]
[ 2911.611089] Memory state around the buggy address:
[ 2911.611584] ffff888001d75180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2911.612287] ffff888001d75200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc
[ 2911.612979] >ffff888001d75280: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 2911.613698] ^
[ 2911.614037] ffff888001d75300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
[ 2911.614770] ffff888001d75380: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 2911.615484] ==================================================================
[ 2911.616621] ok 41 - kmem_cache_double_destroy
[ 2911.620207] ok 42 - kasan_memchr # SKIP Test requires CONFIG_AMD_MEM_ENCRYPT=n
[ 2911.622253] ok 43 - kasan_memcmp # SKIP Test requires CONFIG_AMD_MEM_ENCRYPT=n
[ 2911.624291] ok 44 - kasan_strings # SKIP Test requires CONFIG_AMD_MEM_ENCRYPT=n
[ 2911.626205] ==================================================================
[ 2911.627716] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0xff/0x850 [test_kasan]
[ 2911.628625] Write of size 8 at addr ffff888014444848 by task kunit_try_catch/117563
[ 2911.629380]
[ 2911.629550] CPU: 0 PID: 117563 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-243.1944_756456474.el9.x86_64+debug #1
[ 2911.630938] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2911.631496] Call Trace:
[ 2911.631748]
[ 2911.631971] ? kasan_bitops_modify.constprop.0+0xff/0x850 [test_kasan]
[ 2911.632621] dump_stack_lvl+0x57/0x81
[ 2911.632989] print_address_description.constprop.0+0x1f/0x1e0
[ 2911.633578] ? kasan_bitops_modify.constprop.0+0xff/0x850 [test_kasan]
[ 2911.634226] print_report.cold+0x5c/0x237
[ 2911.634656] kasan_report+0xc9/0x100
[ 2911.635031] ? kasan_bitops_modify.constprop.0+0xff/0x850 [test_kasan]
[ 2911.635662] kasan_check_range+0xfd/0x1e0
[ 2911.636060] kasan_bitops_modify.constprop.0+0xff/0x850 [test_kasan]
[ 2911.636676] ? kasan_test_init+0x50/0x50 [test_kasan]
[ 2911.637193] ? kasan_bitops_generic+0x86/0x164 [test_kasan]
[ 2911.637858] ? kunit_kfree+0x200/0x200 [kunit]
[ 2911.638304] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2911.638851] ? rcu_read_lock_held+0x30/0x50
[ 2911.639261] ? trace_kmalloc+0x3c/0x100
[ 2911.639672] ? kmem_cache_alloc_trace+0x1af/0x320
[ 2911.640150] kasan_bitops_generic+0xfa/0x164 [test_kasan]
[ 2911.640766] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan]
[ 2911.641500] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit]
[ 2911.642071] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2911.642570] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2911.643046] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2911.643715] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2911.644306] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2911.644853] kthread+0x2a7/0x350
[ 2911.645182] ? kthread_complete_and_exit+0x20/0x20
[ 2911.645726] ret_from_fork+0x22/0x30
[ 2911.646103]
[ 2911.646334]
[ 2911.646551] Allocated by task 117563:
[ 2911.646971] kasan_save_stack+0x1e/0x40
[ 2911.647388] __kasan_kmalloc+0x81/0xa0
[ 2911.647806] kasan_bitops_generic+0x86/0x164 [test_kasan]
[ 2911.648333] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2911.648850] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2911.649468] kthread+0x2a7/0x350
[ 2911.649860] ret_from_fork+0x22/0x30
[ 2911.650213]
[ 2911.650403] The buggy address belongs to the object at ffff888014444840
[ 2911.650403] which belongs to the cache kmalloc-16 of size 16
[ 2911.651612] The buggy address is located 8 bytes inside of
[ 2911.651612] 16-byte region [ffff888014444840, ffff888014444850)
[ 2911.652751]
[ 2911.652918] The buggy address belongs to the physical page:
[ 2911.653473] page:000000000a4726ea refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x14444
[ 2911.654374] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2911.655028] raw: 000fffffc0000200 ffffea0000bce600 dead000000000002 ffff8881000413c0
[ 2911.655805] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000
[ 2911.656544] page dumped because: kasan: bad access detected
[ 2911.657074]
[ 2911.657261] Memory state around the buggy address:
[ 2911.657776] ffff888014444700: fa fb fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 2911.658448] ffff888014444780: 00 00 fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc
[ 2911.659115] >ffff888014444800: fa fb fc fc 00 00 fc fc 00 01 fc fc fa fb fc fc
[ 2911.659825] ^
[ 2911.660364] ffff888014444880: 00 00 fc fc fa fb fc fc fa fb fc fc 00 00 fc fc
[ 2911.661062] ffff888014444900: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[ 2911.661781] ==================================================================
[ 2911.662490] ==================================================================
[ 2911.663162] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x1a4/0x850 [test_kasan]
[ 2911.664060] Write of size 8 at addr ffff888014444848 by task kunit_try_catch/117563
[ 2911.664766]
[ 2911.664928] CPU: 0 PID: 117563 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-243.1944_756456474.el9.x86_64+debug #1
[ 2911.666267] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2911.666850] Call Trace:
[ 2911.667093]
[ 2911.667307] ? kasan_bitops_modify.constprop.0+0x1a4/0x850 [test_kasan]
[ 2911.668083] dump_stack_lvl+0x57/0x81
[ 2911.668462] print_address_description.constprop.0+0x1f/0x1e0
[ 2911.669023] ? kasan_bitops_modify.constprop.0+0x1a4/0x850 [test_kasan]
[ 2911.669668] print_report.cold+0x5c/0x237
[ 2911.670068] kasan_report+0xc9/0x100
[ 2911.670450] ? kasan_bitops_modify.constprop.0+0x1a4/0x850 [test_kasan]
[ 2911.671062] kasan_check_range+0xfd/0x1e0
[ 2911.671450] kasan_bitops_modify.constprop.0+0x1a4/0x850 [test_kasan]
[ 2911.672052] ? kasan_test_init+0x50/0x50 [test_kasan]
[ 2911.672556] ? kasan_bitops_generic+0x86/0x164 [test_kasan]
[ 2911.673095] ? kunit_kfree+0x200/0x200 [kunit]
[ 2911.673553] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2911.674094] ? rcu_read_lock_held+0x30/0x50
[ 2911.674520] ? trace_kmalloc+0x3c/0x100
[ 2911.674911] ? kmem_cache_alloc_trace+0x1af/0x320
[ 2911.675363] kasan_bitops_generic+0xfa/0x164 [test_kasan]
[ 2911.675872] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan]
[ 2911.676586] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit]
[ 2911.677144] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2911.677666] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2911.678147] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2911.678632] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2911.679204] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2911.679691] kthread+0x2a7/0x350
[ 2911.680005] ? kthread_complete_and_exit+0x20/0x20
[ 2911.680488] ret_from_fork+0x22/0x30
[ 2911.680861]
[ 2911.681081]
[ 2911.681243] Allocated by task 117563:
[ 2911.681736] kasan_save_stack+0x1e/0x40
[ 2911.682248] __kasan_kmalloc+0x81/0xa0
[ 2911.682653] kasan_bitops_generic+0x86/0x164 [test_kasan]
[ 2911.683186] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2911.683720] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2911.684373] kthread+0x2a7/0x350
[ 2911.684739] ret_from_fork+0x22/0x30
[ 2911.685086]
[ 2911.685247] The buggy address belongs to the object at ffff888014444840
[ 2911.685247] which belongs to the cache kmalloc-16 of size 16
[ 2911.686410] The buggy address is located 8 bytes inside of
[ 2911.686410] 16-byte region [ffff888014444840, ffff888014444850)
[ 2911.687526]
[ 2911.687703] The buggy address belongs to the physical page:
[ 2911.688213] page:000000000a4726ea refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x14444
[ 2911.689105] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2911.689773] raw: 000fffffc0000200 ffffea0000bce600 dead000000000002 ffff8881000413c0
[ 2911.690595] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000
[ 2911.691368] page dumped because: kasan: bad access detected
[ 2911.691883]
[ 2911.692044] Memory state around the buggy address:
[ 2911.692520] ffff888014444700: fa fb fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 2911.693203] ffff888014444780: 00 00 fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc
[ 2911.693920] >ffff888014444800: fa fb fc fc 00 00 fc fc 00 01 fc fc fa fb fc fc
[ 2911.694593] ^
[ 2911.695107] ffff888014444880: 00 00 fc fc fa fb fc fc fa fb fc fc 00 00 fc fc
[ 2911.695778] ffff888014444900: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[ 2911.696469] ==================================================================
[ 2911.697246] ==================================================================
[ 2911.698104] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x24d/0x850 [test_kasan]
[ 2911.698975] Write of size 8 at addr ffff888014444848 by task kunit_try_catch/117563
[ 2911.699688]
[ 2911.699851] CPU: 0 PID: 117563 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-243.1944_756456474.el9.x86_64+debug #1
[ 2911.701144] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2911.701729] Call Trace:
[ 2911.701973]
[ 2911.702188] ? kasan_bitops_modify.constprop.0+0x24d/0x850 [test_kasan]
[ 2911.702809] dump_stack_lvl+0x57/0x81
[ 2911.703166] print_address_description.constprop.0+0x1f/0x1e0
[ 2911.703715] ? kasan_bitops_modify.constprop.0+0x24d/0x850 [test_kasan]
[ 2911.704353] print_report.cold+0x5c/0x237
[ 2911.704812] kasan_report+0xc9/0x100
[ 2911.705193] ? kasan_bitops_modify.constprop.0+0x24d/0x850 [test_kasan]
[ 2911.705856] kasan_check_range+0xfd/0x1e0
[ 2911.706241] kasan_bitops_modify.constprop.0+0x24d/0x850 [test_kasan]
[ 2911.706850] ? kasan_test_init+0x50/0x50 [test_kasan]
[ 2911.707332] ? kasan_bitops_generic+0x86/0x164 [test_kasan]
[ 2911.707856] ? kunit_kfree+0x200/0x200 [kunit]
[ 2911.708286] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2911.708843] ? rcu_read_lock_held+0x30/0x50
[ 2911.709243] ? trace_kmalloc+0x3c/0x100
[ 2911.709644] ? kmem_cache_alloc_trace+0x1af/0x320
[ 2911.710113] kasan_bitops_generic+0xfa/0x164 [test_kasan]
[ 2911.710625] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan]
[ 2911.711335] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit]
[ 2911.711946] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2911.712434] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2911.712897] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2911.713398] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2911.713995] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2911.714486] kthread+0x2a7/0x350
