[ 2145.871489] Running test [R:13316027 T:10 - KUNIT - Kernel: 5.14.0-251.1961_763395317.el9.x86_64+debug] [ 2155.417094] # Subtest: bitfields [ 2155.417105] 1..2 [ 2155.421370] ok 1 - test_bitfields_constants [ 2155.421992] ok 2 - test_bitfields_variables [ 2155.422633] ok 1 - bitfields [ 2155.903727] # Subtest: cmdline [ 2155.903737] 1..4 [ 2155.904881] ok 1 - cmdline_test_noint [ 2155.905964] ok 2 - cmdline_test_lead_int [ 2155.906987] ok 3 - cmdline_test_tail_int [ 2155.907830] ok 4 - cmdline_test_range [ 2155.908376] ok 2 - cmdline [ 2156.374576] # Subtest: ext4_inode_test [ 2156.374587] 1..1 [ 2156.375594] # inode_test_xtimestamp_decoding: ok 1 - 1901-12-13 Lower bound of 32bit < 0 timestamp, no extra bits [ 2156.376261] # inode_test_xtimestamp_decoding: ok 2 - 1969-12-31 Upper bound of 32bit < 0 timestamp, no extra bits [ 2156.378816] # inode_test_xtimestamp_decoding: ok 3 - 1970-01-01 Lower bound of 32bit >=0 timestamp, no extra bits [ 2156.380451] # inode_test_xtimestamp_decoding: ok 4 - 2038-01-19 Upper bound of 32bit >=0 timestamp, no extra bits [ 2156.382643] # inode_test_xtimestamp_decoding: ok 5 - 2038-01-19 Lower bound of 32bit <0 timestamp, lo extra sec bit on [ 2156.384279] # inode_test_xtimestamp_decoding: ok 6 - 2106-02-07 Upper bound of 32bit <0 timestamp, lo extra sec bit on [ 2156.386365] # inode_test_xtimestamp_decoding: ok 7 - 2106-02-07 Lower bound of 32bit >=0 timestamp, lo extra sec bit on [ 2156.388248] # inode_test_xtimestamp_decoding: ok 8 - 2174-02-25 Upper bound of 32bit >=0 timestamp, lo extra sec bit on [ 2156.390168] # inode_test_xtimestamp_decoding: ok 9 - 2174-02-25 Lower bound of 32bit <0 timestamp, hi extra sec bit on [ 2156.392102] # inode_test_xtimestamp_decoding: ok 10 - 2242-03-16 Upper bound of 32bit <0 timestamp, hi extra sec bit on [ 2156.394117] # inode_test_xtimestamp_decoding: ok 11 - 2242-03-16 Lower bound of 32bit >=0 timestamp, hi extra sec bit on [ 2156.396813] # inode_test_xtimestamp_decoding: ok 12 - 2310-04-04 Upper bound of 32bit >=0 timestamp, hi extra sec bit on [ 2156.398612] # inode_test_xtimestamp_decoding: ok 13 - 2310-04-04 Upper bound of 32bit>=0 timestamp, hi extra sec bit 1. 1 ns [ 2156.400349] # inode_test_xtimestamp_decoding: ok 14 - 2378-04-22 Lower bound of 32bit>= timestamp. Extra sec bits 1. Max ns [ 2156.402047] # inode_test_xtimestamp_decoding: ok 15 - 2378-04-22 Lower bound of 32bit >=0 timestamp. All extra sec bits on [ 2156.403953] # inode_test_xtimestamp_decoding: ok 16 - 2446-05-10 Upper bound of 32bit >=0 timestamp. All extra sec bits on [ 2156.405373] ok 1 - inode_test_xtimestamp_decoding [ 2156.406794] ok 3 - ext4_inode_test [ 2157.404425] # Subtest: kunit-try-catch-test [ 2157.404460] 1..2 [ 2157.406353] ok 1 - kunit_test_try_catch_successful_try_no_catch [ 2157.407498] ok 2 - kunit_test_try_catch_unsuccessful_try_does_catch [ 2157.408285] ok 4 - kunit-try-catch-test [ 2157.409913] # Subtest: kunit-resource-test [ 2157.409920] 1..7 [ 2157.410994] ok 1 - kunit_resource_test_init_resources [ 2157.411816] ok 2 - kunit_resource_test_alloc_resource [ 2157.412989] ok 3 - kunit_resource_test_destroy_resource [ 2157.414230] ok 4 - kunit_resource_test_cleanup_resources [ 2157.415426] ok 5 - kunit_resource_test_proper_free_ordering [ 2157.416831] ok 6 - kunit_resource_test_static [ 2157.417912] ok 7 - kunit_resource_test_named [ 2157.418595] ok 5 - kunit-resource-test [ 2157.419867] # Subtest: kunit-log-test [ 2157.419880] 1..1 [ 2157.420646] put this in log. [ 2157.420968] this too. [ 2157.421339] add to suite log. [ 2157.421790] along with this. [ 2157.422213] ok 1 - kunit_log_test [ 2157.422634] ok 6 - kunit-log-test [ 2157.423745] # Subtest: kunit_status [ 2157.423751] 1..2 [ 2157.424672] ok 1 - kunit_status_set_failure_test [ 2157.425272] ok 2 - kunit_status_mark_skipped_test [ 2157.425972] ok 7 - kunit_status [ 2157.543318] # Subtest: rtc_lib_test_cases [ 2157.543329] 1..1 [ 2162.704689] ok 1 - rtc_time64_to_tm_test_date_range [ 2162.705638] ok 8 - rtc_lib_test_cases [ 2162.834258] # Subtest: list-kunit-test [ 2162.834270] 1..36 [ 2162.835532] ok 1 - list_test_list_init [ 2162.836168] ok 2 - list_test_list_add [ 2162.837431] ok 3 - list_test_list_add_tail [ 2162.838533] ok 4 - list_test_list_del [ 2162.839392] ok 5 - list_test_list_replace [ 2162.840453] ok 6 - list_test_list_replace_init [ 2162.841530] ok 7 - list_test_list_swap [ 2162.842495] ok 8 - list_test_list_del_init [ 2162.843491] ok 9 - list_test_list_move [ 2162.844464] ok 10 - list_test_list_move_tail [ 2162.845629] ok 11 - list_test_list_bulk_move_tail [ 2162.846579] ok 12 - list_test_list_is_first [ 2162.847705] ok 13 - list_test_list_is_last [ 2162.848578] ok 14 - list_test_list_empty [ 2162.849708] ok 15 - list_test_list_empty_careful [ 2162.850545] ok 16 - list_test_list_rotate_left [ 2162.851786] ok 17 - list_test_list_rotate_to_front [ 2162.852701] ok 18 - list_test_list_is_singular [ 2162.854148] ok 19 - list_test_list_cut_position [ 2162.855111] ok 20 - list_test_list_cut_before [ 2162.856145] ok 21 - list_test_list_splice [ 2162.857120] ok 22 - list_test_list_splice_tail [ 2162.858103] ok 23 - list_test_list_splice_init [ 2162.859053] ok 24 - list_test_list_splice_tail_init [ 2162.860010] ok 25 - list_test_list_entry [ 2162.861007] ok 26 - list_test_list_first_entry [ 2162.861928] ok 27 - list_test_list_last_entry [ 2162.862884] ok 28 - list_test_list_first_entry_or_null [ 2162.863798] ok 29 - list_test_list_next_entry [ 2162.864882] ok 30 - list_test_list_prev_entry [ 2162.865828] ok 31 - list_test_list_for_each [ 2162.866763] ok 32 - list_test_list_for_each_prev [ 2162.867727] ok 33 - list_test_list_for_each_safe [ 2162.868668] ok 34 - list_test_list_for_each_prev_safe [ 2162.869982] ok 35 - list_test_list_for_each_entry [ 2162.871001] ok 36 - list_test_list_for_each_entry_reverse [ 2162.871681] ok 9 - list-kunit-test [ 2162.986552] # Subtest: memcpy [ 2162.986562] 1..4 [ 2162.988381] # memset_test: ok: memset() direct assignment [ 2162.993535] # memset_test: ok: memset() complete overwrite [ 2162.994284] # memset_test: ok: memset() middle overwrite [ 2162.994975] # memset_test: ok: memset() argument side-effects [ 2162.995739] # memset_test: ok: memset() memset_after() [ 2162.996423] # memset_test: ok: memset() memset_startat() [ 2162.998266] ok 1 - memset_test [ 2162.999439] # memcpy_test: ok: memcpy() static initializers [ 2163.000657] # memcpy_test: ok: memcpy() direct assignment [ 2163.001427] # memcpy_test: ok: memcpy() complete overwrite [ 2163.002146] # memcpy_test: ok: memcpy() middle overwrite [ 2163.002862] # memcpy_test: ok: memcpy() argument side-effects [ 2163.003898] ok 2 - memcpy_test [ 2163.004338] # memmove_test: ok: memmove() static initializers [ 2163.005564] # memmove_test: ok: memmove() direct assignment [ 2163.006322] # memmove_test: ok: memmove() complete overwrite [ 2163.007058] # memmove_test: ok: memmove() middle overwrite [ 2163.007800] # memmove_test: ok: memmove() argument side-effects [ 2163.008587] # memmove_test: ok: memmove() overlapping write [ 2163.009363] ok 3 - memmove_test [ 2163.009679] ok 4 - strtomem_test [ 2163.010130] ok 10 - memcpy [ 2163.126099] # Subtest: mptcp-crypto [ 2163.126109] 1..1 [ 2163.127058] ok 1 - mptcp_crypto_test_basic [ 2163.127406] ok 11 - mptcp-crypto [ 2163.239593] # Subtest: mptcp-token [ 2163.239603] 1..4 [ 2163.240586] ok 1 - mptcp_token_test_req_basic [ 2163.241337] ok 2 - mptcp_token_test_msk_basic [ 2163.242286] ok 3 - mptcp_token_test_accept [ 2163.243299] ok 4 - mptcp_token_test_destroyed [ 2163.243871] ok 12 - mptcp-token [ 2163.534841] # Subtest: rational [ 2163.534864] 1..1 [ 2163.535724] # rational_test: ok 1 - Exceeds bounds, semi-convergent term > 1/2 last term [ 2163.536298] # rational_test: ok 2 - Exceeds bounds, semi-convergent term < 1/2 last term [ 2163.537642] # rational_test: ok 3 - Closest to zero [ 2163.539028] # rational_test: ok 4 - Closest to smallest non-zero [ 2163.539986] # rational_test: ok 5 - Use convergent [ 2163.541108] # rational_test: ok 6 - Exact answer [ 2163.542072] # rational_test: ok 7 - Semiconvergent, numerator limit [ 2163.543061] # rational_test: ok 8 - Semiconvergent, denominator limit [ 2163.543912] ok 1 - rational_test [ 2163.544781] ok 13 - rational [ 2163.660656] # Subtest: resource [ 2163.660666] 1..2 [ 2163.661487] ok 1 - resource_test_union [ 2163.662090] ok 2 - resource_test_intersection [ 2163.662686] ok 14 - resource [ 2163.774339] # Subtest: slub_test [ 2163.774349] 1..2 [ 2163.806903] ok 1 - test_clobber_zone [ 2163.825759] ok 2 - test_clobber_redzone_free [ 2163.826321] ok 15 - slub_test [ 2164.256461] # Subtest: snd_soc_tplg_test [ 2164.256473] 1..11 [ 2164.258517] ok 1 - snd_soc_tplg_test_load_with_null_comp [ 2164.259688] ok 2 - snd_soc_tplg_test_load_with_null_ops [ 2164.261225] ok 3 - snd_soc_tplg_test_load_with_null_fw [ 2164.262753] ok 4 - snd_soc_tplg_test_load_empty_tplg [ 2164.264297] ok 5 - snd_soc_tplg_test_load_empty_tplg_bad_magic [ 2164.265796] ok 6 - snd_soc_tplg_test_load_empty_tplg_bad_abi [ 2164.267629] ok 7 - snd_soc_tplg_test_load_empty_tplg_bad_size [ 2164.269721] ok 8 - snd_soc_tplg_test_load_empty_tplg_bad_payload_size [ 2164.272095] ok 9 - snd_soc_tplg_test_load_pcm_tplg [ 2164.275458] ok 10 - snd_soc_tplg_test_load_pcm_tplg_reload_comp [ 2164.279574] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2164.283146] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2164.321561] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2164.325484] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2164.340529] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2164.342982] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2164.357927] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2164.361288] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2164.381337] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2164.383696] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2164.407067] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2164.414009] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2164.431347] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2164.433653] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2164.452249] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2164.454543] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2164.474940] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2164.477219] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2164.496831] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2164.499280] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2164.515499] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2164.517758] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2164.536022] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2164.541330] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2164.559434] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2164.561688] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2164.577055] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2164.579298] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2164.610075] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2164.612483] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2164.637528] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2164.645970] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2164.672666] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2164.675062] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2164.696665] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2164.701931] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2164.731521] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2164.734426] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2164.762829] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2164.766732] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2164.799776] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2164.802076] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2164.825895] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2164.835031] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2164.851916] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2164.854149] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2164.890999] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2164.897191] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2164.913545] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2164.920048] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2164.939977] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2164.942846] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2164.961461] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2164.964034] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2164.993623] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2164.995904] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2165.020868] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2165.023137] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2165.039915] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2165.042529] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2165.065055] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2165.067343] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2165.094063] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2165.096702] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2165.117056] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2165.119303] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2165.141703] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2165.144116] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2165.162976] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2165.165134] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2165.183511] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2165.185788] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2165.203213] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2165.211451] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2165.235938] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2165.238105] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2165.261625] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2165.264682] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2165.286500] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2165.289309] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2165.308298] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2165.310813] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2165.335548] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2165.337760] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2165.362212] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2165.364469] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2165.394088] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2165.396375] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2165.414613] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2165.416895] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2165.458819] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2165.461017] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2165.482409] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2165.485039] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2165.502502] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2165.505609] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2165.527578] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2165.529837] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2165.546589] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2165.548985] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2165.583080] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2165.586933] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2165.609181] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2165.611655] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2165.636053] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2165.641742] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2165.662416] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2165.670487] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2165.686234] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2165.689070] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2165.703601] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2165.706014] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2165.720053] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2165.722844] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2165.739371] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2165.742213] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2165.758836] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2165.761349] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2165.776757] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2165.785266] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2165.818722] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2165.824227] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2165.845985] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2165.848768] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2165.872996] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2165.885608] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2165.902087] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2165.904332] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2165.935076] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2165.938760] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2165.962079] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2165.966932] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2165.982967] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2165.985351] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2166.008256] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2166.010661] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2166.045101] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2166.050449] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2166.068457] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2166.070703] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2166.091641] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2166.093914] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2166.124616] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2166.126887] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2166.154875] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2166.157089] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2166.179464] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2166.181736] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2166.200582] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2166.203709] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2166.226205] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2166.233980] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2166.254513] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2166.256770] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2166.277598] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2166.280021] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2166.313521] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2166.315860] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2166.338775] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2166.349808] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2166.381413] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2166.383645] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2166.408710] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2166.415898] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2166.442722] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2166.444975] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2166.476882] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2166.480097] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2166.500789] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2166.502947] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2166.517676] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2166.519954] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2166.544684] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2166.547023] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2166.565990] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2166.568345] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2166.585549] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2166.587785] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2166.614764] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2166.616943] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2166.646173] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2166.648866] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2166.683064] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2166.686638] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2166.714455] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2166.716749] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2166.742883] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2166.745509] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2166.772941] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2166.775252] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2166.798502] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2166.800804] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2166.824350] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2166.829970] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2166.850732] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2166.853061] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2166.882454] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2166.884783] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2166.912685] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 2166.914902] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 2166.945367] ok 11 - snd_soc_tplg_test_load_pcm_tplg_reload_card [ 2166.945379] ok 16 - snd_soc_tplg_test [ 2167.137873] # Subtest: soc-utils [ 2167.137885] 1..1 [ 2167.141378] ok 1 - test_tdm_params_to_bclk [ 2167.141710] ok 17 - soc-utils [ 2167.640060] # Subtest: sysctl_test [ 2167.640132] 1..10 [ 2167.641013] ok 1 - sysctl_test_api_dointvec_null_tbl_data [ 2167.641679] ok 2 - sysctl_test_api_dointvec_table_maxlen_unset [ 2167.642770] ok 3 - sysctl_test_api_dointvec_table_len_is_zero [ 2167.643986] ok 4 - sysctl_test_api_dointvec_table_read_but_position_set [ 2167.645203] ok 5 - sysctl_test_dointvec_read_happy_single_positive [ 2167.647221] ok 6 - sysctl_test_dointvec_read_happy_single_negative [ 2167.649224] ok 7 - sysctl_test_dointvec_write_happy_single_positive [ 2167.650649] ok 8 - sysctl_test_dointvec_write_happy_single_negative [ 2167.651821] ok 9 - sysctl_test_api_dointvec_write_single_less_int_min [ 2167.654388] ok 10 - sysctl_test_api_dointvec_write_single_greater_int_max [ 2167.655234] ok 18 - sysctl_test [ 2167.849618] # Subtest: bits-test [ 2167.849629] 1..3 [ 2167.855917] ok 1 - genmask_test [ 2167.861168] ok 2 - genmask_ull_test [ 2167.862019] ok 3 - genmask_input_check_test [ 2167.862545] ok 19 - bits-test [ 2168.575678] # Subtest: kasan [ 2168.575690] 1..55 [ 2168.579111] ================================================================== [ 2168.580340] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x4ed/0x510 [test_kasan] [ 2168.581312] Write of size 1 at addr ffff888176221a73 by task kunit_try_catch/48035 [ 2168.582221] [ 2168.582435] CPU: 0 PID: 48035 Comm: kunit_try_catch Kdump: loaded Not tainted 5.14.0-251.1961_763395317.el9.x86_64+debug #1 [ 2168.583746] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2168.584446] Call Trace: [ 2168.584768] [ 2168.585044] ? kmalloc_oob_right+0x4ed/0x510 [test_kasan] [ 2168.585700] dump_stack_lvl+0x57/0x81 [ 2168.586167] print_address_description.constprop.0+0x1f/0x1e0 [ 2168.586867] ? kmalloc_oob_right+0x4ed/0x510 [test_kasan] [ 2168.587524] print_report.cold+0x5c/0x237 [ 2168.588018] kasan_report+0xc9/0x100 [ 2168.588469] ? kmalloc_oob_right+0x4ed/0x510 [test_kasan] [ 2168.589122] kmalloc_oob_right+0x4ed/0x510 [test_kasan] [ 2168.589760] ? kmalloc_oob_left+0x2e0/0x2e0 [test_kasan] [ 2168.590409] ? lockdep_hardirqs_on_prepare.part.0+0x18c/0x370 [ 2168.591112] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2168.591789] ? kunit_add_resource+0x197/0x280 [kunit] [ 2168.592409] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2168.593008] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2168.593626] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2168.594367] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2168.594995] kthread+0x2a4/0x350 [ 2168.595401] ? kthread_complete_and_exit+0x20/0x20 [ 2168.595987] ret_from_fork+0x1f/0x30 [ 2168.596442] [ 2168.596728] [ 2168.596935] Allocated by task 48035: [ 2168.597380] kasan_save_stack+0x1e/0x40 [ 2168.597858] __kasan_kmalloc+0x81/0xa0 [ 2168.598319] kmalloc_oob_right+0x98/0x510 [test_kasan] [ 2168.598947] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2168.599549] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2168.600292] kthread+0x2a4/0x350 [ 2168.600702] ret_from_fork+0x1f/0x30 [ 2168.601144] [ 2168.601351] The buggy address belongs to the object at ffff888176221a00 [ 2168.601351] which belongs to the cache kmalloc-128 of size 128 [ 2168.602826] The buggy address is located 115 bytes inside of [ 2168.602826] 128-byte region [ffff888176221a00, ffff888176221a80) [ 2168.604206] [ 2168.604415] The buggy address belongs to the physical page: [ 2168.605090] page:00000000f99a6a32 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888176221b00 pfn:0x176221 [ 2168.606352] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 2168.607187] raw: 0017ffffc0000200 ffffea0005ebdf80 dead000000000004 ffff8881000418c0 [ 2168.608110] raw: ffff888176221b00 000000008010000f 00000001ffffffff 0000000000000000 [ 2168.609035] page dumped because: kasan: bad access detected [ 2168.609708] [ 2168.609913] Memory state around the buggy address: [ 2168.610500] ffff888176221900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2168.611363] ffff888176221980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2168.612228] >ffff888176221a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 2168.613098] ^ [ 2168.613922] ffff888176221a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2168.614786] ffff888176221b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2168.615651] ================================================================== [ 2168.616602] Disabling lock debugging due to kernel taint [ 2168.617255] ================================================================== [ 2168.618127] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x4e3/0x510 [test_kasan] [ 2168.619096] Write of size 1 at addr ffff888176221a78 by task kunit_try_catch/48035 [ 2168.620004] [ 2168.620212] CPU: 0 PID: 48035 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-251.1961_763395317.el9.x86_64+debug #1 [ 2168.621818] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2168.622513] Call Trace: [ 2168.622824] [ 2168.623100] ? kmalloc_oob_right+0x4e3/0x510 [test_kasan] [ 2168.623758] dump_stack_lvl+0x57/0x81 [ 2168.624213] print_address_description.constprop.0+0x1f/0x1e0 [ 2168.624912] ? kmalloc_oob_right+0x4e3/0x510 [test_kasan] [ 2168.625568] print_report.cold+0x5c/0x237 [ 2168.626064] kasan_report+0xc9/0x100 [ 2168.626514] ? kmalloc_oob_right+0x4e3/0x510 [test_kasan] [ 2168.627170] kmalloc_oob_right+0x4e3/0x510 [test_kasan] [ 2168.627808] ? kmalloc_oob_left+0x2e0/0x2e0 [test_kasan] [ 2168.628455] ? lockdep_hardirqs_on_prepare.part.0+0x18c/0x370 [ 2168.629158] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2168.629832] ? kunit_add_resource+0x197/0x280 [kunit] [ 2168.630451] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2168.631052] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2168.631670] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2168.632406] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2168.633032] kthread+0x2a4/0x350 [ 2168.633436] ? kthread_complete_and_exit+0x20/0x20 [ 2168.634026] ret_from_fork+0x1f/0x30 [ 2168.634481] [ 2168.634765] [ 2168.634971] Allocated by task 48035: [ 2168.635412] kasan_save_stack+0x1e/0x40 [ 2168.635886] __kasan_kmalloc+0x81/0xa0 [ 2168.636348] kmalloc_oob_right+0x98/0x510 [test_kasan] [ 2168.636982] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2168.637579] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2168.638316] kthread+0x2a4/0x350 [ 2168.638722] ret_from_fork+0x1f/0x30 [ 2168.639166] [ 2168.639371] The buggy address belongs to the object at ffff888176221a00 [ 2168.639371] which belongs to the cache kmalloc-128 of size 128 [ 2168.640844] The buggy address is located 120 bytes inside of [ 2168.640844] 128-byte region [ffff888176221a00, ffff888176221a80) [ 2168.642231] [ 2168.642439] The buggy address belongs to the physical page: [ 2168.643107] page:00000000f99a6a32 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888176221b00 pfn:0x176221 [ 2168.644366] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 2168.645196] raw: 0017ffffc0000200 ffffea0005ebdf80 dead000000000004 ffff8881000418c0 [ 2168.646118] raw: ffff888176221b00 000000008010000f 00000001ffffffff 0000000000000000 [ 2168.647037] page dumped because: kasan: bad access detected [ 2168.647707] [ 2168.647914] Memory state around the buggy address: [ 2168.648499] ffff888176221900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2168.649362] ffff888176221980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2168.650225] >ffff888176221a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 2168.651087] ^ [ 2168.651941] ffff888176221a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2168.652806] ffff888176221b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2168.653672] ================================================================== [ 2168.654575] ================================================================== [ 2168.655445] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x4d9/0x510 [test_kasan] [ 2168.656406] Read of size 1 at addr ffff888176221a80 by task kunit_try_catch/48035 [ 2168.657305] [ 2168.657515] CPU: 0 PID: 48035 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-251.1961_763395317.el9.x86_64+debug #1 [ 2168.659121] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2168.659819] Call Trace: [ 2168.660132] [ 2168.660406] ? kmalloc_oob_right+0x4d9/0x510 [test_kasan] [ 2168.661062] dump_stack_lvl+0x57/0x81 [ 2168.661522] print_address_description.constprop.0+0x1f/0x1e0 [ 2168.662221] ? kmalloc_oob_right+0x4d9/0x510 [test_kasan] [ 2168.662879] print_report.cold+0x5c/0x237 [ 2168.663374] kasan_report+0xc9/0x100 [ 2168.663826] ? kmalloc_oob_right+0x4d9/0x510 [test_kasan] [ 2168.664485] kmalloc_oob_right+0x4d9/0x510 [test_kasan] [ 2168.665119] ? kmalloc_oob_left+0x2e0/0x2e0 [test_kasan] [ 2168.665774] ? lockdep_hardirqs_on_prepare.part.0+0x18c/0x370 [ 2168.666478] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2168.667154] ? kunit_add_resource+0x197/0x280 [kunit] [ 2168.667781] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2168.668379] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2168.669000] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2168.669740] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2168.670366] kthread+0x2a4/0x350 [ 2168.670779] ? kthread_complete_and_exit+0x20/0x20 [ 2168.671345] ret_from_fork+0x1f/0x30 [ 2168.671815] [ 2168.672097] [ 2168.672304] Allocated by task 48035: [ 2168.672754] kasan_save_stack+0x1e/0x40 [ 2168.673208] __kasan_kmalloc+0x81/0xa0 [ 2168.673683] kmalloc_oob_right+0x98/0x510 [test_kasan] [ 2168.674306] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2168.674906] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2168.675641] kthread+0x2a4/0x350 [ 2168.676046] ret_from_fork+0x1f/0x30 [ 2168.676494] [ 2168.676707] The buggy address belongs to the object at ffff888176221a00 [ 2168.676707] which belongs to the cache kmalloc-128 of size 128 [ 2168.678177] The buggy address is located 0 bytes to the right of [ 2168.678177] 128-byte region [ffff888176221a00, ffff888176221a80) [ 2168.679597] [ 2168.679805] The buggy address belongs to the physical page: [ 2168.680475] page:00000000f99a6a32 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888176221f00 pfn:0x176221 [ 2168.681740] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 2168.682574] raw: 0017ffffc0000200 ffffea0005ebdf80 dead000000000004 ffff8881000418c0 [ 2168.683498] raw: ffff888176221f00 000000008010000c 00000001ffffffff 0000000000000000 [ 2168.684418] page dumped because: kasan: bad access detected [ 2168.685090] [ 2168.685296] Memory state around the buggy address: [ 2168.685880] ffff888176221980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2168.686748] ffff888176221a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 2168.687616] >ffff888176221a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2168.688485] ^ [ 2168.688888] ffff888176221b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2168.689755] ffff888176221b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2168.690620] ================================================================== [ 2168.694443] ok 1 - kmalloc_oob_right [ 2168.700426] ================================================================== [ 2168.706091] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x2bf/0x2e0 [test_kasan] [ 2168.707037] Read of size 1 at addr ffff8881067ad25f by task kunit_try_catch/48036 [ 2168.707896] [ 2168.708097] CPU: 1 PID: 48036 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-251.1961_763395317.el9.x86_64+debug #1 [ 2168.709646] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2168.710313] Call Trace: [ 2168.710620] [ 2168.710884] ? kmalloc_oob_left+0x2bf/0x2e0 [test_kasan] [ 2168.711505] dump_stack_lvl+0x57/0x81 [ 2168.711947] print_address_description.constprop.0+0x1f/0x1e0 [ 2168.712617] ? kmalloc_oob_left+0x2bf/0x2e0 [test_kasan] [ 2168.713237] print_report.cold+0x5c/0x237 [ 2168.713718] kasan_report+0xc9/0x100 [ 2168.714148] ? kmalloc_oob_left+0x2bf/0x2e0 [test_kasan] [ 2168.714768] kmalloc_oob_left+0x2bf/0x2e0 [test_kasan] [ 2168.715371] ? kmalloc_pagealloc_oob_right+0x290/0x290 [test_kasan] [ 2168.716096] ? do_raw_spin_trylock+0xb5/0x180 [ 2168.716618] ? do_raw_spin_lock+0x270/0x270 [ 2168.717112] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2168.717763] ? kunit_add_resource+0x197/0x280 [kunit] [ 2168.718359] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2168.718937] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2168.719532] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2168.720259] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2168.720881] kthread+0x2a4/0x350 [ 2168.721296] ? kthread_complete_and_exit+0x20/0x20 [ 2168.721859] ret_from_fork+0x1f/0x30 [ 2168.722295] [ 2168.722571] [ 2168.722770] Allocated by task 0: [ 2168.723157] (stack is not available) [ 2168.723584] [ 2168.723783] Freed by task 47948: [ 