[ 2911.714803] ? kthread_complete_and_exit+0x20/0x20
[ 2911.715264] ret_from_fork+0x22/0x30
[ 2911.715590]
[ 2911.715809]
[ 2911.715982] Allocated by task 117563:
[ 2911.716400] kasan_save_stack+0x1e/0x40
[ 2911.716785] __kasan_kmalloc+0x81/0xa0
[ 2911.717145] kasan_bitops_generic+0x86/0x164 [test_kasan]
[ 2911.717685] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2911.718166] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2911.718742] kthread+0x2a7/0x350
[ 2911.719059] ret_from_fork+0x22/0x30
[ 2911.719431]
[ 2911.719598] The buggy address belongs to the object at ffff888014444840
[ 2911.719598] which belongs to the cache kmalloc-16 of size 16
[ 2911.720764] The buggy address is located 8 bytes inside of
[ 2911.720764] 16-byte region [ffff888014444840, ffff888014444850)
[ 2911.721875]
[ 2911.722038] The buggy address belongs to the physical page:
[ 2911.722560] page:000000000a4726ea refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x14444
[ 2911.723432] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2911.724090] raw: 000fffffc0000200 ffffea0000bce600 dead000000000002 ffff8881000413c0
[ 2911.724811] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000
[ 2911.725550] page dumped because: kasan: bad access detected
[ 2911.726088]
[ 2911.726251] Memory state around the buggy address:
[ 2911.726706] ffff888014444700: fa fb fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 2911.727416] ffff888014444780: 00 00 fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc
[ 2911.728213] >ffff888014444800: fa fb fc fc 00 00 fc fc 00 01 fc fc fa fb fc fc
[ 2911.728915] ^
[ 2911.729475] ffff888014444880: 00 00 fc fc fa fb fc fc fa fb fc fc 00 00 fc fc
[ 2911.730164] ffff888014444900: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[ 2911.730842] ==================================================================
[ 2911.731553] ==================================================================
[ 2911.732246] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x2f2/0x850 [test_kasan]
[ 2911.733144] Write of size 8 at addr ffff888014444848 by task kunit_try_catch/117563
[ 2911.733897]
[ 2911.734074] CPU: 0 PID: 117563 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-243.1944_756456474.el9.x86_64+debug #1
[ 2911.735381] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2911.735920] Call Trace:
[ 2911.736163]
[ 2911.736383] ? kasan_bitops_modify.constprop.0+0x2f2/0x850 [test_kasan]
[ 2911.736999] dump_stack_lvl+0x57/0x81
[ 2911.737397] print_address_description.constprop.0+0x1f/0x1e0
[ 2911.738006] ? kasan_bitops_modify.constprop.0+0x2f2/0x850 [test_kasan]
[ 2911.738648] print_report.cold+0x5c/0x237
[ 2911.739035] kasan_report+0xc9/0x100
[ 2911.739389] ? kasan_bitops_modify.constprop.0+0x2f2/0x850 [test_kasan]
[ 2911.740005] kasan_check_range+0xfd/0x1e0
[ 2911.740394] kasan_bitops_modify.constprop.0+0x2f2/0x850 [test_kasan]
[ 2911.741023] ? kasan_test_init+0x50/0x50 [test_kasan]
[ 2911.741542] ? kasan_bitops_generic+0x86/0x164 [test_kasan]
[ 2911.742085] ? kunit_kfree+0x200/0x200 [kunit]
[ 2911.742524] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2911.743046] ? rcu_read_lock_held+0x30/0x50
[ 2911.743533] ? trace_kmalloc+0x3c/0x100
[ 2911.744010] ? kmem_cache_alloc_trace+0x1af/0x320
[ 2911.744468] kasan_bitops_generic+0xfa/0x164 [test_kasan]
[ 2911.744980] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan]
[ 2911.745702] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit]
[ 2911.746258] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2911.746784] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2911.747249] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2911.747734] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2911.748308] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2911.748798] kthread+0x2a7/0x350
[ 2911.749113] ? kthread_complete_and_exit+0x20/0x20
[ 2911.749600] ret_from_fork+0x22/0x30
[ 2911.749972]
[ 2911.750194]
[ 2911.750378] Allocated by task 117563:
[ 2911.750742] kasan_save_stack+0x1e/0x40
[ 2911.751210] __kasan_kmalloc+0x81/0xa0
[ 2911.751599] kasan_bitops_generic+0x86/0x164 [test_kasan]
[ 2911.752124] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2911.752636] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2911.753242] kthread+0x2a7/0x350
[ 2911.753602] ret_from_fork+0x22/0x30
[ 2911.753979]
[ 2911.754147] The buggy address belongs to the object at ffff888014444840
[ 2911.754147] which belongs to the cache kmalloc-16 of size 16
[ 2911.755313] The buggy address is located 8 bytes inside of
[ 2911.755313] 16-byte region [ffff888014444840, ffff888014444850)
[ 2911.756421]
[ 2911.756590] The buggy address belongs to the physical page:
[ 2911.757151] page:000000000a4726ea refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x14444
[ 2911.758185] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2911.758873] raw: 000fffffc0000200 ffffea0000bce600 dead000000000002 ffff8881000413c0
[ 2911.759621] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000
[ 2911.760374] page dumped because: kasan: bad access detected
[ 2911.760957]
[ 2911.761141] Memory state around the buggy address:
[ 2911.761663] ffff888014444700: fa fb fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 2911.762353] ffff888014444780: 00 00 fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc
[ 2911.763074] >ffff888014444800: fa fb fc fc 00 00 fc fc 00 01 fc fc fa fb fc fc
[ 2911.763788] ^
[ 2911.764306] ffff888014444880: 00 00 fc fc fa fb fc fc fa fb fc fc 00 00 fc fc
[ 2911.765068] ffff888014444900: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[ 2911.765778] ==================================================================
[ 2911.766495] ==================================================================
[ 2911.767217] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x39b/0x850 [test_kasan]
[ 2911.768118] Write of size 8 at addr ffff888014444848 by task kunit_try_catch/117563
[ 2911.768866]
[ 2911.769030] CPU: 0 PID: 117563 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-243.1944_756456474.el9.x86_64+debug #1
[ 2911.770333] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2911.770912] Call Trace:
[ 2911.771161]
[ 2911.786345] ? kasan_bitops_modify.constprop.0+0x39b/0x850 [test_kasan]
[ 2911.787054] dump_stack_lvl+0x57/0x81
[ 2911.787596] print_address_description.constprop.0+0x1f/0x1e0
[ 2911.788234] ? kasan_bitops_modify.constprop.0+0x39b/0x850 [test_kasan]
[ 2911.788900] print_report.cold+0x5c/0x237
[ 2911.789316] kasan_report+0xc9/0x100
[ 2911.789674] ? kasan_bitops_modify.constprop.0+0x39b/0x850 [test_kasan]
[ 2911.790290] kasan_check_range+0xfd/0x1e0
[ 2911.790726] kasan_bitops_modify.constprop.0+0x39b/0x850 [test_kasan]
[ 2911.791422] ? kasan_test_init+0x50/0x50 [test_kasan]
[ 2911.791943] ? kasan_bitops_generic+0x86/0x164 [test_kasan]
[ 2911.792492] ? kunit_kfree+0x200/0x200 [kunit]
[ 2911.792942] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2911.793472] ? rcu_read_lock_held+0x30/0x50
[ 2911.793906] ? trace_kmalloc+0x3c/0x100
[ 2911.794307] ? kmem_cache_alloc_trace+0x1af/0x320
[ 2911.794794] kasan_bitops_generic+0xfa/0x164 [test_kasan]
[ 2911.795320] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan]
[ 2911.796017] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit]
[ 2911.796585] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2911.797086] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2911.797562] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2911.798044] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2911.798622] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2911.799109] kthread+0x2a7/0x350
[ 2911.799459] ? kthread_complete_and_exit+0x20/0x20
[ 2911.799918] ret_from_fork+0x22/0x30
[ 2911.800290]
[ 2911.800546]
[ 2911.800741] Allocated by task 117563:
[ 2911.801102] kasan_save_stack+0x1e/0x40
[ 2911.801503] __kasan_kmalloc+0x81/0xa0
[ 2911.801887] kasan_bitops_generic+0x86/0x164 [test_kasan]
[ 2911.802418] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2911.802908] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2911.803487] kthread+0x2a7/0x350
[ 2911.803806] ret_from_fork+0x22/0x30
[ 2911.804153]
[ 2911.804328] The buggy address belongs to the object at ffff888014444840
[ 2911.804328] which belongs to the cache kmalloc-16 of size 16
[ 2911.805516] The buggy address is located 8 bytes inside of
[ 2911.805516] 16-byte region [ffff888014444840, ffff888014444850)
[ 2911.806590]
[ 2911.806757] The buggy address belongs to the physical page:
[ 2911.807314] page:000000000a4726ea refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x14444
[ 2911.808217] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2911.808912] raw: 000fffffc0000200 ffffea0000bce600 dead000000000002 ffff8881000413c0
[ 2911.809664] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000
[ 2911.810418] page dumped because: kasan: bad access detected
[ 2911.810966]
[ 2911.811127] Memory state around the buggy address:
[ 2911.811584] ffff888014444700: fa fb fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 2911.812254] ffff888014444780: 00 00 fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc
[ 2911.812929] >ffff888014444800: fa fb fc fc 00 00 fc fc 00 01 fc fc fa fb fc fc
[ 2911.813603] ^
[ 2911.814126] ffff888014444880: 00 00 fc fc fa fb fc fc fa fb fc fc 00 00 fc fc
[ 2911.814821] ffff888014444900: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[ 2911.815495] ==================================================================
[ 2911.816469] ==================================================================
[ 2911.817176] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x440/0x850 [test_kasan]
[ 2911.818181] Write of size 8 at addr ffff888014444848 by task kunit_try_catch/117563
[ 2911.818935]
[ 2911.819120] CPU: 0 PID: 117563 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-243.1944_756456474.el9.x86_64+debug #1
[ 2911.820389] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2911.820937] Call Trace:
[ 2911.821202]
[ 2911.821424] ? kasan_bitops_modify.constprop.0+0x440/0x850 [test_kasan]
[ 2911.822040] dump_stack_lvl+0x57/0x81
[ 2911.822420] print_address_description.constprop.0+0x1f/0x1e0
[ 2911.823169] ? kasan_bitops_modify.constprop.0+0x440/0x850 [test_kasan]
[ 2911.823930] print_report.cold+0x5c/0x237