2168.724170] kasan_save_stack+0x1e/0x40 [ 2168.724627] kasan_set_track+0x21/0x30 [ 2168.725069] kasan_set_free_info+0x20/0x40 [ 2168.725551] __kasan_slab_free+0x108/0x170 [ 2168.726031] slab_free_freelist_hook+0x11d/0x1d0 [ 2168.726578] kfree+0xe2/0x3c0 [ 2168.726941] kernfs_put.part.0+0x126/0x4a0 [ 2168.727424] __kernfs_remove+0x353/0x610 [ 2168.727890] kernfs_remove+0x73/0xa0 [ 2168.728314] __kobject_del+0xbb/0x1b0 [ 2168.728755] kobject_del+0x32/0x50 [ 2168.729162] device_del+0x75f/0xb60 [ 2168.729583] device_unregister+0x13/0xa0 [ 2168.730046] snd_soc_tplg_component_remove+0x532/0xca0 [snd_soc_core] [ 2168.730849] d_remove+0x71/0x160 [soc_topology_test] [ 2168.731434] soc_remove_component+0x1cd/0x270 [snd_soc_core] [ 2168.732121] soc_cleanup_card_resources+0x211/0x8e0 [snd_soc_core] [ 2168.732859] snd_soc_unregister_card+0x26b/0x300 [snd_soc_core] [ 2168.733572] snd_soc_tplg_test_load_pcm_tplg_reload_card+0x576/0x670 [soc_topology_test] [ 2168.734494] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2168.735065] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2168.735783] kthread+0x2a4/0x350 [ 2168.736171] ret_from_fork+0x1f/0x30 [ 2168.736602] [ 2168.736800] The buggy address belongs to the object at ffff8881067ad240 [ 2168.736800] which belongs to the cache kmalloc-16 of size 16 [ 2168.738249] The buggy address is located 15 bytes to the right of [ 2168.738249] 16-byte region [ffff8881067ad240, ffff8881067ad250) [ 2168.739616] [ 2168.739814] The buggy address belongs to the physical page: [ 2168.740459] page:0000000037ed5ff3 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff8881067ad2a0 pfn:0x1067ad [ 2168.741667] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 2168.742503] raw: 0017ffffc0000200 ffffea000862f2c0 dead000000000002 ffff8881000413c0 [ 2168.743421] raw: ffff8881067ad2a0 0000000080800039 00000001ffffffff 0000000000000000 [ 2168.744304] page dumped because: kasan: bad access detected [ 2168.744947] [ 2168.745144] Memory state around the buggy address: [ 2168.745705] ffff8881067ad100: fb fb fc fc fa fb fc fc fb fb fc fc fb fb fc fc [ 2168.746537] ffff8881067ad180: fa fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 2168.747364] >ffff8881067ad200: fa fb fc fc fb fb fc fc fa fb fc fc 00 07 fc fc [ 2168.748193] ^ [ 2168.748897] ffff8881067ad280: fb fb fc fc fb fb fc fc fa fb fc fc fb fb fc fc [ 2168.749725] ffff8881067ad300: fb fb fc fc fb fb fc fc fb fb fc fc fa fb fc fc [ 2168.750557] ================================================================== [ 2168.751487] ok 2 - kmalloc_oob_left [ 2168.756888] ================================================================== [ 2168.758206] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x2bf/0x2e0 [test_kasan] [ 2168.759231] Read of size 1 at addr ffff888106fc1000 by task kunit_try_catch/48037 [ 2168.760127] [ 2168.760328] CPU: 0 PID: 48037 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-251.1961_763395317.el9.x86_64+debug #1 [ 2168.761885] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2168.762555] Call Trace: [ 2168.762856] [ 2168.763122] ? kmalloc_node_oob_right+0x2bf/0x2e0 [test_kasan] [ 2168.763807] dump_stack_lvl+0x57/0x81 [ 2168.764250] print_address_description.constprop.0+0x1f/0x1e0 [ 2168.764927] ? kmalloc_node_oob_right+0x2bf/0x2e0 [test_kasan] [ 2168.765612] print_report.cold+0x5c/0x237 [ 2168.766093] kasan_report+0xc9/0x100 [ 2168.766529] ? kmalloc_node_oob_right+0x2bf/0x2e0 [test_kasan] [ 2168.767213] kmalloc_node_oob_right+0x2bf/0x2e0 [test_kasan] [ 2168.767883] ? pagealloc_uaf+0x2f0/0x2f0 [test_kasan] [ 2168.768502] ? do_raw_spin_trylock+0xb5/0x180 [ 2168.769042] ? do_raw_spin_lock+0x270/0x270 [ 2168.769561] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2168.770239] ? kunit_add_resource+0x197/0x280 [kunit] [ 2168.770863] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2168.771464] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2168.772085] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2168.772822] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2168.773447] kthread+0x2a4/0x350 [ 2168.773854] ? kthread_complete_and_exit+0x20/0x20 [ 2168.774441] ret_from_fork+0x1f/0x30 [ 2168.774898] [ 2168.775181] [ 2168.775387] Allocated by task 48037: [ 2168.775833] kasan_save_stack+0x1e/0x40 [ 2168.776288] __kasan_kmalloc+0x81/0xa0 [ 2168.776763] kmalloc_node_oob_right+0x9a/0x2e0 [test_kasan] [ 2168.777431] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2168.778028] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2168.778771] kthread+0x2a4/0x350 [ 2168.779161] ret_from_fork+0x1f/0x30 [ 2168.779595] [ 2168.779796] The buggy address belongs to the object at ffff888106fc0000 [ 2168.779796] which belongs to the cache kmalloc-4k of size 4096 [ 2168.781218] The buggy address is located 0 bytes to the right of [ 2168.781218] 4096-byte region [ffff888106fc0000, ffff888106fc1000) [ 2168.782598] [ 2168.782798] The buggy address belongs to the physical page: [ 2168.783445] page:00000000b62d7a8c refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888106fc4000 pfn:0x106fc0 [ 2168.784664] head:00000000b62d7a8c order:3 compound_mapcount:0 compound_pincount:0 [ 2168.785568] flags: 0x17ffffc0010200(slab|head|node=0|zone=2|lastcpupid=0x1fffff) [ 2168.786441] raw: 0017ffffc0010200 0000000000000000 dead000000000001 ffff888100042140 [ 2168.787332] raw: ffff888106fc4000 0000000080040003 00000001ffffffff 0000000000000000 [ 2168.788221] page dumped because: kasan: bad access detected [ 2168.788868] [ 2168.789067] Memory state around the buggy address: [ 2168.789629] ffff888106fc0f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2168.790463] ffff888106fc0f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2168.791294] >ffff888106fc1000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2168.792130] ^ [ 2168.792549] ffff888106fc1080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2168.793418] ffff888106fc1100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2168.794252] ================================================================== [ 2168.795839] ok 3 - kmalloc_node_oob_right [ 2168.795972] ================================================================== [ 2168.797344] BUG: KASAN: slab-out-of-bounds in kmalloc_pagealloc_oob_right+0x27b/0x290 [test_kasan] [ 2168.798376] Write of size 1 at addr ffff888146eee00a by task kunit_try_catch/48038 [ 2168.799246] [ 2168.799445] CPU: 1 PID: 48038 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-251.1961_763395317.el9.x86_64+debug #1 [ 2168.801012] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2168.801707] Call Trace: [ 2168.802018] [ 2168.802291] ? kmalloc_pagealloc_oob_right+0x27b/0x290 [test_kasan] [ 2168.803054] dump_stack_lvl+0x57/0x81 [ 2168.803499] print_address_description.constprop.0+0x1f/0x1e0 [ 2168.804170] ? kmalloc_pagealloc_oob_right+0x27b/0x290 [test_kasan] [ 2168.804899] print_report.cold+0x5c/0x237 [ 2168.805377] kasan_report+0xc9/0x100 [ 2168.805811] ? kmalloc_pagealloc_oob_right+0x27b/0x290 [test_kasan] [ 2168.806579] kmalloc_pagealloc_oob_right+0x27b/0x290 [test_kasan] [ 2168.807314] ? kmalloc_pagealloc_uaf+0x280/0x280 [test_kasan] [ 2168.807989] ? do_raw_spin_trylock+0xb5/0x180 [ 2168.808514] ? do_raw_spin_lock+0x270/0x270 [ 2168.809010] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2168.809664] ? kunit_add_resource+0x197/0x280 [kunit] [ 2168.810260] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2168.810837] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2168.811429] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2168.812139] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2168.812741] kthread+0x2a4/0x350 [ 2168.813130] ? kthread_complete_and_exit+0x20/0x20 [ 2168.813697] ret_from_fork+0x1f/0x30 [ 2168.814136] [ 2168.814410] [ 2168.814614] The buggy address belongs to the physical page: [ 2168.815257] page:0000000064a8587e refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x146eec [ 2168.816324] head:0000000064a8587e order:2 compound_mapcount:0 compound_pincount:0 [ 2168.817181] flags: 0x17ffffc0010000(head|node=0|zone=2|lastcpupid=0x1fffff) [ 2168.817985] raw: 0017ffffc0010000 0000000000000000 dead000000000122 0000000000000000 [ 2168.818873] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 2168.819764] page dumped because: kasan: bad access detected [ 2168.820406] [ 2168.820609] Memory state around the buggy address: [ 2168.821167] ffff888146eedf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2168.822002] ffff888146eedf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2168.822836] >ffff888146eee000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 2168.823667] ^ [ 2168.824083] ffff888146eee080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 2168.824914] ffff888146eee100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 2168.825749] ================================================================== [ 2168.829276] ok 4 - kmalloc_pagealloc_oob_right [ 2168.833702] ================================================================== [ 2168.835164] BUG: KASAN: use-after-free in kmalloc_pagealloc_uaf+0x26b/0x280 [test_kasan] [ 2168.836098] Read of size 1 at addr ffff8881065b8000 by task kunit_try_catch/48039 [ 2168.836964] [ 2168.837166] CPU: 0 PID: 48039 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-251.1961_763395317.el9.x86_64+debug #1 [ 2168.838724] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2168.839393] Call Trace: [ 2168.839698] [ 2168.839964] ? kmalloc_pagealloc_uaf+0x26b/0x280 [test_kasan] [ 2168.840641] dump_stack_lvl+0x57/0x81 [ 2168.841081] print_address_description.constprop.0+0x1f/0x1e0 [ 2168.841759] ? kmalloc_pagealloc_uaf+0x26b/0x280 [test_kasan] [ 2168.842432] print_report.cold+0x5c/0x237 [ 2168.842948] kasan_report+0xc9/0x100 [ 2168.843394] ? kmalloc_pagealloc_uaf+0x26b/0x280 [test_kasan] [ 2168.844093] kmalloc_pagealloc_uaf+0x26b/0x280 [test_kasan] [ 2168.844748] ? kmalloc_pagealloc_invalid_free+0x250/0x250 [test_kasan] [ 2168.845510] ? do_raw_spin_trylock+0xb5/0x180 [ 2168.846031] ? do_raw_spin_lock+0x270/0x270 [ 2168.846536] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2168.847188] ? kunit_add_resource+0x197/0x280 [kunit] [ 2168.847789] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2168.848394] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2168.849014] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2168.849748] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2168.850350] kthread+0x2a4/0x350 [ 2168.850745] ? kthread_complete_and_exit+0x20/0x20 [ 2168.851309] ret_from_fork+0x1f/0x30 [ 2168.851751] [ 2168.852045] [ 2168.852251] The buggy address belongs to the physical page: [ 2168.852924] page:00000000fb82eda3 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065b8 [ 2168.854009] flags: 0x17ffffc0000000(node=0|zone=2|lastcpupid=0x1fffff) [ 2168.854773] raw: 0017ffffc0000000 ffffea0005d0b408 ffff8881e01ff370 0000000000000000 [ 2168.855665] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 2168.856553] page dumped because: kasan: bad access detected [ 2168.857198] [ 2168.857399] Memory state around the buggy address: [ 2168.857966] ffff8881065b7f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 2168.858800] ffff8881065b7f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 2168.859635] >ffff8881065b8000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 2168.860470] ^ [ 2168.860860] ffff8881065b8080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 2168.861692] ffff8881065b8100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 2168.862527] ================================================================== [ 2168.863498] ok 5 - kmalloc_pagealloc_uaf [ 2168.863625] ================================================================== [ 2168.864983] BUG: KASAN: double-free or invalid-free in kmalloc_pagealloc_invalid_free+0x191/0x250 [test_kasan] [ 2168.866128] [ 2168.866329] CPU: 1 PID: 48040 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-251.1961_763395317.el9.x86_64+debug #1 [ 2168.867874] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2168.868547] Call Trace: [ 2168.868852] [ 2168.869116] dump_stack_lvl+0x57/0x81 [ 2168.869557] print_address_description.constprop.0+0x1f/0x1e0 [ 2168.870227] print_report.cold+0x5c/0x237 [ 2168.870703] ? kmalloc_pagealloc_invalid_free+0x191/0x250 [test_kasan] [ 2168.871457] ? kmalloc_pagealloc_invalid_free+0x191/0x250 [test_kasan] [ 2168.872210] kasan_report_invalid_free+0x99/0xc0 [ 2168.872758] ? kmalloc_pagealloc_invalid_free+0x191/0x250 [test_kasan] [ 2168.873513] kfree+0x2ab/0x3c0 [ 2168.873888] kmalloc_pagealloc_invalid_free+0x191/0x250 [test_kasan] [ 2168.874627] ? kmalloc_large_oob_right+0x2b0/0x2b0 [test_kasan] [ 2168.875315] ? do_raw_spin_trylock+0xb5/0x180 [ 2168.875837] ? do_raw_spin_lock+0x270/0x270 [ 2168.876335] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2168.876985] ? kunit_add_resource+0x197/0x280 [kunit] [ 2168.877585] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2168.878157] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2168.878750] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2168.879458] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2168.880057] kthread+0x2a4/0x350 [ 2168.880446] ? kthread_complete_and_exit+0x20/0x20 [ 2168.881011] ret_from_fork+0x1f/0x30 [ 2168.881448] [ 2168.881725] [ 2168.881923] The buggy address belongs to the physical page: [ 2168.882564] page:0000000064a8587e refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x146eec [ 2168.883655] head:0000000064a8587e order:2 compound_mapcount:0 compound_pincount:0 [ 2168.884555] flags: 0x17ffffc0010000(head|node=0|zone=2|lastcpupid=0x1fffff) [ 2168.885351] raw: 0017ffffc0010000 0000000000000000 dead000000000122 0000000000000000 [ 2168.886233] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 2168.887116] page dumped because: kasan: bad access detected [ 2168.887760] [ 2168.887958] Memory state around the buggy address: [ 2168.888519] ffff888146eebf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 2168.889343] ffff888146eebf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 2168.890176] >ffff888146eec000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2168.891006] ^ [ 2168.891394] ffff888146eec080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2168.892224] ffff888146eec100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2168.893076] ================================================================== [ 2168.895871] ok 6 - kmalloc_pagealloc_invalid_free [ 2168.898653] ok 7 - pagealloc_oob_right # SKIP Test requires CONFIG_KASAN_GENERIC=n [ 2168.907305] ================================================================== [ 2168.909082] BUG: KASAN: use-after-free in pagealloc_uaf+0x2b5/0x2f0 [test_kasan] [ 2168.909950] Read of size 1 at addr ffff88817b160000 by task kunit_try_catch/48042 [ 2168.910814] [ 2168.911015] CPU: 0 PID: 48042 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-251.1961_763395317.el9.x86_64+debug #1 [ 2168.912566] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2168.913237] Call Trace: [ 2168.913544] [ 2168.913811] ? pagealloc_uaf+0x2b5/0x2f0 [test_kasan] [ 2168.914406] dump_stack_lvl+0x57/0x81 [ 2168.914852] print_address_description.constprop.0+0x1f/0x1e0 [ 2168.915531] ? pagealloc_uaf+0x2b5/0x2f0 [test_kasan] [ 2168.916127] print_report.cold+0x5c/0x237 [ 2168.916609] kasan_report+0xc9/0x100 [ 2168.917040] ? pagealloc_uaf+0x2b5/0x2f0 [test_kasan] [ 2168.917673] pagealloc_uaf+0x2b5/0x2f0 [test_kasan] [ 2168.918270] ? krealloc_more_oob+0x10/0x10 [test_kasan] [ 2168.918906] ? do_raw_spin_trylock+0xb5/0x180 [ 2168.919445] ? do_raw_spin_lock+0x270/0x270 [ 2168.919967] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2168.920645] ? kunit_add_resource+0x197/0x280 [kunit] [ 2168.921273] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2168.921857] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2168.922455] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2168.923168] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2168.923776] kthread+0x2a4/0x350 [ 2168.924169] ? kthread_complete_and_exit+0x20/0x20 [ 2168.924742] ret_from_fork+0x1f/0x30 [ 2168.925181] [ 2168.925456] [ 2168.925656] The buggy address belongs to the physical page: [ 2168.926308] page:00000000cde2797e refcount:0 mapcount:-128 mapping:0000000000000000 index:0x0 pfn:0x17b160 [ 2168.927409] flags: 0x17ffffc0000000(node=0|zone=2|lastcpupid=0x1fffff) [ 2168.928165] raw: 0017ffffc0000000 ffffea0006650408 ffff88823ffd6220 0000000000000000 [ 2168.929057] raw: 0000000000000000 0000000000000004 00000000ffffff7f 0000000000000000 [ 2168.929944] page dumped because: kasan: bad access detected [ 2168.930627] [ 2168.930835] Memory state around the buggy address: [ 2168.931424] ffff88817b15ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2168.932261] ffff88817b15ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2168.933097] >ffff88817b160000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 2168.933964] ^ [ 2168.934367] ffff88817b160080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 2168.935221] ffff88817b160100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 2168.936056] ================================================================== [ 2168.937700] ok 8 - pagealloc_uaf [ 2168.941283] ================================================================== [ 2168.942573] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x28c/0x2b0 [test_kasan] [ 2168.943601] Write of size 1 at addr ffff88816da61f00 by task kunit_try_catch/48043 [ 2168.944502] [ 2168.944702] CPU: 1 PID: 48043 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-251.1961_763395317.el9.x86_64+debug #1 [ 2168.946240] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2168.946906] Call Trace: [ 2168.947205] [ 2168.947470] ? kmalloc_large_oob_right+0x28c/0x2b0 [test_kasan] [ 2168.948157] dump_stack_lvl+0x57/0x81 [ 2168.948596] print_address_description.constprop.0+0x1f/0x1e0 [ 2168.949264] ? kmalloc_large_oob_right+0x28c/0x2b0 [test_kasan] [ 2168.949951] print_report.cold+0x5c/0x237 [ 2168.950426] kasan_report+0xc9/0x100 [ 2168.950858] ? kmalloc_large_oob_right+0x28c/0x2b0 [test_kasan] [ 2168.951548] kmalloc_large_oob_right+0x28c/0x2b0 [test_kasan] [ 2168.952218] ? kmalloc_oob_16+0x3b0/0x3b0 [test_kasan] [ 2168.952857] ? do_raw_spin_trylock+0xb5/0x180 [ 2168.953391] ? do_raw_spin_lock+0x270/0x270 [ 2168.953902] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2168.954551] ? kunit_add_resource+0x197/0x280 [kunit] [ 2168.955144] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2168.955718] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2168.956308] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2168.957015] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2168.957618] kthread+0x2a4/0x350 [ 2168.958008] ? kthread_complete_and_exit+0x20/0x20 [ 2168.958577] ret_from_fork+0x1f/0x30 [ 2168.959012] [ 2168.959285] [ 2168.959486] Allocated by task 48043: [ 2168.959936] kasan_save_stack+0x1e/0x40 [ 2168.960403] __kasan_kmalloc+0x81/0xa0 [ 2168.960873] kmalloc_large_oob_right+0x98/0x2b0 [test_kasan] [ 2168.961538] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2168.962108] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2168.962817] kthread+0x2a4/0x350 [ 2168.963207] ret_from_fork+0x1f/0x30 [ 2168.963636] [ 2168.963833] The buggy address belongs to the object at ffff88816da60000 [ 2168.963833] which belongs to the cache kmalloc-8k of size 8192 [ 2168.965240] The buggy address is located 7936 bytes inside of [ 2168.965240] 8192-byte region [ffff88816da60000, ffff88816da62000) [ 2168.966582] [ 2168.966780] The buggy address belongs to the physical page: [ 2168.967419] page:0000000089332c2f refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x16da60 [ 2168.968489] head:0000000089332c2f order:3 compound_mapcount:0 compound_pincount:0 [ 2168.969342] flags: 0x17ffffc0010200(slab|head|node=0|zone=2|lastcpupid=0x1fffff) [ 2168.970195] raw: 0017ffffc0010200 ffffea0005ec0000 dead000000000002 ffff888100042280 [ 2168.971078] raw: 0000000000000000 0000000080020002 00000001ffffffff 0000000000000000 [ 2168.971962] page dumped because: kasan: bad access detected [ 2168.972603] [ 2168.972800] Memory state around the buggy address: [ 2168.973357] ffff88816da61e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2168.974185] ffff88816da61e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2168.975015] >ffff88816da61f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2168.975848] ^ [ 2168.976235] ffff88816da61f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2168.977067] ffff88816da62000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2168.977895] ================================================================== [ 2168.978799] ok 9 - kmalloc_large_oob_right [ 2168.987104] ================================================================== [ 2168.988506] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c3/0x610 [test_kasan] [ 2168.989509] Write of size 1 at addr ffff8881071efaeb by task kunit_try_catch/48044 [ 2168.990382] [ 2168.990586] CPU: 0 PID: 48044 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-251.1961_763395317.el9.x86_64+debug #1 [ 2168.992136] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2168.992807] Call Trace: [ 2168.993109] [ 2168.993396] ? krealloc_more_oob_helper+0x5c3/0x610 [test_kasan] [ 2168.994128] dump_stack_lvl+0x57/0x81 [ 2168.994596] print_address_description.constprop.0+0x1f/0x1e0 [ 2168.995271] ? krealloc_more_oob_helper+0x5c3/0x610 [test_kasan] [ 2168.995975] print_report.cold+0x5c/0x237 [ 2168.996457] kasan_report+0xc9/0x100 [ 2168.996888] ? krealloc_more_oob_helper+0x5c3/0x610 [test_kasan] [ 2168.997595] krealloc_more_oob_helper+0x5c3/0x610 [test_kasan] [ 2168.998278] ? krealloc_less_oob+0x10/0x10 [test_kasan] [ 2168.998891] ? rcu_read_lock_sched_held+0x12/0x80 [ 2168.999454] ? rcu_read_lock_sched_held+0x12/0x80 [ 2169.000009] ? lock_acquire+0x4ea/0x620 [ 2169.000470] ? rcu_read_unlock+0x40/0x40 [ 2169.000936] ? rcu_read_unlock+0x40/0x40 [ 2169.001400] ? rcu_read_lock_sched_held+0x12/0x80 [ 2169.001960] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2169.002641] ? do_raw_spin_lock+0x270/0x270 [ 2169.003155] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 2169.003898] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2169.004484] ? kunit_add_resource+0x197/0x280 [kunit] [ 2169.005081] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2169.005662] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2169.006256] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2169.006990] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2169.007614] kthread+0x2a4/0x350 [ 2169.008029] ? kthread_complete_and_exit+0x20/0x20 [ 2169.008596] ret_from_fork+0x1f/0x30 [ 2169.009034] [ 2169.009307] [ 2169.009509] Allocated by task 48044: [ 2169.009934] kasan_save_stack+0x1e/0x40 [ 2169.010388] __kasan_krealloc+0xee/0x160 [ 2169.010854] krealloc+0x50/0xe0 [ 2169.011239] krealloc_more_oob_helper+0x1d5/0x610 [test_kasan] [ 2169.011926] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2169.012504] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2169.013216] kthread+0x2a4/0x350 [ 2169.013609] ret_from_fork+0x1f/0x30 [ 2169.014039] [ 2169.014238] The buggy address belongs to the object at ffff8881071efa00 [ 2169.014238] which belongs to the cache kmalloc-256 of size 256 [ 2169.015655] The buggy address is located 235 bytes inside of [ 2169.015655] 256-byte region [ffff8881071efa00, ffff8881071efb00) [ 2169.016984] [ 2169.017185] The buggy address belongs to the physical page: [ 2169.017833] page:00000000ca1b1f9d refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1071ee [ 2169.018906] head:00000000ca1b1f9d order:1 compound_mapcount:0 compound_pincount:0 [ 2169.019770] flags: 0x17ffffc0010200(slab|head|node=0|zone=2|lastcpupid=0x1fffff) [ 2169.020629] raw: 0017ffffc0010200 ffffea0005e4ce00 dead000000000005 ffff888100041b40 [ 2169.021519] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 2169.022403] page dumped because: kasan: bad access detected [ 2169.023048] [ 2169.023247] Memory state around the buggy address: [ 2169.023809] ffff8881071ef980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2169.024640] ffff8881071efa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2169.025475] >ffff8881071efa80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 2169.026304] ^ [ 2169.027093] ffff8881071efb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2169.027969] ffff8881071efb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2169.028802] ================================================================== [ 2169.029677] ================================================================== [ 2169.030517] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5b6/0x610 [test_kasan] [ 2169.031519] Write of size 1 at addr ffff8881071efaf0 by task kunit_try_catch/48044 [ 2169.032386] [ 2169.032588] CPU: 0 PID: 48044 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-251.1961_763395317.el9.x86_64+debug #1 [ 2169.034159] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2169.034854] Call Trace: [ 2169.035173] [ 2169.035437] ? krealloc_more_oob_helper+0x5b6/0x610 [test_kasan] [ 2169.036142] dump_stack_lvl+0x57/0x81 [ 2169.036586] print_address_description.constprop.0+0x1f/0x1e0 [ 2169.037261] ? krealloc_more_oob_helper+0x5b6/0x610 [test_kasan] [ 2169.037963] print_report.cold+0x5c/0x237 [ 2169.038440] kasan_report+0xc9/0x100 [ 2169.038877] ? krealloc_more_oob_helper+0x5b6/0x610 [test_kasan] [ 2169.039582] krealloc_more_oob_helper+0x5b6/0x610 [test_kasan] [ 2169.040268] ? krealloc_less_oob+0x10/0x10 [test_kasan] [ 2169.040881] ? rcu_read_lock_sched_held+0x12/0x80 [ 2169.041437] ? rcu_read_lock_sched_held+0x12/0x80 [ 2169.041994] ? lock_acquire+0x4ea/0x620 [ 2169.042456] ? rcu_read_unlock+0x40/0x40 [ 2169.042921] ? rcu_read_unlock+0x40/0x40 [ 2169.043384] ? rcu_read_lock_sched_held+0x12/0x80 [ 2169.043974] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2169.044652] ? do_raw_spin_lock+0x270/0x270 [ 2169.045161] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 2169.045878] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2169.046465] ? kunit_add_resource+0x197/0x280 [kunit] [ 2169.047063] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2169.047644] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2169.048237] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2169.048951] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2169.049557] kthread+0x2a4/0x350 [ 2169.049950] ? kthread_complete_and_exit+0x20/0x20 [ 2169.050516] ret_from_fork+0x1f/0x30 [ 2169.050952] [ 2169.051226] [ 2169.051425] Allocated by task 48044: [ 2169.051857] kasan_save_stack+0x1e/0x40 [ 2169.052311] __kasan_krealloc+0xee/0x160 [ 2169.052801] krealloc+0x50/0xe0 [ 2169.053196] krealloc_more_oob_helper+0x1d5/0x610 [test_kasan] [ 2169.053914] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2169.054492] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2169.055204] kthread+0x2a4/0x350 [ 2169.055598] ret_from_fork+0x1f/0x30 [ 2169.056027] [ 2169.056227] The buggy address belongs to the object at ffff8881071efa00 [ 2169.056227] which belongs to the cache kmalloc-256 of size 256 [ 2169.057638] The buggy address is located 240 bytes inside of [ 2169.057638] 256-byte region [ffff8881071efa00, ffff8881071efb00) [ 2169.058972] [ 2169.059172] The buggy address belongs to the physical page: [ 2169.059818] page:00000000ca1b1f9d refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1071ee [ 2169.060890] head:00000000ca1b1f9d order:1 compound_mapcount:0 compound_pincount:0 [ 2169.061754] flags: 0x17ffffc0010200(slab|head|node=0|zone=2|lastcpupid=0x1fffff) [ 2169.062612] raw: 0017ffffc0010200 ffffea0005e4ce00 dead000000000005 ffff888100041b40 [ 2169.063505] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 2169.064388] page dumped because: kasan: bad access detected [ 2169.065033] [ 2169.065233] Memory state around the buggy address: [ 2169.065796] ffff8881071ef980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2169.066635] ffff8881071efa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2169.067470] >ffff8881071efa80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 2169.068301] ^ [ 2169.069091] ffff8881071efb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2169.069925] ffff8881071efb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2169.070759] ================================================================== [ 2169.071699] ok 10 - krealloc_more_oob [ 2169.074585] ================================================================== [ 2169.075958] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan] [ 2169.077124] Write of size 1 at addr ffff8881071ef8c9 by task kunit_try_catch/48045 [ 2169.078051] [ 2169.078259] CPU: 0 PID: 48045 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-251.1961_763395317.el9.x86_64+debug #1 [ 2169.079871] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2169.080568] Call Trace: [ 2169.080879] [ 2169.081153] ? krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan] [ 2169.081883] dump_stack_lvl+0x57/0x81 [ 2169.082339] print_address_description.constprop.0+0x1f/0x1e0 [ 2169.083038] ? krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan] [ 2169.083769] print_report.cold+0x5c/0x237 [ 2169.084263] kasan_report+0xc9/0x100 [ 2169.084713] ? krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan] [ 2169.085438] krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan] [ 2169.086171] ? krealloc_uaf+0x450/0x450 [test_kasan] [ 2169.086777] ? rcu_read_lock_sched_held+0x12/0x80 [ 2169.087352] ? rcu_read_lock_sched_held+0x12/0x80 [ 2169.087930] ? lock_acquire+0x4ea/0x620 [ 2169.088404] ? rcu_read_unlock+0x40/0x40 [ 2169.088888] ? rcu_read_unlock+0x40/0x40 [ 2169.089371] ? rcu_read_lock_sched_held+0x12/0x80 [ 2169.089953] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2169.090630] ? do_raw_spin_lock+0x270/0x270 [ 2169.091144] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 2169.091884] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2169.092491] ? kunit_add_resource+0x197/0x280 [kunit] [ 2169.093109] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2169.093712] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2169.094326] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2169.095068] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2169.095696] kthread+0x2a4/0x350 [ 2169.096101] ? kthread_complete_and_exit+0x20/0x20 [ 2169.096691] ret_from_fork+0x1f/0x30 [ 2169.097146] [ 2169.097429] [ 2169.097639] Allocated by task 48045: [ 2169.098082] kasan_save_stack+0x1e/0x40 [ 2169.098557] __kasan_krealloc+0xee/0x160 [ 2169.099038] krealloc+0x50/0xe0 [ 2169.099435] krealloc_less_oob_helper+0x1d9/0xa20 [test_kasan] [ 2169.100146] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2169.100743] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2169.101479] kthread+0x2a4/0x350 [ 2169.101884] ret_from_fork+0x1f/0x30 [ 2169.102327] [ 2169.102536] The buggy address belongs to the object at ffff8881071ef800 [ 2169.102536] which belongs to the cache kmalloc-256 of size 256 [ 2169.104006] The buggy address is located 201 bytes inside of [ 2169.104006] 256-byte region [ffff8881071ef800, ffff8881071ef900) [ 2169.105383] [ 2169.105592] The buggy address belongs to the physical page: [ 2169.106258] page:00000000ca1b1f9d refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1071ee [ 2169.107371] head:00000000ca1b1f9d order:1 compound_mapcount:0 compound_pincount:0 [ 2169.108263] flags: 0x17ffffc0010200(slab|head|node=0|zone=2|lastcpupid=0x1fffff) [ 2169.109149] raw: 0017ffffc0010200 ffffea0005e4ce00 dead000000000005 ffff888100041b40 [ 2169.110070] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 2169.110988] page dumped because: kasan: bad access detected [ 2169.111658] [ 2169.111864] Memory state around the buggy address: [ 2169.112447] ffff8881071ef780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2169.113310] ffff8881071ef800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2169.114171] >ffff8881071ef880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 2169.115034] ^ [ 2169.115706] ffff8881071ef900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2169.116572] ffff8881071ef980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2169.117433] ================================================================== [ 2169.118400] ================================================================== [ 2169.119271] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan] [ 2169.120312] Write of size 1 at addr ffff8881071ef8d0 by task kunit_try_catch/48045 [ 2169.121216] [ 2169.121424] CPU: 0 PID: 48045 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-251.1961_763395317.el9.x86_64+debug #1 [ 2169.123036] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2169.123735] Call Trace: [ 2169.124037] [ 2169.124302] ? krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan] [ 2169.125044] dump_stack_lvl+0x57/0x81 [ 2169.125504] print_address_description.constprop.0+0x1f/0x1e0 [ 2169.126193] ? krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan] [ 2169.126932] print_report.cold+0x5c/0x237 [ 2169.127427] kasan_report+0xc9/0x100 [ 2169.127876] ? krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan] [ 2169.128607] krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan] [ 2169.129316] ? krealloc_uaf+0x450/0x450 [test_kasan] [ 2169.129927] ? rcu_read_lock_sched_held+0x12/0x80 [ 2169.130506] ? rcu_read_lock_sched_held+0x12/0x80 [ 2169.131079] ? lock_acquire+0x4ea/0x620 [ 2169.131555] ? rcu_read_unlock+0x40/0x40 [ 2169.132039] ? rcu_read_unlock+0x40/0x40 [ 2169.132536] ? rcu_read_lock_sched_held+0x12/0x80 [ 2169.133113] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2169.133793] ? do_raw_spin_lock+0x270/0x270 [ 2169.134309] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 2169.135052] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2169.135659] ? kunit_add_resource+0x197/0x280 [kunit] [ 2169.136278] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2169.136878] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2169.137499] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2169.138235] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2169.138867] kthread+0x2a4/0x350 [ 2169.139274] ? kthread_complete_and_exit+0x20/0x20 [ 2169.139864] ret_from_fork+0x1f/0x30 [ 2169.140317] [ 2169.140606] [ 2169.140814] Allocated by task 48045: [ 2169.141255] kasan_save_stack+0x1e/0x40 [ 2169.141732] __kasan_krealloc+0xee/0x160 [ 2169.142213] krealloc+0x50/0xe0 [ 2169.142613] krealloc_less_oob_helper+0x1d9/0xa20 [test_kasan] [ 2169.143319] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2169.143917] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2169.144655] kthread+0x2a4/0x350 [ 2169.145059] ret_from_fork+0x1f/0x30 [ 2169.145507] [ 2169.145713] The buggy address belongs to the object at ffff8881071ef800 [ 2169.145713] which belongs to the cache kmalloc-256 of size 256 [ 2169.147173] The buggy address is located 208 bytes inside of [ 2169.147173] 256-byte region [ffff8881071ef800, ffff8881071ef900) [ 2169.148554] [ 2169.148762] The buggy address belongs to the physical page: [ 2169.149428] page:00000000ca1b1f9d refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1071ee [ 2169.150543] head:00000000ca1b1f9d order:1 compound_mapcount:0 compound_pincount:0 [ 