[ 2911.824480] kasan_report+0xc9/0x100
[ 2911.824971] ? kasan_bitops_modify.constprop.0+0x440/0x850 [test_kasan]
[ 2911.825709] kasan_check_range+0xfd/0x1e0
[ 2911.826117] kasan_bitops_modify.constprop.0+0x440/0x850 [test_kasan]
[ 2911.826830] ? kasan_test_init+0x50/0x50 [test_kasan]
[ 2911.827373] ? kasan_bitops_generic+0x86/0x164 [test_kasan]
[ 2911.827922] ? kunit_kfree+0x200/0x200 [kunit]
[ 2911.828358] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2911.828919] ? rcu_read_lock_held+0x30/0x50
[ 2911.829353] ? trace_kmalloc+0x3c/0x100
[ 2911.829755] ? kmem_cache_alloc_trace+0x1af/0x320
[ 2911.830209] kasan_bitops_generic+0xfa/0x164 [test_kasan]
[ 2911.830770] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan]
[ 2911.831471] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit]
[ 2911.832007] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2911.832516] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2911.833005] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2911.833491] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2911.834065] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2911.834579] kthread+0x2a7/0x350
[ 2911.834916] ? kthread_complete_and_exit+0x20/0x20
[ 2911.835396] ret_from_fork+0x22/0x30
[ 2911.835775]
[ 2911.835998]
[ 2911.836162] Allocated by task 117563:
[ 2911.836523] kasan_save_stack+0x1e/0x40
[ 2911.836894] __kasan_kmalloc+0x81/0xa0
[ 2911.837256] kasan_bitops_generic+0x86/0x164 [test_kasan]
[ 2911.837792] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2911.838275] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2911.838896] kthread+0x2a7/0x350
[ 2911.839232] ret_from_fork+0x22/0x30
[ 2911.839607]
[ 2911.839771] The buggy address belongs to the object at ffff888014444840
[ 2911.839771] which belongs to the cache kmalloc-16 of size 16
[ 2911.840944] The buggy address is located 8 bytes inside of
[ 2911.840944] 16-byte region [ffff888014444840, ffff888014444850)
[ 2911.842037]
[ 2911.842200] The buggy address belongs to the physical page:
[ 2911.842766] page:000000000a4726ea refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x14444
[ 2911.843622] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2911.844265] raw: 000fffffc0000200 ffffea0000bce600 dead000000000002 ffff8881000413c0
[ 2911.845032] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000
[ 2911.845754] page dumped because: kasan: bad access detected
[ 2911.846274]
[ 2911.846461] Memory state around the buggy address:
[ 2911.846938] ffff888014444700: fa fb fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 2911.847747] ffff888014444780: 00 00 fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc
[ 2911.848442] >ffff888014444800: fa fb fc fc 00 00 fc fc 00 01 fc fc fa fb fc fc
[ 2911.849115] ^
[ 2911.849642] ffff888014444880: 00 00 fc fc fa fb fc fc fa fb fc fc 00 00 fc fc
[ 2911.850355] ffff888014444900: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[ 2911.851054] ==================================================================
[ 2911.851750] ==================================================================
[ 2911.852452] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x4e9/0x850 [test_kasan]
[ 2911.853340] Write of size 8 at addr ffff888014444848 by task kunit_try_catch/117563
[ 2911.854047]
[ 2911.854210] CPU: 0 PID: 117563 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-243.1944_756456474.el9.x86_64+debug #1
[ 2911.855584] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2911.856121] Call Trace:
[ 2911.856369]
[ 2911.856584] ? kasan_bitops_modify.constprop.0+0x4e9/0x850 [test_kasan]
[ 2911.857202] dump_stack_lvl+0x57/0x81
[ 2911.857589] print_address_description.constprop.0+0x1f/0x1e0
[ 2911.858152] ? kasan_bitops_modify.constprop.0+0x4e9/0x850 [test_kasan]
[ 2911.858817] print_report.cold+0x5c/0x237
[ 2911.859205] kasan_report+0xc9/0x100
[ 2911.859561] ? kasan_bitops_modify.constprop.0+0x4e9/0x850 [test_kasan]
[ 2911.860185] kasan_check_range+0xfd/0x1e0
[ 2911.860576] kasan_bitops_modify.constprop.0+0x4e9/0x850 [test_kasan]
[ 2911.861176] ? kasan_test_init+0x50/0x50 [test_kasan]
[ 2911.861703] ? kasan_bitops_generic+0x86/0x164 [test_kasan]
[ 2911.862231] ? kunit_kfree+0x200/0x200 [kunit]
[ 2911.862814] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2911.863474] ? rcu_read_lock_held+0x30/0x50
[ 2911.863926] ? trace_kmalloc+0x3c/0x100
[ 2911.864361] ? kmem_cache_alloc_trace+0x1af/0x320
[ 2911.864855] kasan_bitops_generic+0xfa/0x164 [test_kasan]
[ 2911.865454] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan]
[ 2911.866189] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit]
[ 2911.866776] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2911.867263] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2911.867773] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2911.868253] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2911.868833] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2911.869319] kthread+0x2a7/0x350
[ 2911.869682] ? kthread_complete_and_exit+0x20/0x20
[ 2911.870141] ret_from_fork+0x22/0x30
[ 2911.870542]
[ 2911.870794]
[ 2911.870972] Allocated by task 117563:
[ 2911.871322] kasan_save_stack+0x1e/0x40
[ 2911.871695] __kasan_kmalloc+0x81/0xa0
[ 2911.872056] kasan_bitops_generic+0x86/0x164 [test_kasan]
[ 2911.872594] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2911.873076] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2911.873657] kthread+0x2a7/0x350
[ 2911.874008] ret_from_fork+0x22/0x30
[ 2911.874420]
[ 2911.874623] The buggy address belongs to the object at ffff888014444840
[ 2911.874623] which belongs to the cache kmalloc-16 of size 16
[ 2911.875796] The buggy address is located 8 bytes inside of
[ 2911.875796] 16-byte region [ffff888014444840, ffff888014444850)
[ 2911.876911]
[ 2911.877074] The buggy address belongs to the physical page:
[ 2911.877744] page:000000000a4726ea refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x14444
[ 2911.878667] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2911.879302] raw: 000fffffc0000200 ffffea0000bce600 dead000000000002 ffff8881000413c0
[ 2911.880020] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000
[ 2911.880783] page dumped because: kasan: bad access detected
[ 2911.881299]
[ 2911.881467] Memory state around the buggy address:
[ 2911.881939] ffff888014444700: fa fb fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 2911.882660] ffff888014444780: 00 00 fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc
[ 2911.883598] >ffff888014444800: fa fb fc fc 00 00 fc fc 00 01 fc fc fa fb fc fc
[ 2911.884329] ^
[ 2911.884931] ffff888014444880: 00 00 fc fc fa fb fc fc fa fb fc fc 00 00 fc fc
[ 2911.885668] ffff888014444900: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[ 2911.886339] ==================================================================
[ 2911.887022] ==================================================================
[ 2911.887723] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x58e/0x850 [test_kasan]
[ 2911.888838] Write of size 8 at addr ffff888014444848 by task kunit_try_catch/117563
[ 2911.889670]
[ 2911.889834] CPU: 0 PID: 117563 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-243.1944_756456474.el9.x86_64+debug #1
[ 2911.891255] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2911.891883] Call Trace:
[ 2911.892128]
[ 2911.892365] ? kasan_bitops_modify.constprop.0+0x58e/0x850 [test_kasan]
[ 2911.893006] dump_stack_lvl+0x57/0x81
[ 2911.893369] print_address_description.constprop.0+0x1f/0x1e0
[ 2911.893914] ? kasan_bitops_modify.constprop.0+0x58e/0x850 [test_kasan]
[ 2911.894534] print_report.cold+0x5c/0x237
[ 2911.894920] kasan_report+0xc9/0x100
[ 2911.895287] ? kasan_bitops_modify.constprop.0+0x58e/0x850 [test_kasan]
[ 2911.895936] kasan_check_range+0xfd/0x1e0
[ 2911.896330] kasan_bitops_modify.constprop.0+0x58e/0x850 [test_kasan]
[ 2911.896980] ? kasan_test_init+0x50/0x50 [test_kasan]
[ 2911.897468] ? kasan_bitops_generic+0x86/0x164 [test_kasan]
[ 2911.898021] ? kunit_kfree+0x200/0x200 [kunit]
[ 2911.898481] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2911.899009] ? rcu_read_lock_held+0x30/0x50
[ 2911.899430] ? trace_kmalloc+0x3c/0x100
[ 2911.899824] ? kmem_cache_alloc_trace+0x1af/0x320
[ 2911.900295] kasan_bitops_generic+0xfa/0x164 [test_kasan]
[ 2911.900855] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan]
[ 2911.901577] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit]
[ 2911.902151] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2911.902643] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2911.903114] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2911.903599] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2911.904172] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2911.904691] kthread+0x2a7/0x350
[ 2911.905025] ? kthread_complete_and_exit+0x20/0x20
[ 2911.905510] ret_from_fork+0x22/0x30
[ 2911.905885]
[ 2911.906124]
[ 2911.906293] Allocated by task 117563:
[ 2911.906668] kasan_save_stack+0x1e/0x40
[ 2911.907037] __kasan_kmalloc+0x81/0xa0
[ 2911.907485] kasan_bitops_generic+0x86/0x164 [test_kasan]
[ 2911.908068] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2911.908564] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2911.909157] kthread+0x2a7/0x350
[ 2911.909499] ret_from_fork+0x22/0x30
[ 2911.909869]
[ 2911.910032] The buggy address belongs to the object at ffff888014444840
[ 2911.910032] which belongs to the cache kmalloc-16 of size 16
[ 2911.911152] The buggy address is located 8 bytes inside of
[ 2911.911152] 16-byte region [ffff888014444840, ffff888014444850)
[ 2911.912203]
[ 2911.912369] The buggy address belongs to the physical page:
[ 2911.912887] page:000000000a4726ea refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x14444
[ 2911.913779] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2911.914519] raw: 000fffffc0000200 ffffea0000bce600 dead000000000002 ffff8881000413c0
[ 2911.915275] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000
[ 2911.915997] page dumped because: kasan: bad access detected
[ 2911.916524]
[ 2911.916687] Memory state around the buggy address:
[ 2911.917141] ffff888014444700: fa fb fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 2911.917856] ffff888014444780: 00 00 fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc
[ 2911.918537] >ffff888014444800: fa fb fc fc 00 00 fc fc 00 01 fc fc fa fb fc fc
[ 2911.919209] ^
[ 2911.919793] ffff888014444880: 00 00 fc fc fa fb fc fc fa fb fc fc 00 00 fc fc
[ 2911.920519] ffff888014444900: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[ 2911.921251] ==================================================================
[ 2911.921985] ==================================================================
[ 2911.922668] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xff/0x990 [test_kasan]
[ 2911.923594] Write of size 8 at addr ffff888014444848 by task kunit_try_catch/117563
[ 2911.924453]
[ 2911.924655] CPU: 0 PID: 117563 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-243.1944_756456474.el9.x86_64+debug #1
[ 2911.926121] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2911.926766] Call Trace:
[ 2911.927031]
[ 2911.927287] ? kasan_bitops_test_and_modify.constprop.0+0xff/0x990 [test_kasan]
[ 2911.928042] dump_stack_lvl+0x57/0x81
[ 2911.928373] print_address_description.constprop.0+0x1f/0x1e0
[ 2911.928871] ? kasan_bitops_test_and_modify.constprop.0+0xff/0x990 [test_kasan]
[ 2911.929577] print_report.cold+0x5c/0x237
[ 2911.929955] kasan_report+0xc9/0x100
[ 2911.930273] ? kasan_bitops_test_and_modify.constprop.0+0xff/0x990 [test_kasan]
[ 2911.930992] kasan_check_range+0xfd/0x1e0
[ 2911.931373] kasan_bitops_test_and_modify.constprop.0+0xff/0x990 [test_kasan]
[ 2911.932023] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan]
[ 2911.932629] ? kasan_bitops_generic+0x86/0x164 [test_kasan]
[ 2911.933138] ? kunit_kfree+0x200/0x200 [kunit]
[ 2911.933587] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2911.934116] ? rcu_read_lock_held+0x30/0x50
[ 2911.934530] ? trace_kmalloc+0x3c/0x100
[ 2911.934903] ? kmem_cache_alloc_trace+0x1af/0x320
[ 2911.935361] kasan_bitops_generic+0x105/0x164 [test_kasan]
[ 2911.935880] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan]
[ 2911.936619] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit]
[ 2911.937156] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2911.937812] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2911.938332] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2911.938856] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2911.939454] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2911.939959] kthread+0x2a7/0x350
[ 2911.940290] ? kthread_complete_and_exit+0x20/0x20
[ 2911.940772] ret_from_fork+0x22/0x30
[ 2911.941136]
[ 2911.941387]
[ 2911.941562] Allocated by task 117563:
[ 2911.941948] kasan_save_stack+0x1e/0x40
[ 2911.942335] __kasan_kmalloc+0x81/0xa0
[ 2911.942710] kasan_bitops_generic+0x86/0x164 [test_kasan]
[ 2911.943259] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2911.943771] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2911.944367] kthread+0x2a7/0x350
[ 2911.944693] ret_from_fork+0x22/0x30
[ 2911.945050]
[ 2911.945218] The buggy address belongs to the object at ffff888014444840
[ 2911.945218] which belongs to the cache kmalloc-16 of size 16
[ 2911.946435] The buggy address is located 8 bytes inside of
[ 2911.946435] 16-byte region [ffff888014444840, ffff888014444850)
[ 2911.947551]
[ 2911.947738] The buggy address belongs to the physical page:
[ 2911.948273] page:000000000a4726ea refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x14444
[ 2911.949158] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2911.949862] raw: 000fffffc0000200 ffffea0000bce600 dead000000000002 ffff8881000413c0
[ 2911.950603] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000
[ 2911.951370] page dumped because: kasan: bad access detected
[ 2911.951976]
[ 2911.952163] Memory state around the buggy address:
[ 2911.952637] ffff888014444700: fa fb fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 2911.953351] ffff888014444780: 00 00 fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc
[ 2911.954073] >ffff888014444800: fa fb fc fc 00 00 fc fc 00 01 fc fc fa fb fc fc
[ 2911.954772] ^
[ 2911.955311] ffff888014444880: 00 00 fc fc fa fb fc fc fa fb fc fc 00 00 fc fc
[ 2911.956008] ffff888014444900: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[ 2911.956750] ==================================================================
[ 2911.957492] ==================================================================
[ 2911.958215] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x1a9/0x990 [test_kasan]
[ 2911.959187] Write of size 8 at addr ffff888014444848 by task kunit_try_catch/117563
[ 2911.959922]
[ 2911.960090] CPU: 0 PID: 117563 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-243.1944_756456474.el9.x86_64+debug #1
[ 2911.961465] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2911.962049] Call Trace:
[ 2911.962302]
[ 2911.962531] ? kasan_bitops_test_and_modify.constprop.0+0x1a9/0x990 [test_kasan]
[ 2911.963248] dump_stack_lvl+0x57/0x81
[ 2911.963619] print_address_description.constprop.0+0x1f/0x1e0
[ 2911.964181] ? kasan_bitops_test_and_modify.constprop.0+0x1a9/0x990 [test_kasan]
[ 2911.964905] print_report.cold+0x5c/0x237
[ 2911.965305] kasan_report+0xc9/0x100
[ 2911.965672] ? kasan_bitops_test_and_modify.constprop.0+0x1a9/0x990 [test_kasan]
[ 2911.966407] kasan_check_range+0xfd/0x1e0
[ 2911.966833] kasan_bitops_test_and_modify.constprop.0+0x1a9/0x990 [test_kasan]
[ 2911.967596] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan]
[ 2911.968238] ? kasan_bitops_generic+0x86/0x164 [test_kasan]
[ 2911.968769] ? kunit_kfree+0x200/0x200 [kunit]
[ 2911.969202] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2911.969777] ? rcu_read_lock_held+0x30/0x50
[ 2911.970179] ? trace_kmalloc+0x3c/0x100
[ 2911.970574] ? kmem_cache_alloc_trace+0x1af/0x320
[ 2911.971045] kasan_bitops_generic+0x105/0x164 [test_kasan]
[ 2911.971586] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan]
[ 2911.972296] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit]
[ 2911.972859] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2911.973370] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2911.973859] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2911.974403] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2911.975048] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2911.975585] kthread+0x2a7/0x350
[ 2911.975906] ? kthread_complete_and_exit+0x20/0x20
[ 2911.976388] ret_from_fork+0x22/0x30
[ 2911.976767]
[ 2911.976987]
[ 2911.977150] Allocated by task 117563:
[ 2911.977591] kasan_save_stack+0x1e/0x40
[ 2911.977992] __kasan_kmalloc+0x81/0xa0
[ 2911.978397] kasan_bitops_generic+0x86/0x164 [test_kasan]
[ 2911.978949] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2911.979439] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2911.980033] kthread+0x2a7/0x350
[ 2911.980391] ret_from_fork+0x22/0x30
[ 2911.980776]
[ 2911.980943] The buggy address belongs to the object at ffff888014444840
[ 2911.980943] which belongs to the cache kmalloc-16 of size 16
[ 2911.982118] The buggy address is located 8 bytes inside of
[ 2911.982118] 16-byte region [ffff888014444840, ffff888014444850)
[ 2911.983237]
[ 2911.983426] The buggy address belongs to the physical page:
[ 2911.983969] page:000000000a4726ea refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x14444
[ 2911.984930] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2911.985665] raw: 000fffffc0000200 ffffea0000bce600 dead000000000002 ffff8881000413c0
[ 2911.986448] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000
[ 2911.987206] page dumped because: kasan: bad access detected
[ 2911.987816]
[ 2911.987978] Memory state around the buggy address:
[ 2911.988508] ffff888014444700: fa fb fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 2911.989237] ffff888014444780: 00 00 fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc
[ 2911.989954] >ffff888014444800: fa fb fc fc 00 00 fc fc 00 01 fc fc fa fb fc fc
[ 2911.990692] ^
[ 2911.991246] ffff888014444880: 00 00 fc fc fa fb fc fc fa fb fc fc 00 00 fc fc
[ 2911.991964] ffff888014444900: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[ 2911.992721] ==================================================================
[ 2911.993434] ==================================================================
[ 2911.994137] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x252/0x990 [test_kasan]
[ 2911.995158] Write of size 8 at addr ffff888014444848 by task kunit_try_catch/117563
[ 2911.995954]
[ 2911.996116] CPU: 0 PID: 117563 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-243.1944_756456474.el9.x86_64+debug #1
[ 2911.997549] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2911.998129] Call Trace:
[ 2911.998402]
[ 2911.998634] ? kasan_bitops_test_and_modify.constprop.0+0x252/0x990 [test_kasan]
[ 2911.999402] dump_stack_lvl+0x57/0x81
[ 2911.999801] print_address_description.constprop.0+0x1f/0x1e0
[ 2912.000372] ? kasan_bitops_test_and_modify.constprop.0+0x252/0x990 [test_kasan]
[ 2912.001111] print_report.cold+0x5c/0x237
[ 2912.001504] kasan_report+0xc9/0x100
[ 2912.001852] ? kasan_bitops_test_and_modify.constprop.0+0x252/0x990 [test_kasan]
[ 2912.002595] kasan_check_range+0xfd/0x1e0
[ 2912.002983] kasan_bitops_test_and_modify.constprop.0+0x252/0x990 [test_kasan]
[ 2912.003692] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan]
[ 2912.004330] ? kasan_bitops_generic+0x86/0x164 [test_kasan]
[ 2912.004901] ? kunit_kfree+0x200/0x200 [kunit]
[ 2912.005355] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2912.005928] ? rcu_read_lock_held+0x30/0x50
[ 2912.006329] ? trace_kmalloc+0x3c/0x100
[ 2912.006701] ? kmem_cache_alloc_trace+0x1af/0x320
[ 2912.007151] kasan_bitops_generic+0x105/0x164 [test_kasan]
[ 2912.007704] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan]
[ 2912.008417] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit]
[ 2912.008966] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2912.009472] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2912.009960] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2912.010469] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2912.011063] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2912.011580] kthread+0x2a7/0x350
[ 2912.011920] ? kthread_complete_and_exit+0x20/0x20
[ 2912.012384] ret_from_fork+0x22/0x30
[ 2912.012740]
[ 2912.012962]
[ 2912.013125] Allocated by task 117563:
[ 2912.013505] kasan_save_stack+0x1e/0x40
[ 2912.013894] __kasan_kmalloc+0x81/0xa0
[ 2912.014257] kasan_bitops_generic+0x86/0x164 [test_kasan]