2169.151430] flags: 0x17ffffc0010200(slab|head|node=0|zone=2|lastcpupid=0x1fffff) [ 2169.152315] raw: 0017ffffc0010200 ffffea0005e4ce00 dead000000000005 ffff888100041b40 [ 2169.153237] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 2169.154160] page dumped because: kasan: bad access detected [ 2169.154828] [ 2169.155034] Memory state around the buggy address: [ 2169.155617] ffff8881071ef780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2169.156482] ffff8881071ef800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2169.157341] >ffff8881071ef880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 2169.158205] ^ [ 2169.158909] ffff8881071ef900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2169.159771] ffff8881071ef980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2169.160639] ================================================================== [ 2169.161531] ================================================================== [ 2169.162394] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan] [ 2169.163430] Write of size 1 at addr ffff8881071ef8da by task kunit_try_catch/48045 [ 2169.164333] [ 2169.164544] CPU: 0 PID: 48045 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-251.1961_763395317.el9.x86_64+debug #1 [ 2169.166149] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2169.166844] Call Trace: [ 2169.167156] [ 2169.167430] ? krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan] [ 2169.168160] dump_stack_lvl+0x57/0x81 [ 2169.168619] print_address_description.constprop.0+0x1f/0x1e0 [ 2169.169316] ? krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan] [ 2169.170045] print_report.cold+0x5c/0x237 [ 2169.170544] kasan_report+0xc9/0x100 [ 2169.170991] ? krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan] [ 2169.171720] krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan] [ 2169.172429] ? krealloc_uaf+0x450/0x450 [test_kasan] [ 2169.173035] ? rcu_read_lock_sched_held+0x12/0x80 [ 2169.173615] ? rcu_read_lock_sched_held+0x12/0x80 [ 2169.174189] ? lock_acquire+0x4ea/0x620 [ 2169.174664] ? rcu_read_unlock+0x40/0x40 [ 2169.175148] ? rcu_read_unlock+0x40/0x40 [ 2169.175631] ? rcu_read_lock_sched_held+0x12/0x80 [ 2169.176206] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2169.176884] ? do_raw_spin_lock+0x270/0x270 [ 2169.177399] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 2169.178142] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2169.178748] ? kunit_add_resource+0x197/0x280 [kunit] [ 2169.179368] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2169.179967] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2169.180587] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2169.181323] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2169.181950] kthread+0x2a4/0x350 [ 2169.182356] ? kthread_complete_and_exit+0x20/0x20 [ 2169.182944] ret_from_fork+0x1f/0x30 [ 2169.183397] [ 2169.183683] [ 2169.183890] Allocated by task 48045: [ 2169.184332] kasan_save_stack+0x1e/0x40 [ 2169.184808] __kasan_krealloc+0xee/0x160 [ 2169.185289] krealloc+0x50/0xe0 [ 2169.185693] krealloc_less_oob_helper+0x1d9/0xa20 [test_kasan] [ 2169.186401] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2169.186997] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2169.187736] kthread+0x2a4/0x350 [ 2169.188143] ret_from_fork+0x1f/0x30 [ 2169.188592] [ 2169.188798] The buggy address belongs to the object at ffff8881071ef800 [ 2169.188798] which belongs to the cache kmalloc-256 of size 256 [ 2169.190263] The buggy address is located 218 bytes inside of [ 2169.190263] 256-byte region [ffff8881071ef800, ffff8881071ef900) [ 2169.191649] [ 2169.191856] The buggy address belongs to the physical page: [ 2169.192525] page:00000000ca1b1f9d refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1071ee [ 2169.193636] head:00000000ca1b1f9d order:1 compound_mapcount:0 compound_pincount:0 [ 2169.194530] flags: 0x17ffffc0010200(slab|head|node=0|zone=2|lastcpupid=0x1fffff) [ 2169.195411] raw: 0017ffffc0010200 ffffea0005e4ce00 dead000000000005 ffff888100041b40 [ 2169.196333] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 2169.197257] page dumped because: kasan: bad access detected [ 2169.197926] [ 2169.198132] Memory state around the buggy address: [ 2169.198717] ffff8881071ef780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2169.199580] ffff8881071ef800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2169.200443] >ffff8881071ef880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 2169.201302] ^ [ 2169.202039] ffff8881071ef900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2169.202902] ffff8881071ef980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2169.203770] ================================================================== [ 2169.204651] ================================================================== [ 2169.205519] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan] [ 2169.206554] Write of size 1 at addr ffff8881071ef8ea by task kunit_try_catch/48045 [ 2169.207459] [ 2169.207666] CPU: 0 PID: 48045 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-251.1961_763395317.el9.x86_64+debug #1 [ 2169.209271] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2169.209965] Call Trace: [ 2169.210278] [ 2169.210555] ? krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan] [ 2169.211279] dump_stack_lvl+0x57/0x81 [ 2169.211737] print_address_description.constprop.0+0x1f/0x1e0 [ 2169.212432] ? krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan] [ 2169.213161] print_report.cold+0x5c/0x237 [ 2169.213659] kasan_report+0xc9/0x100 [ 2169.214106] ? krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan] [ 2169.214837] krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan] [ 2169.215550] ? krealloc_uaf+0x450/0x450 [test_kasan] [ 2169.216155] ? rcu_read_lock_sched_held+0x12/0x80 [ 2169.216732] ? rcu_read_lock_sched_held+0x12/0x80 [ 2169.217306] ? lock_acquire+0x4ea/0x620 [ 2169.217782] ? rcu_read_unlock+0x40/0x40 [ 2169.218264] ? rcu_read_unlock+0x40/0x40 [ 2169.218747] ? rcu_read_lock_sched_held+0x12/0x80 [ 2169.219324] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2169.220001] ? do_raw_spin_lock+0x270/0x270 [ 2169.220521] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 2169.221258] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2169.221864] ? kunit_add_resource+0x197/0x280 [kunit] [ 2169.222486] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2169.223082] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2169.223700] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2169.224435] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2169.225064] kthread+0x2a4/0x350 [ 2169.225471] ? kthread_complete_and_exit+0x20/0x20 [ 2169.226056] ret_from_fork+0x1f/0x30 [ 2169.226513] [ 2169.226796] [ 2169.227003] Allocated by task 48045: [ 2169.227449] kasan_save_stack+0x1e/0x40 [ 2169.227921] __kasan_krealloc+0xee/0x160 [ 2169.228402] krealloc+0x50/0xe0 [ 2169.228802] krealloc_less_oob_helper+0x1d9/0xa20 [test_kasan] [ 2169.229509] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2169.230105] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2169.230843] kthread+0x2a4/0x350 [ 2169.231248] ret_from_fork+0x1f/0x30 [ 2169.231695] [ 2169.231902] The buggy address belongs to the object at ffff8881071ef800 [ 2169.231902] which belongs to the cache kmalloc-256 of size 256 [ 2169.233364] The buggy address is located 234 bytes inside of [ 2169.233364] 256-byte region [ffff8881071ef800, ffff8881071ef900) [ 2169.234747] [ 2169.234955] The buggy address belongs to the physical page: [ 2169.235624] page:00000000ca1b1f9d refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1071ee [ 2169.236736] head:00000000ca1b1f9d order:1 compound_mapcount:0 compound_pincount:0 [ 2169.237629] flags: 0x17ffffc0010200(slab|head|node=0|zone=2|lastcpupid=0x1fffff) [ 2169.238515] raw: 0017ffffc0010200 ffffea0005e4ce00 dead000000000005 ffff888100041b40 [ 2169.239432] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 2169.240354] page dumped because: kasan: bad access detected [ 2169.241025] [ 2169.241231] Memory state around the buggy address: [ 2169.241815] ffff8881071ef780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2169.242677] ffff8881071ef800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2169.243542] >ffff8881071ef880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 2169.244402] ^ [ 2169.245196] ffff8881071ef900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2169.246061] ffff8881071ef980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2169.246923] ================================================================== [ 2169.247805] ================================================================== [ 2169.248672] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan] [ 2169.249708] Write of size 1 at addr ffff8881071ef8eb by task kunit_try_catch/48045 [ 2169.250613] [ 2169.250820] CPU: 0 PID: 48045 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-251.1961_763395317.el9.x86_64+debug #1 [ 2169.252424] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2169.253123] Call Trace: [ 2169.253441] [ 2169.253716] ? krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan] [ 2169.254446] dump_stack_lvl+0x57/0x81 [ 2169.254903] print_address_description.constprop.0+0x1f/0x1e0 [ 2169.255602] ? krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan] [ 2169.256329] print_report.cold+0x5c/0x237 [ 2169.256830] kasan_report+0xc9/0x100 [ 2169.257278] ? krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan] [ 2169.258010] krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan] [ 2169.258722] ? krealloc_uaf+0x450/0x450 [test_kasan] [ 2169.259328] ? rcu_read_lock_sched_held+0x12/0x80 [ 2169.259908] ? rcu_read_lock_sched_held+0x12/0x80 [ 2169.260486] ? lock_acquire+0x4ea/0x620 [ 2169.260960] ? rcu_read_unlock+0x40/0x40 [ 2169.261445] ? rcu_read_unlock+0x40/0x40 [ 2169.261927] ? rcu_read_lock_sched_held+0x12/0x80 [ 2169.262508] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2169.263183] ? do_raw_spin_lock+0x270/0x270 [ 2169.263704] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 2169.264447] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2169.265049] ? kunit_add_resource+0x197/0x280 [kunit] [ 2169.265677] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2169.266277] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2169.266898] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2169.267638] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2169.268263] kthread+0x2a4/0x350 [ 2169.268674] ? kthread_complete_and_exit+0x20/0x20 [ 2169.269259] ret_from_fork+0x1f/0x30 [ 2169.269716] [ 2169.270000] [ 2169.270206] Allocated by task 48045: [ 2169.270650] kasan_save_stack+0x1e/0x40 [ 2169.271122] __kasan_krealloc+0xee/0x160 [ 2169.271608] krealloc+0x50/0xe0 [ 2169.272003] krealloc_less_oob_helper+0x1d9/0xa20 [test_kasan] [ 2169.272714] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2169.273310] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2169.274048] kthread+0x2a4/0x350 [ 2169.274459] ret_from_fork+0x1f/0x30 [ 2169.274904] [ 2169.275110] The buggy address belongs to the object at ffff8881071ef800 [ 2169.275110] which belongs to the cache kmalloc-256 of size 256 [ 2169.276578] The buggy address is located 235 bytes inside of [ 2169.276578] 256-byte region [ffff8881071ef800, ffff8881071ef900) [ 2169.277957] [ 2169.278164] The buggy address belongs to the physical page: [ 2169.278832] page:00000000ca1b1f9d refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1071ee [ 2169.279943] head:00000000ca1b1f9d order:1 compound_mapcount:0 compound_pincount:0 [ 2169.280838] flags: 0x17ffffc0010200(slab|head|node=0|zone=2|lastcpupid=0x1fffff) [ 2169.281728] raw: 0017ffffc0010200 ffffea0005e4ce00 dead000000000005 ffff888100041b40 [ 2169.282652] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 2169.283573] page dumped because: kasan: bad access detected [ 2169.284241] [ 2169.284450] Memory state around the buggy address: [ 2169.285032] ffff8881071ef780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2169.285901] ffff8881071ef800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2169.286769] >ffff8881071ef880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 2169.287634] ^ [ 2169.288424] ffff8881071ef900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2169.289289] ffff8881071ef980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2169.290154] ================================================================== [ 2169.291058] ok 11 - krealloc_less_oob [ 2169.291597] ================================================================== [ 2169.292986] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c3/0x610 [test_kasan] [ 2169.294037] Write of size 1 at addr ffff888172c360eb by task kunit_try_catch/48046 [ 2169.294947] [ 2169.295155] CPU: 0 PID: 48046 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-251.1961_763395317.el9.x86_64+debug #1 [ 2169.296779] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2169.297500] Call Trace: [ 2169.297813] [ 2169.298089] ? krealloc_more_oob_helper+0x5c3/0x610 [test_kasan] [ 2169.298821] dump_stack_lvl+0x57/0x81 [ 2169.299277] print_address_description.constprop.0+0x1f/0x1e0 [ 2169.299979] ? krealloc_more_oob_helper+0x5c3/0x610 [test_kasan] [ 2169.300709] print_report.cold+0x5c/0x237 [ 2169.301205] kasan_report+0xc9/0x100 [ 2169.301657] ? krealloc_more_oob_helper+0x5c3/0x610 [test_kasan] [ 2169.302386] krealloc_more_oob_helper+0x5c3/0x610 [test_kasan] [ 2169.303102] ? krealloc_less_oob+0x10/0x10 [test_kasan] [ 2169.303739] ? rcu_read_lock_sched_held+0x12/0x80 [ 2169.304316] ? rcu_read_lock_sched_held+0x12/0x80 [ 2169.304898] ? lock_acquire+0x4ea/0x620 [ 2169.305372] ? rcu_read_unlock+0x40/0x40 [ 2169.305861] ? rcu_read_unlock+0x40/0x40 [ 2169.306343] ? rcu_read_lock_sched_held+0x12/0x80 [ 2169.306924] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2169.307605] ? do_raw_spin_lock+0x270/0x270 [ 2169.308121] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 2169.308869] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2169.309479] ? kunit_add_resource+0x197/0x280 [kunit] [ 2169.310101] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2169.310703] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2169.311321] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2169.312063] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2169.312692] kthread+0x2a4/0x350 [ 2169.313098] ? kthread_complete_and_exit+0x20/0x20 [ 2169.313698] ret_from_fork+0x1f/0x30 [ 2169.314154] [ 2169.314443] [ 2169.314651] The buggy address belongs to the physical page: [ 2169.315319] page:0000000096806915 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x172c34 [ 2169.316432] head:0000000096806915 order:2 compound_mapcount:0 compound_pincount:0 [ 2169.317329] flags: 0x17ffffc0010000(head|node=0|zone=2|lastcpupid=0x1fffff) [ 2169.318163] raw: 0017ffffc0010000 0000000000000000 dead000000000122 0000000000000000 [ 2169.319093] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 2169.320019] page dumped because: kasan: bad access detected [ 2169.320692] [ 2169.320901] Memory state around the buggy address: [ 2169.321488] ffff888172c35f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2169.322352] ffff888172c36000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2169.323217] >ffff888172c36080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 2169.324233] ^ [ 2169.325087] ffff888172c36100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 2169.325954] ffff888172c36180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 2169.326821] ================================================================== [ 2169.327798] ================================================================== [ 2169.328670] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5b6/0x610 [test_kasan] [ 2169.329713] Write of size 1 at addr ffff888172c360f0 by task kunit_try_catch/48046 [ 2169.330621] [ 2169.330830] CPU: 0 PID: 48046 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-251.1961_763395317.el9.x86_64+debug #1 [ 2169.332442] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2169.333137] Call Trace: [ 2169.333452] [ 2169.333728] ? krealloc_more_oob_helper+0x5b6/0x610 [test_kasan] [ 2169.334460] dump_stack_lvl+0x57/0x81 [ 2169.334917] print_address_description.constprop.0+0x1f/0x1e0 [ 2169.335620] ? krealloc_more_oob_helper+0x5b6/0x610 [test_kasan] [ 2169.336347] print_report.cold+0x5c/0x237 [ 2169.336848] kasan_report+0xc9/0x100 [ 2169.337297] ? krealloc_more_oob_helper+0x5b6/0x610 [test_kasan] [ 2169.338033] krealloc_more_oob_helper+0x5b6/0x610 [test_kasan] [ 2169.338750] ? krealloc_less_oob+0x10/0x10 [test_kasan] [ 2169.339387] ? rcu_read_lock_sched_held+0x12/0x80 [ 2169.339970] ? rcu_read_lock_sched_held+0x12/0x80 [ 2169.340551] ? lock_acquire+0x4ea/0x620 [ 2169.341028] ? rcu_read_unlock+0x40/0x40 [ 2169.341515] ? rcu_read_unlock+0x40/0x40 [ 2169.341999] ? rcu_read_lock_sched_held+0x12/0x80 [ 2169.342583] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2169.343260] ? do_raw_spin_lock+0x270/0x270 [ 2169.343780] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 2169.344523] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2169.345129] ? kunit_add_resource+0x197/0x280 [kunit] [ 2169.345753] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2169.346351] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2169.346974] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2169.347716] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2169.348342] kthread+0x2a4/0x350 [ 2169.348754] ? kthread_complete_and_exit+0x20/0x20 [ 2169.349344] ret_from_fork+0x1f/0x30 [ 2169.349801] [ 2169.350096] [ 2169.350304] The