[ 2912.014808] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2912.015273] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2912.015890] kthread+0x2a7/0x350
[ 2912.016209] ret_from_fork+0x22/0x30
[ 2912.016561]
[ 2912.016724] The buggy address belongs to the object at ffff888014444840
[ 2912.016724] which belongs to the cache kmalloc-16 of size 16
[ 2912.017890] The buggy address is located 8 bytes inside of
[ 2912.017890] 16-byte region [ffff888014444840, ffff888014444850)
[ 2912.018986]
[ 2912.019148] The buggy address belongs to the physical page:
[ 2912.019713] page:000000000a4726ea refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x14444
[ 2912.020627] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2912.021304] raw: 000fffffc0000200 ffffea0000bce600 dead000000000002 ffff8881000413c0
[ 2912.022028] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000
[ 2912.022785] page dumped because: kasan: bad access detected
[ 2912.023304]
[ 2912.023470] Memory state around the buggy address:
[ 2912.023922] ffff888014444700: fa fb fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 2912.024621] ffff888014444780: 00 00 fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc
[ 2912.025311] >ffff888014444800: fa fb fc fc 00 00 fc fc 00 01 fc fc fa fb fc fc
[ 2912.025988] ^
[ 2912.026534] ffff888014444880: 00 00 fc fc fa fb fc fc fa fb fc fc 00 00 fc fc
[ 2912.027227] ffff888014444900: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[ 2912.028044] ==================================================================
[ 2912.028776] ==================================================================
[ 2912.029482] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x2fc/0x990 [test_kasan]
[ 2912.030456] Write of size 8 at addr ffff888014444848 by task kunit_try_catch/117563
[ 2912.031186]
[ 2912.031368] CPU: 0 PID: 117563 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-243.1944_756456474.el9.x86_64+debug #1
[ 2912.032657] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2912.033215] Call Trace:
[ 2912.033464]
[ 2912.033681] ? kasan_bitops_test_and_modify.constprop.0+0x2fc/0x990 [test_kasan]
[ 2912.034414] dump_stack_lvl+0x57/0x81
[ 2912.034806] print_address_description.constprop.0+0x1f/0x1e0
[ 2912.035371] ? kasan_bitops_test_and_modify.constprop.0+0x2fc/0x990 [test_kasan]
[ 2912.036067] print_report.cold+0x5c/0x237
[ 2912.036477] kasan_report+0xc9/0x100
[ 2912.036847] ? kasan_bitops_test_and_modify.constprop.0+0x2fc/0x990 [test_kasan]
[ 2912.037542] kasan_check_range+0xfd/0x1e0
[ 2912.037930] kasan_bitops_test_and_modify.constprop.0+0x2fc/0x990 [test_kasan]
[ 2912.038683] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan]
[ 2912.039326] ? kasan_bitops_generic+0x86/0x164 [test_kasan]
[ 2912.039853] ? kunit_kfree+0x200/0x200 [kunit]
[ 2912.040288] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2912.040859] ? rcu_read_lock_held+0x30/0x50
[ 2912.041262] ? trace_kmalloc+0x3c/0x100
[ 2912.041634] ? kmem_cache_alloc_trace+0x1af/0x320
[ 2912.042087] kasan_bitops_generic+0x105/0x164 [test_kasan]
[ 2912.042635] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan]
[ 2912.043346] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit]
[ 2912.043883] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2912.044387] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2912.044873] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2912.045365] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2912.045939] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2912.046453] kthread+0x2a7/0x350
[ 2912.046793] ? kthread_complete_and_exit+0x20/0x20
[ 2912.047253] ret_from_fork+0x22/0x30
[ 2912.047613]
[ 2912.047835]
[ 2912.047998] Allocated by task 117563:
[ 2912.048371] kasan_save_stack+0x1e/0x40
[ 2912.048768] __kasan_kmalloc+0x81/0xa0
[ 2912.049128] kasan_bitops_generic+0x86/0x164 [test_kasan]
[ 2912.049644] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2912.050106] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2912.050739] kthread+0x2a7/0x350
[ 2912.051073] ret_from_fork+0x22/0x30
[ 2912.051424]
[ 2912.051586] The buggy address belongs to the object at ffff888014444840
[ 2912.051586] which belongs to the cache kmalloc-16 of size 16
[ 2912.052750] The buggy address is located 8 bytes inside of
[ 2912.052750] 16-byte region [ffff888014444840, ffff888014444850)
[ 2912.053817]
[ 2912.053981] The buggy address belongs to the physical page:
[ 2912.054543] page:000000000a4726ea refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x14444
[ 2912.055422] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2912.056063] raw: 000fffffc0000200 ffffea0000bce600 dead000000000002 ffff8881000413c0
[ 2912.056827] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000
[ 2912.057662] page dumped because: kasan: bad access detected
[ 2912.058200]
[ 2912.058386] Memory state around the buggy address:
[ 2912.058863] ffff888014444700: fa fb fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 2912.059558] ffff888014444780: 00 00 fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc
[ 2912.060246] >ffff888014444800: fa fb fc fc 00 00 fc fc 00 01 fc fc fa fb fc fc
[ 2912.060961] ^
[ 2912.061488] ffff888014444880: 00 00 fc fc fa fb fc fc fa fb fc fc 00 00 fc fc
[ 2912.062160] ffff888014444900: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[ 2912.062876] ==================================================================
[ 2912.063567] ==================================================================
[ 2912.064245] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x3a6/0x990 [test_kasan]
[ 2912.065271] Write of size 8 at addr ffff888014444848 by task kunit_try_catch/117563
[ 2912.065986]
[ 2912.066150] CPU: 0 PID: 117563 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-243.1944_756456474.el9.x86_64+debug #1
[ 2912.067451] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2912.067993] Call Trace:
[ 2912.068237]
[ 2912.068479] ? kasan_bitops_test_and_modify.constprop.0+0x3a6/0x990 [test_kasan]
[ 2912.069192] dump_stack_lvl+0x57/0x81
[ 2912.069554] print_address_description.constprop.0+0x1f/0x1e0
[ 2912.070098] ? kasan_bitops_test_and_modify.constprop.0+0x3a6/0x990 [test_kasan]
[ 2912.070831] print_report.cold+0x5c/0x237
[ 2912.071220] kasan_report+0xc9/0x100
[ 2912.071572] ? kasan_bitops_test_and_modify.constprop.0+0x3a6/0x990 [test_kasan]
[ 2912.072259] kasan_check_range+0xfd/0x1e0
[ 2912.072674] kasan_bitops_test_and_modify.constprop.0+0x3a6/0x990 [test_kasan]
[ 2912.073372] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan]
[ 2912.073987] ? kasan_bitops_generic+0x86/0x164 [test_kasan]
[ 2912.074538] ? kunit_kfree+0x200/0x200 [kunit]
[ 2912.074991] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2912.075524] ? rcu_read_lock_held+0x30/0x50
[ 2912.075920] ? trace_kmalloc+0x3c/0x100
[ 2912.076287] ? kmem_cache_alloc_trace+0x1af/0x320
[ 2912.076787] kasan_bitops_generic+0x105/0x164 [test_kasan]
[ 2912.077308] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan]
[ 2912.078002] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit]
[ 2912.078566] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2912.079066] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2912.079551] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2912.080036] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2912.080651] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2912.081180] kthread+0x2a7/0x350
[ 2912.081520] ? kthread_complete_and_exit+0x20/0x20
[ 2912.082000] ret_from_fork+0x22/0x30
[ 2912.082412]
[ 2912.082674]
[ 2912.082854] Allocated by task 117563:
[ 2912.083206] kasan_save_stack+0x1e/0x40
[ 2912.083581] __kasan_kmalloc+0x81/0xa0
[ 2912.083940] kasan_bitops_generic+0x86/0x164 [test_kasan]
[ 2912.084472] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2912.084961] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2912.085543] kthread+0x2a7/0x350
[ 2912.085861] ret_from_fork+0x22/0x30
[ 2912.086210]
[ 2912.086395] The buggy address belongs to the object at ffff888014444840
[ 2912.086395] which belongs to the cache kmalloc-16 of size 16
[ 2912.087665] The buggy address is located 8 bytes inside of
[ 2912.087665] 16-byte region [ffff888014444840, ffff888014444850)
[ 2912.088811]
[ 2912.088988] The buggy address belongs to the physical page:
[ 2912.089511] page:000000000a4726ea refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x14444
[ 2912.090383] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2912.091044] raw: 000fffffc0000200 ffffea0000bce600 dead000000000002 ffff8881000413c0
[ 2912.091759] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000
[ 2912.092498] page dumped because: kasan: bad access detected
[ 2912.093037]
[ 2912.093200] Memory state around the buggy address:
[ 2912.093657] ffff888014444700: fa fb fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 2912.094351] ffff888014444780: 00 00 fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc
[ 2912.095090] >ffff888014444800: fa fb fc fc 00 00 fc fc 00 01 fc fc fa fb fc fc
[ 2912.095808] ^
[ 2912.096350] ffff888014444880: 00 00 fc fc fa fb fc fc fa fb fc fc 00 00 fc fc
[ 2912.097050] ffff888014444900: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[ 2912.097765] ==================================================================
[ 2912.098476] ==================================================================
[ 2912.099176] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x44f/0x990 [test_kasan]
[ 2912.100149] Write of size 8 at addr ffff888014444848 by task kunit_try_catch/117563
[ 2912.100904]
[ 2912.101067] CPU: 0 PID: 117563 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-243.1944_756456474.el9.x86_64+debug #1
[ 2912.102342] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2912.102909] Call Trace:
[ 2912.103170]
[ 2912.103399] ? kasan_bitops_test_and_modify.constprop.0+0x44f/0x990 [test_kasan]
[ 2912.104110] dump_stack_lvl+0x57/0x81
[ 2912.104492] print_address_description.constprop.0+0x1f/0x1e0
[ 2912.105060] ? kasan_bitops_test_and_modify.constprop.0+0x44f/0x990 [test_kasan]
[ 2912.105754] print_report.cold+0x5c/0x237
[ 2912.106166] kasan_report+0xc9/0x100
[ 2912.106561] ? kasan_bitops_test_and_modify.constprop.0+0x44f/0x990 [test_kasan]
[ 2912.107289] kasan_check_range+0xfd/0x1e0
[ 2912.107683] kasan_bitops_test_and_modify.constprop.0+0x44f/0x990 [test_kasan]
[ 2912.108379] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan]
[ 2912.109020] ? kasan_bitops_generic+0x86/0x164 [test_kasan]
[ 2912.109550] ? kunit_kfree+0x200/0x200 [kunit]
[ 2912.109981] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2912.110553] ? rcu_read_lock_held+0x30/0x50
[ 2912.110996] ? trace_kmalloc+0x3c/0x100
[ 2912.111375] ? kmem_cache_alloc_trace+0x1af/0x320
[ 2912.111828] kasan_bitops_generic+0x105/0x164 [test_kasan]
[ 2912.112369] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan]
[ 2912.113086] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit]
[ 2912.113632] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2912.114117] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2912.114623] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2912.115121] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2912.115703] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2912.116191] kthread+0x2a7/0x350
[ 2912.116534] ? kthread_complete_and_exit+0x20/0x20
[ 2912.117012] ret_from_fork+0x22/0x30
[ 2912.117393]
[ 2912.117706]
[ 2912.117893] Allocated by task 117563:
[ 2912.118245] kasan_save_stack+0x1e/0x40
[ 2912.118662] __kasan_kmalloc+0x81/0xa0
[ 2912.119026] kasan_bitops_generic+0x86/0x164 [test_kasan]
[ 2912.119540] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2912.120008] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2912.120610] kthread+0x2a7/0x350
[ 2912.120946] ret_from_fork+0x22/0x30
[ 2912.121293]
[ 2912.121460] The buggy address belongs to the object at ffff888014444840
[ 2912.121460] which belongs to the cache kmalloc-16 of size 16
[ 2912.122616] The buggy address is located 8 bytes inside of
[ 2912.122616] 16-byte region [ffff888014444840, ffff888014444850)
[ 2912.123732]
[ 2912.123893] The buggy address belongs to the physical page:
[ 2912.124580] page:000000000a4726ea refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x14444
[ 2912.125617] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2912.126349] raw: 000fffffc0000200 ffffea0000bce600 dead000000000002 ffff8881000413c0
[ 2912.127135] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000
[ 2912.128000] page dumped because: kasan: bad access detected
[ 2912.128548]
[ 2912.128728] Memory state around the buggy address:
[ 2912.129179] ffff888014444700: fa fb fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 2912.129940] ffff888014444780: 00 00 fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc
[ 2912.130640] >ffff888014444800: fa fb fc fc 00 00 fc fc 00 01 fc fc fa fb fc fc
[ 2912.131331] ^
[ 2912.131847] ffff888014444880: 00 00 fc fc fa fb fc fc fa fb fc fc 00 00 fc fc
[ 2912.132562] ffff888014444900: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[ 2912.133251] ==================================================================
[ 2912.133983] ==================================================================
[ 2912.134705] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x4f9/0x990 [test_kasan]
[ 2912.135643] Write of size 8 at addr ffff888014444848 by task kunit_try_catch/117563
[ 2912.136375]
[ 2912.136545] CPU: 0 PID: 117563 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-243.1944_756456474.el9.x86_64+debug #1
[ 2912.137860] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2912.138422] Call Trace:
[ 2912.138697]
[ 2912.138937] ? kasan_bitops_test_and_modify.constprop.0+0x4f9/0x990 [test_kasan]
[ 2912.139650] dump_stack_lvl+0x57/0x81
[ 2912.140009] print_address_description.constprop.0+0x1f/0x1e0
[ 2912.140591] ? kasan_bitops_test_and_modify.constprop.0+0x4f9/0x990 [test_kasan]
[ 2912.141324] print_report.cold+0x5c/0x237
[ 2912.141714] kasan_report+0xc9/0x100
[ 2912.142064] ? kasan_bitops_test_and_modify.constprop.0+0x4f9/0x990 [test_kasan]
[ 2912.142799] kasan_check_range+0xfd/0x1e0
[ 2912.143184] kasan_bitops_test_and_modify.constprop.0+0x4f9/0x990 [test_kasan]
[ 2912.143869] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan]
[ 2912.144510] ? kasan_bitops_generic+0x86/0x164 [test_kasan]
[ 2912.145059] ? kunit_kfree+0x200/0x200 [kunit]
[ 2912.145497] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2912.146024] ? rcu_read_lock_held+0x30/0x50
[ 2912.146446] ? trace_kmalloc+0x3c/0x100
[ 2912.146838] ? kmem_cache_alloc_trace+0x1af/0x320
[ 2912.147289] kasan_bitops_generic+0x105/0x164 [test_kasan]
[ 2912.147952] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan]
[ 2912.148687] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit]
[ 2912.149243] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2912.149732] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2912.150198] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2912.150752] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2912.151336] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2912.151824] kthread+0x2a7/0x350
[ 2912.152140] ? kthread_complete_and_exit+0x20/0x20
[ 2912.152624] ret_from_fork+0x22/0x30
[ 2912.152995]
[ 2912.153219]
[ 2912.153387] Allocated by task 117563:
[ 2912.153742] kasan_save_stack+0x1e/0x40
[ 2912.154113] __kasan_kmalloc+0x81/0xa0
[ 2912.154508] kasan_bitops_generic+0x86/0x164 [test_kasan]
[ 2912.155064] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2912.155533] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2912.156105] kthread+0x2a7/0x350
[ 2912.156462] ret_from_fork+0x22/0x30
[ 2912.156829]
[ 2912.156991] The buggy address belongs to the object at ffff888014444840
[ 2912.156991] which belongs to the cache kmalloc-16 of size 16
[ 2912.158112] The buggy address is located 8 bytes inside of
[ 2912.158112] 16-byte region [ffff888014444840, ffff888014444850)
[ 2912.159224]
[ 2912.159394] The buggy address belongs to the physical page:
[ 2912.159978] page:000000000a4726ea refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x14444
[ 2912.160883] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2912.161530] raw: 000fffffc0000200 ffffea0000bce600 dead000000000002 ffff8881000413c0
[ 2912.162241] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000
[ 2912.162999] page dumped because: kasan: bad access detected
[ 2912.163521]
[ 2912.163683] Memory state around the buggy address:
[ 2912.164135] ffff888014444700: fa fb fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 2912.164851] ffff888014444780: 00 00 fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc
[ 2912.165525] >ffff888014444800: fa fb fc fc 00 00 fc fc 00 01 fc fc fa fb fc fc
[ 2912.166219] ^
[ 2912.166804] ffff888014444880: 00 00 fc fc fa fb fc fc fa fb fc fc 00 00 fc fc
[ 2912.167476] ffff888014444900: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[ 2912.168142] ==================================================================
[ 2912.168873] ==================================================================
[ 2912.169554] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x5a2/0x990 [test_kasan]
[ 2912.170505] Read of size 8 at addr ffff888014444848 by task kunit_try_catch/117563
[ 2912.171232]
[ 2912.171418] CPU: 0 PID: 117563 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-243.1944_756456474.el9.x86_64+debug #1
[ 2912.172738] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2912.173280] Call Trace:
[ 2912.173539]
[ 2912.173755] ? kasan_bitops_test_and_modify.constprop.0+0x5a2/0x990 [test_kasan]
[ 2912.174456] dump_stack_lvl+0x57/0x81
[ 2912.174812] print_address_description.constprop.0+0x1f/0x1e0
[ 2912.175376] ? kasan_bitops_test_and_modify.constprop.0+0x5a2/0x990 [test_kasan]
[ 2912.176093] print_report.cold+0x5c/0x237
[ 2912.176508] kasan_report+0xc9/0x100
[ 2912.176878] ? kasan_bitops_test_and_modify.constprop.0+0x5a2/0x990 [test_kasan]
[ 2912.177701] kasan_check_range+0xfd/0x1e0
[ 2912.178106] kasan_bitops_test_and_modify.constprop.0+0x5a2/0x990 [test_kasan]
[ 2912.178786] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan]
[ 2912.179426] ? kasan_bitops_generic+0x86/0x164 [test_kasan]
[ 2912.179972] ? kunit_kfree+0x200/0x200 [kunit]
[ 2912.180424] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2912.180974] ? rcu_read_lock_held+0x30/0x50
[ 2912.181380] ? trace_kmalloc+0x3c/0x100
[ 2912.181749] ? kmem_cache_alloc_trace+0x1af/0x320
[ 2912.182203] kasan_bitops_generic+0x105/0x164 [test_kasan]
[ 2912.182911] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan]
[ 2912.183773] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit]
[ 2912.184446] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2912.185021] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2912.185541] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2912.186060] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2912.186662] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2912.187153] kthread+0x2a7/0x350
[ 2912.187498] ? kthread_complete_and_exit+0x20/0x20
[ 2912.187977] ret_from_fork+0x22/0x30
[ 2912.188354]
[ 2912.188586]
[ 2912.188786] Allocated by task 117563:
[ 2912.189161] kasan_save_stack+0x1e/0x40
[ 2912.189533] __kasan_kmalloc+0x81/0xa0
[ 2912.189893] kasan_bitops_generic+0x86/0x164 [test_kasan]
[ 2912.190409] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2912.190873] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2912.191470] kthread+0x2a7/0x350
[ 2912.191815] ret_from_fork+0x22/0x30
[ 2912.192165]
[ 2912.192349] The buggy address belongs to the object at ffff888014444840
[ 2912.192349] which belongs to the cache kmalloc-16 of size 16
[ 2912.193505] The buggy address is located 8 bytes inside of
[ 2912.193505] 16-byte region [ffff888014444840, ffff888014444850)
[ 2912.194585]
[ 2912.194755] The buggy address belongs to the physical page:
[ 2912.195291] page:000000000a4726ea refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x14444
[ 2912.196143] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2912.196828] raw: 000fffffc0000200 ffffea0000bce600 dead000000000002 ffff8881000413c0
[ 2912.197550] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000
[ 2912.198264] page dumped because: kasan: bad access detected
[ 2912.198790]
[ 2912.198952] Memory state around the buggy address:
[ 2912.199412] ffff888014444700: fa fb fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 2912.200085] ffff888014444780: 00 00 fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc
[ 2912.200830] >ffff888014444800: fa fb fc fc 00 00 fc fc 00 01 fc fc fa fb fc fc
[ 2912.201500] ^
[ 2912.202018] ffff888014444880: 00 00 fc fc fa fb fc fc fa fb fc fc 00 00 fc fc