buggy address belongs to the physical page: [ 2169.350978] page:0000000096806915 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x172c34 [ 2169.352091] head:0000000096806915 order:2 compound_mapcount:0 compound_pincount:0 [ 2169.352988] flags: 0x17ffffc0010000(head|node=0|zone=2|lastcpupid=0x1fffff) [ 2169.353825] raw: 0017ffffc0010000 0000000000000000 dead000000000122 0000000000000000 [ 2169.354752] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 2169.355674] page dumped because: kasan: bad access detected [ 2169.356342] [ 2169.356554] Memory state around the buggy address: [ 2169.357137] ffff888172c35f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2169.358009] ffff888172c36000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2169.358876] >ffff888172c36080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 2169.359746] ^ [ 2169.360570] ffff888172c36100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 2169.361438] ffff888172c36180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 2169.362303] ================================================================== [ 2169.363216] ok 12 - krealloc_pagealloc_more_oob [ 2169.373377] ================================================================== [ 2169.374876] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan] [ 2169.375921] Write of size 1 at addr ffff888179ca60c9 by task kunit_try_catch/48047 [ 2169.376828] [ 2169.377036] CPU: 0 PID: 48047 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-251.1961_763395317.el9.x86_64+debug #1 [ 2169.378647] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2169.379341] Call Trace: [ 2169.379658] [ 2169.379933] ? krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan] [ 2169.380666] dump_stack_lvl+0x57/0x81 [ 2169.381122] print_address_description.constprop.0+0x1f/0x1e0 [ 2169.381826] ? krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan] [ 2169.382554] print_report.cold+0x5c/0x237 [ 2169.383051] kasan_report+0xc9/0x100 [ 2169.383503] ? krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan] [ 2169.384230] krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan] [ 2169.384945] ? krealloc_uaf+0x450/0x450 [test_kasan] [ 2169.385553] ? rcu_read_lock_sched_held+0x12/0x80 [ 2169.386131] ? rcu_read_lock_sched_held+0x12/0x80 [ 2169.386709] ? lock_acquire+0x4ea/0x620 [ 2169.387182] ? rcu_read_unlock+0x40/0x40 [ 2169.387668] ? rcu_read_unlock+0x40/0x40 [ 2169.388150] ? rcu_read_lock_sched_held+0x12/0x80 [ 2169.388730] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2169.389407] ? do_raw_spin_lock+0x270/0x270 [ 2169.389925] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 2169.390669] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2169.391281] ? kunit_add_resource+0x197/0x280 [kunit] [ 2169.391903] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2169.392505] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2169.393121] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2169.393863] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2169.394489] kthread+0x2a4/0x350 [ 2169.394894] ? kthread_complete_and_exit+0x20/0x20 [ 2169.395483] ret_from_fork+0x1f/0x30 [ 2169.395936] [ 2169.396219] [ 2169.396426] The buggy address belongs to the physical page: [ 2169.397096] page:00000000dd43ba02 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x179ca4 [ 2169.398205] head:00000000dd43ba02 order:2 compound_mapcount:0 compound_pincount:0 [ 2169.399097] flags: 0x17ffffc0010000(head|node=0|zone=2|lastcpupid=0x1fffff) [ 2169.399930] raw: 0017ffffc0010000 0000000000000000 dead000000000122 0000000000000000 [ 2169.400855] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 2169.401776] page dumped because: kasan: bad access detected [ 2169.402446] [ 2169.402652] Memory state around the buggy address: [ 2169.403233] ffff888179ca5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2169.404099] ffff888179ca6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2169.404961] >ffff888179ca6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 2169.405823] ^ [ 2169.406493] ffff888179ca6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 2169.407358] ffff888179ca6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 2169.408219] ================================================================== [ 2169.409133] ================================================================== [ 2169.410005] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan] [ 2169.411041] Write of size 1 at addr ffff888179ca60d0 by task kunit_try_catch/48047 [ 2169.411945] [ 2169.412152] CPU: 0 PID: 48047 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-251.1961_763395317.el9.x86_64+debug #1 [ 2169.413760] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2169.414456] Call Trace: [ 2169.414767] [ 2169.415042] ? krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan] [ 2169.415773] dump_stack_lvl+0x57/0x81 [ 2169.416228] print_address_description.constprop.0+0x1f/0x1e0 [ 2169.416929] ? krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan] [ 2169.417658] print_report.cold+0x5c/0x237 [ 2169.418155] kasan_report+0xc9/0x100 [ 2169.418604] ? krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan] [ 2169.419332] krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan] [ 2169.420042] ? krealloc_uaf+0x450/0x450 [test_kasan] [ 2169.420649] ? rcu_read_lock_sched_held+0x12/0x80 [ 2169.421226] ? rcu_read_lock_sched_held+0x12/0x80 [ 2169.421805] ? lock_acquire+0x4ea/0x620 [ 2169.422277] ? rcu_read_unlock+0x40/0x40 [ 2169.422763] ? rcu_read_unlock+0x40/0x40 [ 2169.423246] ? rcu_read_lock_sched_held+0x12/0x80 [ 2169.423827] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2169.424503] ? do_raw_spin_lock+0x270/0x270 [ 2169.425016] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 2169.425763] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2169.426366] ? kunit_add_resource+0x197/0x280 [kunit] [ 2169.426989] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2169.427588] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2169.428205] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2169.428944] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2169.429571] kthread+0x2a4/0x350 [ 2169.429976] ? kthread_complete_and_exit+0x20/0x20 [ 2169.430565] ret_from_fork+0x1f/0x30 [ 2169.431017] [ 2169.431300] [ 2169.431509] The buggy address belongs to the physical page: [ 2169.432176] page:00000000dd43ba02 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x179ca4 [ 2169.433283] head:00000000dd43ba02 order:2 compound_mapcount:0 compound_pincount:0 [ 2169.434175] flags: 0x17ffffc0010000(head|node=0|zone=2|lastcpupid=0x1fffff) [ 2169.435008] raw: 0017ffffc0010000 0000000000000000 dead000000000122 0000000000000000 [ 2169.435930] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 2169.436936] page dumped because: kasan: bad access detected [ 2169.437666] [ 2169.437872] Memory state around the buggy address: [ 2169.438455] ffff888179ca5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2169.439315] ffff888179ca6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2169.440177] >ffff888179ca6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 2169.441041] ^ [ 2169.441750] ffff888179ca6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 2169.442616] ffff888179ca6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 2169.443484] ================================================================== [ 2169.444428] ================================================================== [ 2169.445300] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan] [ 2169.446338] Write of size 1 at addr ffff888179ca60da by task kunit_try_catch/48047 [ 2169.447243] [ 2169.447453] CPU: 0 PID: 48047 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-251.1961_763395317.el9.x86_64+debug #1 [ 2169.449054] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2169.449750] Call Trace: [ 2169.450062] [ 2169.450336] ? krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan] [ 2169.451068] dump_stack_lvl+0x57/0x81 [ 2169.451526] print_address_description.constprop.0+0x1f/0x1e0 [ 2169.452222] ? krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan] [ 2169.452952] print_report.cold+0x5c/0x237 [ 2169.453451] kasan_report+0xc9/0x100 [ 2169.453897] ? krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan] [ 2169.454628] krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan] [ 2169.455337] ? krealloc_uaf+0x450/0x450 [test_kasan] [ 2169.455943] ? rcu_read_lock_sched_held+0x12/0x80 [ 2169.456521] ? rcu_read_lock_sched_held+0x12/0x80 [ 2169.457098] ? lock_acquire+0x4ea/0x620 [ 2169.457574] ? rcu_read_unlock+0x40/0x40 [ 2169.458057] ? rcu_read_unlock+0x40/0x40 [ 2169.458542] ? rcu_read_lock_sched_held+0x12/0x80 [ 2169.459119] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2169.459795] ? do_raw_spin_lock+0x270/0x270 [ 2169.460309] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 2169.461050] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2169.461656] ? kunit_add_resource+0x197/0x280 [kunit] [ 2169.462276] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2169.462875] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2169.463496] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2169.464233] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2169.464862] kthread+0x2a4/0x350 [ 2169.465267] ? kthread_complete_and_exit+0x20/0x20 [ 2169.465855] ret_from_fork+0x1f/0x30 [ 2169.466308] [ 2169.466598] [ 2169.466804] The buggy address belongs to the physical page: [ 2169.467473] page:00000000dd43ba02 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x179ca4 [ 2169.468586] head:00000000dd43ba02 order:2 compound_mapcount:0 compound_pincount:0 [ 2169.469481] flags: 0x17ffffc0010000(head|node=0|zone=2|lastcpupid=0x1fffff) [ 2169.470310] raw: 0017ffffc0010000 0000000000000000 dead000000000122 0000000000000000 [ 2169.471234] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 2169.472155] page dumped because: kasan: bad access detected [ 2169.472825] [ 2169.473031] Memory state around the buggy address: [ 2169.473615] ffff888179ca5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2169.474481] ffff888179ca6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2169.475341] >ffff888179ca6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 2169.476207] ^ [ 2169.476943] ffff888179ca6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 2169.477807] ffff888179ca6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 2169.478671] ================================================================== [ 2169.479549] ================================================================== [ 2169.480415] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan] [ 2169.481457] Write of size 1 at addr ffff888179ca60ea by task kunit_try_catch/48047 [ 2169.482357] [ 2169.482568] CPU: 0 PID: 48047 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-251.1961_763395317.el9.x86_64+debug #1 [ 2169.484172] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2169.484868] Call Trace: [ 2169.485181] [ 2169.485459] ? krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan] [ 2169.486196] dump_stack_lvl+0x57/0x81 [ 2169.486656] print_address_description.constprop.0+0x1f/0x1e0 [ 2169.487351] ? krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan] [ 2169.488082] print_report.cold+0x5c/0x237 [ 2169.488580] kasan_report+0xc9/0x100 [ 2169.489026] ? krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan] [ 2169.489759] krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan] [ 2169.490477] ? krealloc_uaf+0x450/0x450 [test_kasan] [ 2169.491082] ? rcu_read_lock_sched_held+0x12/0x80 [ 2169.491662] ? rcu_read_lock_sched_held+0x12/0x80 [ 2169.492236] ? lock_acquire+0x4ea/0x620 [ 2169.492713] ? rcu_read_unlock+0x40/0x40 [ 2169.493196] ? rcu_read_unlock+0x40/0x40 [ 2169.493680] ? rcu_read_lock_sched_held+0x12/0x80 [ 2169.494258] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2169.494934] ? do_raw_spin_lock+0x270/0x270 [ 2169.495451] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 2169.496188] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2169.496794] ? kunit_add_resource+0x197/0x280 [kunit] [ 2169.497414] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2169.498017] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2169.498634] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2169.499372] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2169.500004] kthread+0x2a4/0x350 [ 2169.500409] ? kthread_complete_and_exit+0x20/0x20 [ 2169.500997] ret_from_fork+0x1f/0x30 [ 2169.501458] [ 2169.501742] [ 2169.501948] The buggy address belongs to the physical page: [ 2169.502621] page:00000000dd43ba02 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x179ca4 [ 2169.503731] head:00000000dd43ba02 order:2 compound_mapcount:0 compound_pincount:0 [ 2169.504637] flags: 0x17ffffc0010000(head|node=0|zone=2|lastcpupid=0x1fffff) [ 2169.505468] raw: 0017ffffc0010000 0000000000000000 dead000000000122 0000000000000000 [ 2169.506386] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 2169.507308] page dumped because: kasan: bad access detected [ 2169.507980] [ 2169.508186] Memory state around the buggy address: [ 2169.508775] ffff888179ca5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2169.509639] ffff888179ca6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2169.510502] >ffff888179ca6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 2169.511360] ^ [ 2169.512151] ffff888179ca6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 2169.513014] ffff888179ca6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 2169.513877] ================================================================== [ 2169.514751] ================================================================== [ 2169.515618] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan] [ 2169.516659] Write of size 1 at addr ffff888179ca60eb by task kunit_try_catch/48047 [ 2169.517564] [ 2169.517771] CPU: 0 PID: 48047 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-251.1961_763395317.el9.x86_64+debug #1 [ 2169.519377] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2169.520074] Call Trace: [ 2169.520385] [ 2169.520663] ? krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan] [ 2169.521389] dump_stack_lvl+0x57/0x81 [ 2169.521847] print_address_description.constprop.0+0x1f/0x1e0 [ 2169.522548] ? krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan] [ 2169.523273] print_report.cold+0x5c/0x237 [ 2169.523771] kasan_report+0xc9/0x100 [ 2169.524217] ? krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan] [ 2169.524948] krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan] [ 2169.525660] ? krealloc_uaf+0x450/0x450 [test_kasan] [ 2169.526266] ? rcu_read_lock_sched_held+0x12/0x80 [ 2169.526845] ? rcu_read_lock_sched_held+0x12/0x80 [ 2169.527419] ? lock_acquire+0x4ea/0x620 [ 2169.527896] ? rcu_read_unlock+0x40/0x40 [ 2169.528378] ? rcu_read_unlock+0x40/0x40 [ 2169.528863] ? rcu_read_lock_sched_held+0x12/0x80 [ 2169.529444] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2169.530116] ? do_raw_spin_lock+0x270/0x270 [ 2169.530636] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 2169.531376] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2169.531983] ? kunit_add_resource+0x197/0x280 [kunit] [ 2169.532606] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2169.533203] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2169.533823] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2169.534563] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2169.535188] kthread+0x2a4/0x350 [ 2169.535596] ? kthread_complete_and_exit+0x20/0x20 [ 2169.536182] ret_from_fork+0x1f/0x30 [ 2169.536639] [ 2169.536923] [ 2169.537129] The buggy address belongs to the physical page: [ 2169.537798] page:00000000dd43ba02 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x179ca4 [ 2169.538906] head:00000000dd43ba02 order:2 compound_mapcount:0 compound_pincount:0 [ 2169.539799] flags: 0x17ffffc0010000(head|node=0|zone=2|lastcpupid=0x1fffff) [ 2169.540628] raw: 0017ffffc0010000 0000000000000000 dead000000000122 0000000000000000 [ 2169.541548] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 2169.542467] page dumped because: kasan: bad access detected [ 2169.543133] [ 2169.543339] Memory state around the buggy address: [ 2169.543924] ffff888179ca5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2169.544787] ffff888179ca6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2169.545651] >ffff888179ca6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 2169.546514] ^ [ 2169.547299] ffff888179ca6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 2169.548163] ffff888179ca6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 2169.549025] ================================================================== [ 2169.550410] ok 13 - krealloc_pagealloc_less_oob [ 2169.553812] ================================================================== [ 2169.555300] BUG: KASAN: use-after-free in krealloc_uaf+0x1c7/0x450 [test_kasan] [ 2169.556180] Read of size 1 at addr ffff88814a0b6800 by task kunit_try_catch/48048 [ 2169.557074] [ 2169.557282] CPU: 0 PID: 48048 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-251.1961_763395317.el9.x86_64+debug #1 [ 2169.558894] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2169.559592] Call Trace: [ 2169.559904] [ 2169.560179] ? krealloc_uaf+0x1c7/0x450 [test_kasan] [ 2169.560795] dump_stack_lvl+0x57/0x81 [ 2169.561251] print_address_description.constprop.0+0x1f/0x1e0 [ 2169.561952] ? krealloc_uaf+0x1c7/0x450 [test_kasan] [ 2169.562562] print_report.cold+0x5c/0x237 [ 2169.563058] kasan_report+0xc9/0x100 [ 2169.563509] ? krealloc_uaf+0x1c7/0x450 [test_kasan] [ 