[ 2912.202689] ffff888014444900: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[ 2912.203360] ==================================================================
[ 2912.204042] ==================================================================
[ 2912.204761] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x984/0x990 [test_kasan]
[ 2912.205689] Read of size 8 at addr ffff888014444848 by task kunit_try_catch/117563
[ 2912.206411]
[ 2912.206579] CPU: 0 PID: 117563 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-243.1944_756456474.el9.x86_64+debug #1
[ 2912.208019] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2912.208589] Call Trace:
[ 2912.208853]
[ 2912.209070] ? kasan_bitops_test_and_modify.constprop.0+0x984/0x990 [test_kasan]
[ 2912.209820] dump_stack_lvl+0x57/0x81
[ 2912.210202] print_address_description.constprop.0+0x1f/0x1e0
[ 2912.210769] ? kasan_bitops_test_and_modify.constprop.0+0x984/0x990 [test_kasan]
[ 2912.211482] print_report.cold+0x5c/0x237
[ 2912.211888] kasan_report+0xc9/0x100
[ 2912.212237] ? kasan_bitops_test_and_modify.constprop.0+0x984/0x990 [test_kasan]
[ 2912.212975] kasan_bitops_test_and_modify.constprop.0+0x984/0x990 [test_kasan]
[ 2912.213656] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan]
[ 2912.214271] ? kasan_bitops_generic+0x86/0x164 [test_kasan]
[ 2912.214849] ? kunit_kfree+0x200/0x200 [kunit]
[ 2912.215280] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2912.215808] ? rcu_read_lock_held+0x30/0x50
[ 2912.216206] ? trace_kmalloc+0x3c/0x100
[ 2912.216605] ? kmem_cache_alloc_trace+0x1af/0x320
[ 2912.217077] kasan_bitops_generic+0x105/0x164 [test_kasan]
[ 2912.217602] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan]
[ 2912.218291] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit]
[ 2912.218835] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2912.219316] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2912.219790] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2912.220270] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2912.220893] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2912.221389] kthread+0x2a7/0x350
[ 2912.221709] ? kthread_complete_and_exit+0x20/0x20
[ 2912.222168] ret_from_fork+0x22/0x30
[ 2912.222525]
[ 2912.222747]
[ 2912.222908] Allocated by task 117563:
[ 2912.223274] kasan_save_stack+0x1e/0x40
[ 2912.223673] __kasan_kmalloc+0x81/0xa0
[ 2912.224032] kasan_bitops_generic+0x86/0x164 [test_kasan]
[ 2912.224714] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2912.225309] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2912.225931] kthread+0x2a7/0x350
[ 2912.226290] ret_from_fork+0x22/0x30
[ 2912.226670]
[ 2912.226832] The buggy address belongs to the object at ffff888014444840
[ 2912.226832] which belongs to the cache kmalloc-16 of size 16
[ 2912.228044] The buggy address is located 8 bytes inside of
[ 2912.228044] 16-byte region [ffff888014444840, ffff888014444850)
[ 2912.229148]
[ 2912.229310] The buggy address belongs to the physical page:
[ 2912.229855] page:000000000a4726ea refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x14444
[ 2912.230803] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2912.231462] raw: 000fffffc0000200 ffffea0000bce600 dead000000000002 ffff8881000413c0
[ 2912.232178] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000
[ 2912.232938] page dumped because: kasan: bad access detected
[ 2912.233479]
[ 2912.233660] Memory state around the buggy address:
[ 2912.234127] ffff888014444700: fa fb fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 2912.234803] ffff888014444780: 00 00 fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc
[ 2912.235498] >ffff888014444800: fa fb fc fc 00 00 fc fc 00 01 fc fc fa fb fc fc
[ 2912.236203] ^
[ 2912.236770] ffff888014444880: 00 00 fc fc fa fb fc fc fa fb fc fc 00 00 fc fc
[ 2912.237586] ffff888014444900: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[ 2912.238294] ==================================================================
[ 2912.239006] ==================================================================
[ 2912.239710] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x66e/0x990 [test_kasan]
[ 2912.240667] Write of size 8 at addr ffff888014444848 by task kunit_try_catch/117563
[ 2912.241413]
[ 2912.241582] CPU: 0 PID: 117563 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-243.1944_756456474.el9.x86_64+debug #1
[ 2912.242858] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2912.243409] Call Trace:
[ 2912.243655]
[ 2912.243872] ? kasan_bitops_test_and_modify.constprop.0+0x66e/0x990 [test_kasan]
[ 2912.244619] dump_stack_lvl+0x57/0x81
[ 2912.245013] print_address_description.constprop.0+0x1f/0x1e0
[ 2912.245585] ? kasan_bitops_test_and_modify.constprop.0+0x66e/0x990 [test_kasan]
[ 2912.246294] print_report.cold+0x5c/0x237
[ 2912.246686] kasan_report+0xc9/0x100
[ 2912.247035] ? kasan_bitops_test_and_modify.constprop.0+0x66e/0x990 [test_kasan]
[ 2912.247728] kasan_check_range+0xfd/0x1e0
[ 2912.248112] kasan_bitops_test_and_modify.constprop.0+0x66e/0x990 [test_kasan]
[ 2912.248833] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan]
[ 2912.249473] ? kasan_bitops_generic+0x86/0x164 [test_kasan]
[ 2912.250016] ? kunit_kfree+0x200/0x200 [kunit]
[ 2912.250470] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2912.251021] ? rcu_read_lock_held+0x30/0x50
[ 2912.251426] ? trace_kmalloc+0x3c/0x100
[ 2912.251793] ? kmem_cache_alloc_trace+0x1af/0x320
[ 2912.252245] kasan_bitops_generic+0x105/0x164 [test_kasan]
[ 2912.252810] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan]
[ 2912.253533] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit]
[ 2912.254091] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2912.254580] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2912.255048] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2912.255532] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2912.256104] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2912.256621] kthread+0x2a7/0x350
[ 2912.256955] ? kthread_complete_and_exit+0x20/0x20
[ 2912.257436] ret_from_fork+0x22/0x30
[ 2912.257811]
[ 2912.258034]
[ 2912.258197] Allocated by task 117563:
[ 2912.258552] kasan_save_stack+0x1e/0x40
[ 2912.258922] __kasan_kmalloc+0x81/0xa0
[ 2912.259296] kasan_bitops_generic+0x86/0x164 [test_kasan]
[ 2912.259809] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2912.260276] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2912.260925] kthread+0x2a7/0x350
[ 2912.261241] ret_from_fork+0x22/0x30
[ 2912.261615]
[ 2912.261793] The buggy address belongs to the object at ffff888014444840
[ 2912.261793] which belongs to the cache kmalloc-16 of size 16
[ 2912.262912] The buggy address is located 8 bytes inside of
[ 2912.262912] 16-byte region [ffff888014444840, ffff888014444850)
[ 2912.263970]
[ 2912.264131] The buggy address belongs to the physical page:
[ 2912.264691] page:000000000a4726ea refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x14444
[ 2912.265592] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2912.266245] raw: 000fffffc0000200 ffffea0000bce600 dead000000000002 ffff8881000413c0
[ 2912.266965] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000
[ 2912.267819] page dumped because: kasan: bad access detected
[ 2912.268377]
[ 2912.268544] Memory state around the buggy address:
[ 2912.269017] ffff888014444700: fa fb fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 2912.269734] ffff888014444780: 00 00 fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc
[ 2912.270413] >ffff888014444800: fa fb fc fc 00 00 fc fc 00 01 fc fc fa fb fc fc
[ 2912.271085] ^
[ 2912.271611] ffff888014444880: 00 00 fc fc fa fb fc fc fa fb fc fc 00 00 fc fc
[ 2912.272285] ffff888014444900: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[ 2912.272999] ==================================================================
[ 2912.275447] ok 45 - kasan_bitops_generic
[ 2912.280219] ok 46 - kasan_bitops_tags # SKIP Test requires CONFIG_KASAN_GENERIC=n
[ 2912.283267] ==================================================================
[ 2912.284810] BUG: KASAN: use-after-free in kmalloc_double_kzfree+0x1ad/0x270 [test_kasan]
[ 2912.285568] Read of size 1 at addr ffff888106d8aac0 by task kunit_try_catch/117565
[ 2912.286268]
[ 2912.286438] CPU: 0 PID: 117565 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-243.1944_756456474.el9.x86_64+debug #1
[ 2912.287698] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2912.288239] Call Trace:
[ 2912.288507]
[ 2912.288744] ? kmalloc_double_kzfree+0x1ad/0x270 [test_kasan]
[ 2912.289312] dump_stack_lvl+0x57/0x81
[ 2912.289695] print_address_description.constprop.0+0x1f/0x1e0
[ 2912.290290] ? kmalloc_double_kzfree+0x1ad/0x270 [test_kasan]
[ 2912.290922] print_report.cold+0x5c/0x237
[ 2912.291309] kasan_report+0xc9/0x100
[ 2912.291665] ? kmalloc_double_kzfree+0x1ad/0x270 [test_kasan]
[ 2912.292209] ? kmalloc_double_kzfree+0x1ad/0x270 [test_kasan]
[ 2912.292800] __kasan_check_byte+0x36/0x50
[ 2912.293186] kfree_sensitive+0x1b/0x60
[ 2912.293567] kmalloc_double_kzfree+0x1ad/0x270 [test_kasan]
[ 2912.294096] ? vmalloc_oob+0x5e0/0x5e0 [test_kasan]
[ 2912.294587] ? do_raw_spin_trylock+0xb5/0x180
[ 2912.295013] ? do_raw_spin_lock+0x270/0x270
[ 2912.295421] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2912.295948] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2912.296453] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2912.296943] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2912.297539] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2912.298156] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2912.298651] kthread+0x2a7/0x350
[ 2912.298970] ? kthread_complete_and_exit+0x20/0x20
[ 2912.299451] ret_from_fork+0x22/0x30
[ 2912.299805]
[ 2912.300027]
[ 2912.300189] Allocated by task 117565:
[ 2912.300568] kasan_save_stack+0x1e/0x40
[ 2912.300957] __kasan_kmalloc+0x81/0xa0
[ 2912.301322] kmalloc_double_kzfree+0x9a/0x270 [test_kasan]
[ 2912.301839] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2912.302427] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2912.303035] kthread+0x2a7/0x350
[ 2912.303356] ret_from_fork+0x22/0x30
[ 2912.303703]
[ 2912.303866] Freed by task 117565:
[ 2912.304190] kasan_save_stack+0x1e/0x40
[ 2912.304612] kasan_set_track+0x21/0x30
[ 2912.305013] kasan_set_free_info+0x20/0x40
[ 2912.305410] __kasan_slab_free+0x108/0x170
[ 2912.305802] slab_free_freelist_hook+0x11d/0x1d0
[ 2912.306244] kfree+0xe2/0x3c0
[ 2912.306566] kmalloc_double_kzfree+0x137/0x270 [test_kasan]
[ 2912.307112] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2912.307579] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2912.308152] kthread+0x2a7/0x350
[ 2912.308496] ret_from_fork+0x22/0x30
[ 2912.308863]
[ 2912.309026] The buggy address belongs to the object at ffff888106d8aac0
[ 2912.309026] which belongs to the cache kmalloc-16 of size 16
[ 2912.310155] The buggy address is located 0 bytes inside of
[ 2912.310155] 16-byte region [ffff888106d8aac0, ffff888106d8aad0)
[ 2912.311270]
[ 2912.311442] The buggy address belongs to the physical page:
[ 2912.311981] page:0000000022c34b15 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106d8a
[ 2912.312890] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff)
[ 2912.313539] raw: 0017ffffc0000200 ffffea0000bce600 dead000000000002 ffff8881000413c0
[ 2912.314296] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000
[ 2912.315019] page dumped because: kasan: bad access detected
[ 2912.315569]
[ 2912.315748] Memory state around the buggy address:
[ 2912.316204] ffff888106d8a980: fb fb fc fc fa fb fc fc fa fb fc fc 00 00 fc fc
[ 2912.316936] ffff888106d8aa00: 00 00 fc fc fa fb fc fc fa fb fc fc 00 00 fc fc
[ 2912.317614] >ffff888106d8aa80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[ 2912.318286] ^
[ 2912.318829] ffff888106d8ab00: 00 00 fc fc 00 00 fc fc fa fb fc fc fa fb fc fc
[ 2912.319527] ffff888106d8ab80: fa fb fc fc fa fb fc fc fa fb fc fc 00 00 fc fc
[ 2912.320214] ==================================================================
[ 2912.321030] ==================================================================
[ 2912.321758] BUG: KASAN: double-free or invalid-free in kfree+0xe2/0x3c0
[ 2912.322380]
[ 2912.322542] CPU: 0 PID: 117565 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-243.1944_756456474.el9.x86_64+debug #1
[ 2912.323842] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2912.324407] Call Trace:
[ 2912.324661]
[ 2912.324892] dump_stack_lvl+0x57/0x81
[ 2912.325247] print_address_description.constprop.0+0x1f/0x1e0
[ 2912.325835] print_report.cold+0x5c/0x237
[ 2912.326219] ? kfree+0xe2/0x3c0
[ 2912.326540] ? kfree+0xe2/0x3c0
[ 2912.326852] kasan_report_invalid_free+0x99/0xc0
[ 2912.327296] ? kfree+0xe2/0x3c0
[ 2912.327745] ? kfree+0xe2/0x3c0
[ 2912.328069] __kasan_slab_free+0x152/0x170
[ 2912.328505] slab_free_freelist_hook+0x11d/0x1d0
[ 2912.328985] ? kmalloc_double_kzfree+0x1ad/0x270 [test_kasan]
[ 2912.329578] kfree+0xe2/0x3c0
[ 2912.329922] ? __kasan_check_byte+0x36/0x50
[ 2912.330367] kmalloc_double_kzfree+0x1ad/0x270 [test_kasan]
[ 2912.330911] ? vmalloc_oob+0x5e0/0x5e0 [test_kasan]
[ 2912.331396] ? do_raw_spin_trylock+0xb5/0x180
[ 2912.331830] ? do_raw_spin_lock+0x270/0x270
[ 2912.332244] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2912.332837] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2912.333362] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2912.333871] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2912.334374] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2912.334967] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2912.335498] kthread+0x2a7/0x350
[ 2912.335853] ? kthread_complete_and_exit+0x20/0x20
[ 2912.336348] ret_from_fork+0x22/0x30
[ 2912.336742]
[ 2912.336970]
[ 2912.337137] Allocated by task 117565:
[ 2912.337529] kasan_save_stack+0x1e/0x40
[ 2912.337928] __kasan_kmalloc+0x81/0xa0
[ 2912.338308] kmalloc_double_kzfree+0x9a/0x270 [test_kasan]
[ 2912.338846] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2912.339380] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2912.339977] kthread+0x2a7/0x350
[ 2912.340294] ret_from_fork+0x22/0x30
[ 2912.340646]
[ 2912.340808] Freed by task 117565:
[ 2912.341132] kasan_save_stack+0x1e/0x40
[ 2912.341527] kasan_set_track+0x21/0x30
[ 2912.341909] kasan_set_free_info+0x20/0x40
[ 2912.342298] __kasan_slab_free+0x108/0x170
[ 2912.342692] slab_free_freelist_hook+0x11d/0x1d0
[ 2912.343129] kfree+0xe2/0x3c0
[ 2912.343453] kmalloc_double_kzfree+0x137/0x270 [test_kasan]
[ 2912.343994] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2912.344465] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2912.345040] kthread+0x2a7/0x350
[ 2912.345381] ret_from_fork+0x22/0x30
[ 2912.345756]
[ 2912.345935] The buggy address belongs to the object at ffff888106d8aac0
[ 2912.345935] which belongs to the cache kmalloc-16 of size 16
[ 2912.347397] The buggy address is located 0 bytes inside of
[ 2912.347397] 16-byte region [ffff888106d8aac0, ffff888106d8aad0)
[ 2912.348597]
[ 2912.348791] The buggy address belongs to the physical page:
[ 2912.349373] page:0000000022c34b15 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106d8a
[ 2912.350256] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff)
[ 2912.350988] raw: 0017ffffc0000200 ffffea0000bce600 dead000000000002 ffff8881000413c0
[ 2912.351704] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000
[ 2912.352437] page dumped because: kasan: bad access detected
[ 2912.352976]
[ 2912.353137] Memory state around the buggy address:
[ 2912.353618] ffff888106d8a980: fb fb fc fc fa fb fc fc fa fb fc fc 00 00 fc fc
[ 2912.354304] ffff888106d8aa00: 00 00 fc fc fa fb fc fc fa fb fc fc 00 00 fc fc
[ 2912.354979] >ffff888106d8aa80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[ 2912.355656] ^
[ 2912.356151] ffff888106d8ab00: 00 00 fc fc 00 00 fc fc fa fb fc fc fa fb fc fc
[ 2912.356826] ffff888106d8ab80: fa fb fc fc fa fb fc fc fa fb fc fc 00 00 fc fc
[ 2912.357613] ==================================================================
[ 2912.358755] ok 47 - kmalloc_double_kzfree
[ 2912.360190] ok 48 - vmalloc_helpers_tags # SKIP Test requires CONFIG_KASAN_GENERIC=n
[ 2912.362349] ==================================================================
[ 2912.363847] BUG: KASAN: out-of-bounds in vmalloc_oob+0x596/0x5e0 [test_kasan]
[ 2912.364544] Read of size 1 at addr ffffc900000977f3 by task kunit_try_catch/117567
[ 2912.365266]
[ 2912.365436] CPU: 0 PID: 117567 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-243.1944_756456474.el9.x86_64+debug #1
[ 2912.366699] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2912.367263] Call Trace:
[ 2912.367562]
[ 2912.367839] ? vmalloc_oob+0x596/0x5e0 [test_kasan]
[ 2912.368308] dump_stack_lvl+0x57/0x81
[ 2912.368698] print_address_description.constprop.0+0x1f/0x1e0
[ 2912.369245] ? vmalloc_oob+0x596/0x5e0 [test_kasan]
[ 2912.369759] print_report.cold+0x5c/0x237
[ 2912.370146] kasan_report+0xc9/0x100
[ 2912.370501] ? vmalloc_oob+0x596/0x5e0 [test_kasan]
[ 2912.370968] vmalloc_oob+0x596/0x5e0 [test_kasan]
[ 2912.371443] ? kasan_global_oob_right+0x1f0/0x1f0 [test_kasan]
[ 2912.372019] ? do_raw_spin_trylock+0xb5/0x180
[ 2912.372448] ? do_raw_spin_lock+0x270/0x270
[ 2912.372850] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 2912.373398] ? kunit_add_resource+0x197/0x280 [kunit]
[ 2912.373904] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 2912.374378] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 2912.374855] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 2912.375453] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 2912.375962] kthread+0x2a7/0x350
[ 2912.376282] ? kthread_complete_and_exit+0x20/0x20
[ 2912.376743] ret_from_fork+0x22/0x30
[ 2912.377094]
[ 2912.377319]
[ 2912.377485] The buggy address belongs to the virtual mapping at
[ 2912.377485] [ffffc90000097000, ffffc90000099000) created by:
[ 2912.377485] vmalloc_oob+0x78/0x5e0 [test_kasan]
[ 2912.378998]
[ 2912.379160] The buggy address belongs to the physical page:
[ 2912.379725] page:00000000fc0c2588 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x15c83
[ 2912.380613] flags: 0xfffffc0000000(node=0|zone=1|lastcpupid=0x1fffff)
[ 2912.381236] raw: 000fffffc0000000 0000000000000000 dead000000000122 0000000000000000
[ 2912.381958] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[ 2912.382721] page dumped because: kasan: bad access detected
[ 2912.383244]
[ 2912.383429] Memory state around the buggy address:
[ 2912.383906] ffffc90000097680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2912.384582] ffffc90000097700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2912.385256] >ffffc90000097780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 00
[ 2912.385931] ^
[ 2912.386597] ffffc90000097800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2912.387283] ffffc90000097880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2912.388133] ==================================================================
[ 2912.421370] # vmalloc_oob: EXPECTATION FAILED at lib/test_kasan.c:1131
[ 2912.421370] KASAN failure expected in "((volatile char *)v_ptr)[size + 5]", but none occurred
[ 2912.421476] not ok 49 - vmalloc_oob
[ 2912.426393] ok 50 - vmap_tags # SKIP Test requires CONFIG_KASAN_SW_TAGS=y
[ 2912.427028] ok 51 - vm_map_ram_tags # SKIP Test requires CONFIG_KASAN_SW_TAGS=y
[ 2912.430252] ok 52 - vmalloc_percpu # SKIP Test requires CONFIG_KASAN_SW_TAGS=y
[ 2912.432269] ok 53 - match_all_not_assigned # SKIP Test requires CONFIG_KASAN_GENERIC=n
[ 2912.435223] ok 54 - match_all_ptr_tag # SKIP Test requires CONFIG_KASAN_GENERIC=n
[ 2912.438290] ok 55 - match_all_mem_tag # SKIP Test requires CONFIG_KASAN_GENERIC=n
[ 2912.439045] not ok 20 - kasan
[ 2912.719379] # Subtest: linear-ranges-test
[ 2912.719385] 1..4
[ 2912.721187] ok 1 - range_test_get_value_amount
[ 2912.723226] ok 2 - range_test_get_selector_high
[ 2912.725204] ok 3 - range_test_get_selector_low
[ 2912.727258] ok 4 - range_test_get_value
[ 2912.727784] ok 21 - linear-ranges-test
[ 2912.826499] # Subtest: list_sort
[ 2912.826507] 1..1
[ 2912.848301] ok 1 - list_sort_test
[ 2912.848543] ok 22 - list_sort
[ 2913.092027] # Subtest: time_test_cases
[ 2913.092034] 1..1
[ 2916.662681] ok 1 - time64_to_tm_test_date_range
[ 2916.662923] ok 23 - time_test_cases
[ 2917.509883] systemd-journald[564]: Data hash table of /run/log/journal/2dd6093da51d404ba8604783a683a7bb/system.journal has a fill level at 75.0 (7003 of 9336 items, 5378048 file size, 767 bytes per hash table item), suggesting rotation.
[ 2917.528797] systemd-journald[564]: /run/log/journal/2dd6093da51d404ba8604783a683a7bb/system.journal: Journal header limits reached or header out-of-date, rotating.