2169.564114] ? krealloc_uaf+0x1c7/0x450 [test_kasan] [ 2169.564725] __kasan_check_byte+0x36/0x50 [ 2169.565217] krealloc+0x2e/0xe0 [ 2169.565619] krealloc_uaf+0x1c7/0x450 [test_kasan] [ 2169.566210] ? kmalloc_memmove_negative_size+0x290/0x290 [test_kasan] [ 2169.566986] ? rcu_read_lock_sched_held+0x12/0x80 [ 2169.567566] ? rcu_read_lock_sched_held+0x12/0x80 [ 2169.568141] ? lock_acquire+0x4ea/0x620 [ 2169.568621] ? rcu_read_unlock+0x40/0x40 [ 2169.569105] ? rcu_read_unlock+0x40/0x40 [ 2169.569593] ? rcu_read_lock_sched_held+0x12/0x80 [ 2169.570168] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2169.570846] ? do_raw_spin_lock+0x270/0x270 [ 2169.571362] ? trace_hardirqs_on+0x2d/0x160 [ 2169.571880] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2169.572485] ? kunit_add_resource+0x197/0x280 [kunit] [ 2169.573105] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2169.573705] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2169.574322] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2169.575061] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2169.575689] kthread+0x2a4/0x350 [ 2169.576095] ? kthread_complete_and_exit+0x20/0x20 [ 2169.576684] ret_from_fork+0x1f/0x30 [ 2169.577141] [ 2169.577429] [ 2169.577636] Allocated by task 48048: [ 2169.578077] kasan_save_stack+0x1e/0x40 [ 2169.578554] __kasan_kmalloc+0x81/0xa0 [ 2169.579017] krealloc_uaf+0xaa/0x450 [test_kasan] [ 2169.579599] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2169.580196] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2169.580935] kthread+0x2a4/0x350 [ 2169.581339] ret_from_fork+0x1f/0x30 [ 2169.581791] [ 2169.581997] Freed by task 48048: [ 2169.582403] kasan_save_stack+0x1e/0x40 [ 2169.582880] kasan_set_track+0x21/0x30 [ 2169.583342] kasan_set_free_info+0x20/0x40 [ 2169.583847] __kasan_slab_free+0x108/0x170 [ 2169.584349] slab_free_freelist_hook+0x11d/0x1d0 [ 2169.584920] kfree+0xe2/0x3c0 [ 2169.585298] krealloc_uaf+0x147/0x450 [test_kasan] [ 2169.585890] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2169.586488] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2169.587224] kthread+0x2a4/0x350 [ 2169.587634] ret_from_fork+0x1f/0x30 [ 2169.588078] [ 2169.588284] The buggy address belongs to the object at ffff88814a0b6800 [ 2169.588284] which belongs to the cache kmalloc-256 of size 256 [ 2169.589753] The buggy address is located 0 bytes inside of [ 2169.589753] 256-byte region [ffff88814a0b6800, ffff88814a0b6900) [ 2169.591120] [ 2169.591327] The buggy address belongs to the physical page: [ 2169.591996] page:00000000a22405e2 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x14a0b6 [ 2169.593107] head:00000000a22405e2 order:1 compound_mapcount:0 compound_pincount:0 [ 2169.594003] flags: 0x17ffffc0010200(slab|head|node=0|zone=2|lastcpupid=0x1fffff) [ 2169.594895] raw: 0017ffffc0010200 ffffea0004118900 dead000000000007 ffff888100041b40 [ 2169.595822] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 2169.596746] page dumped because: kasan: bad access detected [ 2169.597413] [ 2169.597622] Memory state around the buggy address: [ 2169.598207] ffff88814a0b6700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2169.599075] ffff88814a0b6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2169.599938] >ffff88814a0b6800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2169.600805] ^ [ 2169.601209] ffff88814a0b6880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2169.602079] ffff88814a0b6900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2169.602942] ================================================================== [ 2169.603837] ================================================================== [ 2169.604709] BUG: KASAN: use-after-free in krealloc_uaf+0x42e/0x450 [test_kasan] [ 2169.605589] Read of size 1 at addr ffff88814a0b6800 by task kunit_try_catch/48048 [ 2169.606481] [ 2169.606688] CPU: 0 PID: 48048 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-251.1961_763395317.el9.x86_64+debug #1 [ 2169.608297] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2169.609004] Call Trace: [ 2169.609316] [ 2169.609596] ? krealloc_uaf+0x42e/0x450 [test_kasan] [ 2169.610203] dump_stack_lvl+0x57/0x81 [ 2169.610661] print_address_description.constprop.0+0x1f/0x1e0 [ 2169.611360] ? krealloc_uaf+0x42e/0x450 [test_kasan] [ 2169.611969] print_report.cold+0x5c/0x237 [ 2169.612469] kasan_report+0xc9/0x100 [ 2169.612915] ? krealloc_uaf+0x42e/0x450 [test_kasan] [ 2169.613525] krealloc_uaf+0x42e/0x450 [test_kasan] [ 2169.614112] ? kmalloc_memmove_negative_size+0x290/0x290 [test_kasan] [ 2169.614888] ? rcu_read_lock_sched_held+0x12/0x80 [ 2169.615467] ? rcu_read_lock_sched_held+0x12/0x80 [ 2169.616041] ? lock_acquire+0x4ea/0x620 [ 2169.616517] ? rcu_read_unlock+0x40/0x40 [ 2169.617001] ? rcu_read_unlock+0x40/0x40 [ 2169.617486] ? rcu_read_lock_sched_held+0x12/0x80 [ 2169.618062] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2169.618741] ? do_raw_spin_lock+0x270/0x270 [ 2169.619255] ? kunit_ptr_not_err_assert_format+0x210/0x210 [kunit] [ 2169.620005] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2169.620612] ? kunit_add_resource+0x197/0x280 [kunit] [ 2169.621233] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2169.621832] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2169.622452] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2169.623188] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2169.623816] kthread+0x2a4/0x350 [ 2169.624222] ? kthread_complete_and_exit+0x20/0x20 [ 2169.624811] ret_from_fork+0x1f/0x30 [ 2169.625264] [ 2169.625549] [ 2169.625756] Allocated by task 48048: [ 2169.626199] kasan_save_stack+0x1e/0x40 [ 2169.626675] __kasan_kmalloc+0x81/0xa0 [ 2169.627136] krealloc_uaf+0xaa/0x450 [test_kasan] [ 2169.627716] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2169.628309] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2169.629049] kthread+0x2a4/0x350 [ 2169.629458] ret_from_fork+0x1f/0x30 [ 2169.629902] [ 2169.630110] Freed by task 48048: [ 2169.630519] kasan_save_stack+0x1e/0x40 [ 2169.630991] kasan_set_track+0x21/0x30 [ 2169.631456] kasan_set_free_info+0x20/0x40 [ 2169.631955] __kasan_slab_free+0x108/0x170 [ 2169.632458] slab_free_freelist_hook+0x11d/0x1d0 [ 2169.633021] kfree+0xe2/0x3c0 [ 2169.633397] krealloc_uaf+0x147/0x450 [test_kasan] [ 2169.633985] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2169.634584] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2169.635319] kthread+0x2a4/0x350 [ 2169.635726] ret_from_fork+0x1f/0x30 [ 2169.636170] [ 2169.636375] The buggy address belongs to the object at ffff88814a0b6800 [ 2169.636375] which belongs to the cache kmalloc-256 of size 256 [ 2169.637841] The buggy address is located 0 bytes inside of [ 2169.637841] 256-byte region [ffff88814a0b6800, ffff88814a0b6900) [ 2169.639199] [ 2169.639405] The buggy address belongs to the physical page: [ 2169.640075] page:00000000a22405e2 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x14a0b6 [ 2169.641183] head:00000000a22405e2 order:1 compound_mapcount:0 compound_pincount:0 [ 2169.642077] flags: 0x17ffffc0010200(slab|head|node=0|zone=2|lastcpupid=0x1fffff) [ 2169.642963] raw: 0017ffffc0010200 ffffea0004118900 dead000000000007 ffff888100041b40 [ 2169.643886] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 2169.644811] page dumped because: kasan: bad access detected [ 2169.645482] [ 2169.645688] Memory state around the buggy address: [ 2169.646269] ffff88814a0b6700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2169.647135] ffff88814a0b6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2169.647997] >ffff88814a0b6800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2169.648861] ^ [ 2169.649265] ffff88814a0b6880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2169.650131] ffff88814a0b6900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2169.650993] ================================================================== [ 2169.651968] ok 14 - krealloc_uaf [ 2169.658127] ================================================================== [ 2169.659467] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x399/0x3b0 [test_kasan] [ 2169.660403] Write of size 16 at addr ffff88817fb3a380 by task kunit_try_catch/48049 [ 2169.661316] [ 2169.661528] CPU: 0 PID: 48049 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-251.1961_763395317.el9.x86_64+debug #1 [ 2169.663131] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2169.663826] Call Trace: [ 2169.664138] [ 2169.664413] ? kmalloc_oob_16+0x399/0x3b0 [test_kasan] [ 2169.665042] dump_stack_lvl+0x57/0x81 [ 2169.665501] print_address_description.constprop.0+0x1f/0x1e0 [ 2169.666200] ? kmalloc_oob_16+0x399/0x3b0 [test_kasan] [ 2169.666827] print_report.cold+0x5c/0x237 [ 2169.667323] kasan_report+0xc9/0x100 [ 2169.667776] ? kmalloc_oob_16+0x399/0x3b0 [test_kasan] [ 2169.668402] kmalloc_oob_16+0x399/0x3b0 [test_kasan] [ 2169.669014] ? kmalloc_uaf_16+0x3b0/0x3b0 [test_kasan] [ 2169.669644] ? do_raw_spin_trylock+0xb5/0x180 [ 2169.670183] ? do_raw_spin_lock+0x270/0x270 [ 2169.670703] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2169.671377] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2169.671984] ? kunit_add_resource+0x197/0x280 [kunit] [ 2169.672608] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2169.673205] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2169.673825] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2169.674564] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2169.675189] kthread+0x2a4/0x350 [ 2169.675598] ? kthread_complete_and_exit+0x20/0x20 [ 2169.676183] ret_from_fork+0x1f/0x30 [ 2169.676641] [ 2169.676924] [ 2169.677131] Allocated by task 48049: [ 2169.677579] kasan_save_stack+0x1e/0x40 [ 2169.678052] __kasan_kmalloc+0x81/0xa0 [ 2169.678517] kmalloc_oob_16+0xa4/0x3b0 [test_kasan] [ 2169.679113] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2169.679712] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2169.680451] kthread+0x2a4/0x350 [ 2169.680857] ret_from_fork+0x1f/0x30 [ 2169.681300] [ 2169.681510] The buggy address belongs to the object at ffff88817fb3a380 [ 2169.681510] which belongs to the cache kmalloc-16 of size 16 [ 2169.682953] The buggy address is located 0 bytes inside of [ 2169.682953] 16-byte region [ffff88817fb3a380, ffff88817fb3a390) [ 2169.684304] [ 2169.684513] The buggy address belongs to the physical page: [ 2169.685179] page:00000000d68c7dfe refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x17fb3a [ 2169.686292] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 2169.687126] raw: 0017ffffc0000200 ffffea000412d800 dead000000000002 ffff8881000413c0 [ 2169.688050] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 2169.688973] page dumped because: kasan: bad access detected [ 2169.689647] [ 2169.689854] Memory state around the buggy address: [ 2169.690440] ffff88817fb3a280: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2169.691300] ffff88817fb3a300: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2169.692168] >ffff88817fb3a380: 00 05 fc fc fa fb fc fc fa fb fc fc 00 00 fc fc [ 2169.693036] ^ [ 2169.693471] ffff88817fb3a400: fa fb fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc [ 2169.694334] ffff88817fb3a480: fa fb fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc [ 2169.695200] ================================================================== [ 2169.696192] ok 15 - kmalloc_oob_16 [ 2169.702058] ================================================================== [ 2169.703416] BUG: KASAN: use-after-free in kmalloc_uaf_16+0x38a/0x3b0 [test_kasan] [ 2169.704322] Read of size 16 at addr ffff88817fb3aa20 by task kunit_try_catch/48050 [ 2169.705230] [ 2169.705444] CPU: 0 PID: 48050 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-251.1961_763395317.el9.x86_64+debug #1 [ 2169.707057] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2169.707759] Call Trace: [ 2169.708072] [ 2169.708347] ? kmalloc_uaf_16+0x38a/0x3b0 [test_kasan] [ 2169.708978] dump_stack_lvl+0x57/0x81 [ 2169.709438] print_address_description.constprop.0+0x1f/0x1e0 [ 2169.710139] ? kmalloc_uaf_16+0x38a/0x3b0 [test_kasan] [ 2169.710770] print_report.cold+0x5c/0x237 [ 2169.711266] kasan_report+0xc9/0x100 [ 2169.711720] ? kmalloc_uaf_16+0x38a/0x3b0 [test_kasan] [ 2169.712348] kmalloc_uaf_16+0x38a/0x3b0 [test_kasan] [ 2169.712961] ? kmalloc_uaf+0x2b0/0x2b0 [test_kasan] [ 2169.713565] ? do_raw_spin_trylock+0xb5/0x180 [ 2169.714106] ? do_raw_spin_lock+0x270/0x270 [ 2169.714626] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2169.715300] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2169.715906] ? kunit_add_resource+0x197/0x280 [kunit] [ 2169.716530] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2169.717126] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2169.717750] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2169.718492] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2169.719117] kthread+0x2a4/0x350 [ 2169.719526] ? kthread_complete_and_exit+0x20/0x20 [ 2169.720113] ret_from_fork+0x1f/0x30 [ 2169.720571] [ 2169.720855] [ 2169.721064] Allocated by task 48050: [ 2169.721510] kasan_save_stack+0x1e/0x40 [ 2169.721982] __kasan_kmalloc+0x81/0xa0 [ 2169.722449] kmalloc_uaf_16+0x15d/0x3b0 [test_kasan] [ 2169.723055] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2169.723655] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2169.724391] kthread+0x2a4/0x350 [ 2169.724799] ret_from_fork+0x1f/0x30 [ 2169.725244] [ 2169.725453] Freed by task 48050: [ 2169.725857] kasan_save_stack+0x1e/0x40 [ 2169.726330] kasan_set_track+0x21/0x30 [ 2169.726795] kasan_set_free_info+0x20/0x40 [ 2169.727297] __kasan_slab_free+0x108/0x170 [ 2169.727802] slab_free_freelist_hook+0x11d/0x1d0 [ 2169.728367] kfree+0xe2/0x3c0 [ 2169.728746] kmalloc_uaf_16+0x1e8/0x3b0 [test_kasan] [ 2169.729350] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2169.729948] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2169.730688] kthread+0x2a4/0x350 [ 2169.731093] ret_from_fork+0x1f/0x30 [ 2169.731543] [ 2169.731749] The buggy address belongs to the object at ffff88817fb3aa20 [ 2169.731749] which belongs to the cache kmalloc-16 of size 16 [ 2169.733194] The buggy address is located 0 bytes inside of [ 2169.733194] 16-byte region [ffff88817fb3aa20, ffff88817fb3aa30) [ 2169.734547] [ 2169.734754] The buggy address belongs to the physical page: [ 2169.735424] page:00000000d68c7dfe refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x17fb3a [ 2169.736536] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 2169.737446] raw: 0017ffffc0000200 ffffea000412d800 dead000000000002 ffff8881000413c0 [ 2169.738432] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 2169.739349] page dumped because: kasan: bad access detected [ 2169.740018] [ 2169.740225] Memory state around the buggy address: [ 2169.740812] ffff88817fb3a900: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2169.741681] ffff88817fb3a980: fa fb fc fc fa fb fc fc 00 00 fc fc 00 00 fc fc [ 2169.742552] >ffff88817fb3aa00: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2169.743414] ^ [ 2169.743943] ffff88817fb3aa80: fa fb fc fc 00 00 fc fc fa fb fc fc fb fb fc fc [ 2169.744809] ffff88817fb3ab00: fa fb fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc [ 2169.745673] ================================================================== [ 2169.746722] ok 16 - kmalloc_uaf_16 [ 2169.746901] ================================================================== [ 2169.748250] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x1b3/0x280 [test_kasan] [ 2169.749263] Write of size 128 at addr ffff88817d459600 by task kunit_try_catch/48051 [ 2169.750190] [ 2169.750398] CPU: 0 PID: 48051 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-251.1961_763395317.el9.x86_64+debug #1 [ 2169.752013] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2169.752713] Call Trace: [ 2169.753025] [ 2169.753301] ? kmalloc_oob_in_memset+0x1b3/0x280 [test_kasan] [ 2169.754008] dump_stack_lvl+0x57/0x81 [ 2169.754468] print_address_description.constprop.0+0x1f/0x1e0 [ 2169.755168] ? kmalloc_oob_in_memset+0x1b3/0x280 [test_kasan] [ 2169.755872] print_report.cold+0x5c/0x237 [ 2169.756368] kasan_report+0xc9/0x100 [ 2169.756820] ? kmalloc_oob_in_memset+0x1b3/0x280 [test_kasan] [ 2169.757525] kasan_check_range+0xfd/0x1e0 [ 2169.758022] memset+0x20/0x50 [ 2169.758402] kmalloc_oob_in_memset+0x1b3/0x280 [test_kasan] [ 2169.759081] ? kmalloc_oob_memset_2+0x290/0x290 [test_kasan] [ 2169.759774] ? do_raw_spin_trylock+0xb5/0x180 [ 2169.760312] ? do_raw_spin_lock+0x270/0x270 [ 2169.760831] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2169.761510] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2169.762117] ? kunit_add_resource+0x197/0x280 [kunit] [ 2169.762753] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2169.763352] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2169.763984] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2169.764726] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2169.765353] kthread+0x2a4/0x350 [ 2169.765762] ? kthread_complete_and_exit+0x20/0x20 [ 2169.766347] ret_from_fork+0x1f/0x30 [ 2169.766808] [ 2169.767092] [ 2169.767299] Allocated by task 48051: [ 2169.767744] kasan_save_stack+0x1e/0x40 [ 2169.768217] __kasan_kmalloc+0x81/0xa0 [ 2169.768682] kmalloc_oob_in_memset+0x9c/0x280 [test_kasan] [ 2169.769344] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2169.769943] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2169.770681] kthread+0x2a4/0x350 [ 2169.771087] ret_from_fork+0x1f/0x30 [ 2169.771533] [ 2169.771740] The buggy address belongs to the object at ffff88817d459600 [ 2169.771740] which belongs to the cache kmalloc-128 of size 128 [ 2169.773204] The buggy address is located 0 bytes inside of [ 2169.773204] 128-byte region [ffff88817d459600, ffff88817d459680) [ 2169.774568] [ 2169.774775] The buggy address belongs to the physical page: [ 2169.775446] page:00000000eb02aa13 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x17d459 [ 2169.776559] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 2169.777387] raw: 0017ffffc0000200 ffffea000598c080 dead000000000004 ffff8881000418c0 [ 2169.778313] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 2169.779234] page dumped because: kasan: bad access detected [ 2169.779905] [ 2169.780111] Memory state around the buggy address: [ 2169.780697] ffff88817d459500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 2169.781563] ffff88817d459580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2169.782429] >ffff88817d459600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 2169.783297] ^ [ 2169.784155] ffff88817d459680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2169.785020] ffff88817d459700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2169.785885] ================================================================== [ 2169.787180] ok 17 - kmalloc_oob_in_memset [ 2169.787409] ================================================================== [ 2169.788971] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x1b6/0x290 [test_kasan] [ 2169.789969] Write of size 2 at addr ffff88817d459377 by task kunit_try_catch/48052 [ 2169.790877] [ 2169.791085] CPU: 0 PID: 48052 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-251.1961_763395317.el9.x86_64+debug #1 [ 2169.792697] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2169.793392] Call Trace: [ 2169.793708] [ 2169.793983] ? kmalloc_oob_memset_2+0x1b6/0x290 [test_kasan] [ 2169.794678] dump_stack_lvl+0x57/0x81 [ 2169.795135] print_address_description.constprop.0+0x1f/0x1e0 [ 2169.795841] ? kmalloc_oob_memset_2+0x1b6/0x290 [test_kasan] [ 2169.796537] print_report.cold+0x5c/0x237 [ 2169.797034] kasan_report+0xc9/0x100 [ 2169.797485] ? kmalloc_oob_memset_2+0x1b6/0x290 [test_kasan] [ 2169.798177] kasan_check_range+0xfd/0x1e0 [ 2169.798674] memset+0x20/0x50 [ 2169.799054] kmalloc_oob_memset_2+0x1b6/0x290 [test_kasan] [ 2169.799720] ? kmalloc_oob_memset_4+0x290/0x290 [test_kasan] [ 2169.800410] ? do_raw_spin_trylock+0xb5/0x180 [ 2169.800953] ? do_raw_spin_lock+0x270/0x270 [ 2169.801473] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2169.802147] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2169.802753] ? kunit_add_resource+0x197/0x280 [kunit] [ 2169.803373] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2169.803974] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2169.804596] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2169.805333] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2169.805963] kthread+0x2a4/0x350 [ 2169.806368] ? kthread_complete_and_exit+0x20/0x20 [ 2169.806958] ret_from_fork+0x1f/0x30 [ 2169.807413] [ 2169.807701] [ 2169.807908] Allocated by task 48052: [ 2169.808350] kasan_save_stack+0x1e/0x40 [ 2169.808825] __kasan_kmalloc+0x81/0xa0 [ 2169.809286] kmalloc_oob_memset_2+0x9c/0x290 [test_kasan] [ 2169.809942] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2169.810543] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2169.811282] kthread+0x2a4/0x350 [ 2169.811690] ret_from_fork+0x1f/0x30 [ 2169.812134] [ 2169.812340] The buggy address belongs to the object at ffff88817d459300 [ 2169.812340] which belongs to the cache kmalloc-128 of size 128 [ 2169.813809] The buggy address is located 119 bytes inside of [ 2169.813809] 128-byte region [ffff88817d459300, ffff88817d459380) [ 2169.815188] [ 2169.815394] The buggy address belongs to the physical page: [ 2169.816064] page:00000000eb02aa13 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x17d459 [ 2169.817178] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 2169.818011] raw: 0017ffffc0000200 ffffea000598c080 dead000000000004 ffff8881000418c0 [ 2169.818936] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 2169.819857] page dumped because: kasan: bad access detected [ 2169.820528] [ 2169.820735] Memory state around the buggy address: [ 2169.821316] ffff88817d459200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2169.822183] ffff88817d459280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2169.823051] >ffff88817d459300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 2169.823920] ^ [ 2169.824778] ffff88817d459380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2169.825644] ffff88817d459400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2169.826507] ================================================================== [ 2169.829057] ok 18 - kmalloc_oob_memset_2 [ 2169.836898] ================================================================== [ 2169.838317] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x1b6/0x290 [test_kasan] [ 2169.839314] Write of size 4 at addr ffff888166302a75 by task kunit_try_catch/48053 [ 2169.840218] [ 2169.840430] CPU: 0 PID: 48053 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-251.1961_763395317.el9.x86_64+debug #1 [ 2169.842040] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2169.842738] Call Trace: [ 2169.843052] [ 2169.843326] ? kmalloc_oob_memset_4+0x1b6/0x290 [test_kasan] [ 2169.844020] dump_stack_lvl+0x57/0x81 [ 2169.844479] print_address_description.constprop.0+0x1f/0x1e0 [ 2169.845176] ? kmalloc_oob_memset_4+0x1b6/0x290 [test_kasan] [ 2169.845869] print_report.cold+0x5c/0x237 [ 2169.846366] kasan_report+0xc9/0x100 [ 2169.846816] ? kmalloc_oob_memset_4+0x1b6/0x290 [test_kasan] [ 2169.847508] kasan_check_range+0xfd/0x1e0 [ 2169.848001] memset+0x20/0x50 [ 2169.848380] kmalloc_oob_memset_4+0x1b6/0x290 [test_kasan] [ 2169.849046] ? kmalloc_oob_memset_8+0x290/0x290 [test_kasan] [ 2169.849736] ? do_raw_spin_trylock+0xb5/0x180 [ 2169.850275] ? do_raw_spin_lock+0x270/0x270 [ 2169.850795] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2169.851472] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2169.852075] ? kunit_add_resource+0x197/0x280 [kunit] [ 2169.852698] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2169.853294] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2169.853912] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2169.854653] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2169.855276] kthread+0x2a4/0x350 [ 2169.855688] ? kthread_complete_and_exit+0x20/0x20 [ 2169.856272] ret_from_fork+0x1f/0x30 [ 2169.856732] [ 2169.857016] [ 2169.857222] Allocated by task 48053: [ 2169.857667] kasan_save_stack+0x1e/0x40 [ 2169.858138] __kasan_kmalloc+0x81/0xa0 [ 2169.858602] kmalloc_oob_memset_4+0x9c/0x290 [test_kasan] [ 2169.859254] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2169.859854] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2169.860592] kthread+0x2a4/0x350 [ 2169.860998] ret_from_fork+0x1f/0x30 [ 2169.861444] [ 2169.861650] The buggy address belongs to the object at ffff888166302a00 [ 2169.861650] which belongs to the cache kmalloc-128 of size 128 [ 2169.863114] The buggy address is located 117 bytes inside of [ 2169.863114] 128-byte region [ffff888166302a00, ffff888166302a80) [ 2169.864500] [ 2169.864706] The buggy address belongs to the physical page: [ 2169.865372] page:00000000b85839be refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x166302 [ 2169.866487] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 2169.867319] raw: 0017ffffc0000200 ffffea0005fa2a00 dead000000000003 ffff8881000418c0 [ 2169.868244] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 2169.869164] page dumped because: kasan: bad access detected [ 2169.869833] [ 2169.870040] Memory state around the buggy address: [ 2169.870625] ffff888166302900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2169.871493] ffff888166302980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2169.872355] >ffff888166302a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 2169.873218] ^ [ 2169.874074] ffff888166302a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2169.874945] ffff888166302b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2169.875808] ================================================================== [ 2169.879050] ok 19 - kmalloc_oob_memset_4 [ 2169.880470] ================================================================== [ 2169.881880] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x1b6/0x290 [test_kasan] [ 2169.882868] Write of size 8 at addr ffff88816cb76d71 by task kunit_try_catch/48054 [ 2169.883765] [ 2169.883972] CPU: 1 PID: 48054 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-251.1961_763395317.el9.x86_64+debug #1 [ 2169.885568] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2169.886257] Call Trace: [ 2169.886571] [ 2169.886844] ? kmalloc_oob_memset_8+0x1b6/0x290 [test_kasan] [ 2169.887534] dump_stack_lvl+0x57/0x81 [ 2169.887987] print_address_description.constprop.0+0x1f/0x1e0 [ 2169.888683] ? kmalloc_oob_memset_8+0x1b6/0x290 [test_kasan] [ 2169.889364] print_report.cold+0x5c/0x237 [ 2169.889859] kasan_report+0xc9/0x100 [ 2169.890303] ? kmalloc_oob_memset_8+0x1b6/0x290 [test_kasan] [ 2169.890992] kasan_check_range+0xfd/0x1e0 [ 2169.891485] memset+0x20/0x50 [ 2169.891862] kmalloc_oob_memset_8+0x1b6/0x290 [test_kasan] [ 2169.892524] ? kmalloc_oob_memset_16+0x290/0x290 [test_kasan] [ 2169.893218] ? do_raw_spin_trylock+0xb5/0x180 [ 2169.893757] ? do_raw_spin_lock+0x270/0x270 [ 2169.894270] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2169.894944] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2169.895546] ? kunit_add_resource+0x197/0x280 [kunit] [ 2169.896160] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2169.896756] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2169.897367] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2169.898103] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2169.898727] kthread+0x2a4/0x350 [ 2169.899129] ? kthread_complete_and_exit+0x20/0x20 [ 2169.899715] ret_from_fork+0x1f/0x30 [ 2169.900166] [ 2169.900450] [ 2169.900655] Allocated by task 48054: [ 2169.901094] kasan_save_stack+0x1e/0x40 [ 2169.901564] __kasan_kmalloc+0x81/0xa0 [ 2169.902022] kmalloc_oob_memset_8+0x9c/0x290 [test_kasan] [ 2169.902672] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2169.903263] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2169.903995] kthread+0x2a4/0x350 [ 2169.904397] ret_from_fork+0x1f/0x30 [ 2169.904839] [ 2169.905044] The buggy address belongs to the object at ffff88816cb76d00 [ 2169.905044] which belongs to the cache kmalloc-128 of size 128 [ 2169.906503] The buggy address is located 113 bytes inside of [ 2169.906503] 128-byte region [ffff88816cb76d00, ffff88816cb76d80) [ 2169.907871] [ 2169.908076] The buggy address belongs to the physical page: [ 2169.908742] page:0000000051317136 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x16cb76 [ 2169.909847] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 2169.910674] raw: 0017ffffc0000200 ffffea0008642bc0 dead000000000004 ffff8881000418c0 [ 2169.911594] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 2169.912507] page dumped because: kasan: bad access detected [ 2169.913172] [ 2169.913377] Memory state around the buggy address: [ 2169.913959] ffff88816cb76c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2169.914820] ffff88816cb76c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2169.915679] >ffff88816cb76d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 2169.916538] ^ [ 2169.917384] ffff88816cb76d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2169.918243] ffff88816cb76e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2169.919101] ================================================================== [ 2169.920147] ok 20 - kmalloc_oob_memset_8 [ 2169.920297] ================================================================== [ 2169.921700] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x1b6/0x290 [test_kasan] [ 2169.922704] Write of size 16 at addr ffff88816cb76369 by task kunit_try_catch/48055 [ 2169.923610] [ 2169.923816] CPU: 1 PID: 48055 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-251.1961_763395317.el9.x86_64+debug #1 [ 2169.925407] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2169.926097] Call Trace: [ 2169.926407] [ 2169.926682] ? kmalloc_oob_memset_16+0x1b6/0x290 [test_kasan] [ 2169.927377] dump_stack_lvl+0x57/0x81 [ 2169.927832] print_address_description.constprop.0+0x1f/0x1e0 [ 2169.928530] ? kmalloc_oob_memset_16+0x1b6/0x290 [test_kasan] [ 2169.929222] print_report.cold+0x5c/0x237 [ 2169.929718] kasan_report+0xc9/0x100 [ 2169.930163] ? kmalloc_oob_memset_16+0x1b6/0x290 [test_kasan] [ 2169.930865] kasan_check_range+0xfd/0x1e0 [ 2169.931356] memset+0x20/0x50 [ 2169.931737] kmalloc_oob_memset_16+0x1b6/0x290 [test_kasan] [ 2169.932406] ? kmalloc_uaf_memset+0x280/0x280 [test_kasan] [ 2169.933070] ? do_raw_spin_trylock+0xb5/0x180 [ 2169.933609] ? do_raw_spin_lock+0x270/0x270 [ 2169.934121] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2169.934794] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2169.935395] ? kunit_add_resource+0x197/0x280 [kunit] [ 2169.936014] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2169.936609] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2169.937224] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2169.937958] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2169.938581] kthread+0x2a4/0x350 [ 2169.938985] ? kthread_complete_and_exit+0x20/0x20 [ 2169.939571] ret_from_fork+0x1f/0x30 [ 2169.940023] [ 2169.940304] [ 2169.940514] Allocated by task 48055: [ 2169.940953] kasan_save_stack+0x1e/0x40 [ 2169.941425] __kasan_kmalloc+0x81/0xa0 [ 2169.941884] kmalloc_oob_memset_16+0x9c/0x290 [test_kasan] [ 2169.942546] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2169.943138] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2169.943871] kthread+0x2a4/0x350 [ 2169.944273] ret_from_fork+0x1f/0x30 [ 2169.944717] [ 2169.944923] The buggy address belongs to the object at ffff88816cb76300 [ 2169.944923] which belongs to the cache kmalloc-128 of size 128 [ 2169.946377] The buggy address is located 105 bytes inside of [ 2169.946377] 128-byte region [ffff88816cb76300, ffff88816cb76380) [ 2169.947751] [ 2169.947957] The buggy address belongs to the physical page: [ 2169.948622] page:0000000051317136 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x16cb76 [ 2169.949728] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 2169.950555] raw: 0017ffffc0000200 ffffea0008642bc0 dead000000000004 ffff8881000418c0 [ 2169.951473] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 2169.952384] page dumped because: kasan: bad access detected [ 2169.953050] [ 2169.953256] Memory state around the buggy address: [ 2169.953837] ffff88816cb76200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2169.954701] ffff88816cb76280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2169.955559] >ffff88816cb76300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 2169.956416] ^ [ 2169.957266] ffff88816cb76380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2169.958123] ffff88816cb76400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2169.958980] ================================================================== [ 2169.961685] ok 21 - kmalloc_oob_memset_16 [ 2169.962168] ================================================================== [ 2169.963594] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0x1c4/0x290 [test_kasan] [ 2169.964628] Read of size 18446744073709551614 at addr ffff88817d9d9004 by task kunit_try_catch/48056 [ 2169.965706] [ 2169.965913] CPU: 1 PID: 48056 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-251.1961_763395317.el9.x86_64+debug #1 [ 2169.967513] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2169.968202] Call Trace: [ 2169.968516] [ 2169.968789] ? kmalloc_memmove_negative_size+0x1c4/0x290 [test_kasan] [ 2169.969563] dump_stack_lvl+0x57/0x81 [ 2169.970017] print_address_description.constprop.0+0x1f/0x1e0 [ 2169.970713] ? kmalloc_memmove_negative_size+0x1c4/0x290 [test_kasan] [ 2169.971485] print_report.cold+0x5c/0x237 [ 2169.971978] kasan_report+0xc9/0x100 [ 2169.972425] ? kmalloc_memmove_negative_size+0x1c4/0x290 [test_kasan] [ 2169.973200] kasan_check_range+0xfd/0x1e0 [ 2169.973693] memmove+0x20/0x60 [ 2169.974080] kmalloc_memmove_negative_size+0x1c4/0x290 [test_kasan] [ 2169.974836] ? kmalloc_memmove_invalid_size+0x2a0/0x2a0 [test_kasan] [ 2169.975598] ? do_raw_spin_trylock+0xb5/0x180 [ 2169.976134] ? do_raw_spin_lock+0x270/0x270 [ 2169.976651] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2169.977320] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2169.977925] ? kunit_add_resource+0x197/0x280 [kunit] [ 2169.978544] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2169.979137] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2169.979757] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2169.980492] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2169.981113] kthread+0x2a4/0x350 [ 2169.981520] ? kthread_complete_and_exit+0x20/0x20 [ 2169.982102] ret_from_fork+0x1f/0x30 [ 2169.982556] [ 2169.982839] [ 2169.983046] Allocated by task 48056: [ 2169.983488] kasan_save_stack+0x1e/0x40 [ 2169.983958] __kasan_kmalloc+0x81/0xa0 [ 2169.984421] kmalloc_memmove_negative_size+0x9c/0x290 [test_kasan] [ 2169.985163] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2169.985760] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2169.986496] kthread+0x2a4/0x350 [ 2169.986899] ret_from_fork+0x1f/0x30 [ 2169.987340] [ 2169.987551] The buggy address belongs to the object at ffff88817d9d9000 [ 2169.987551] which belongs to the cache kmalloc-64 of size 64 [ 2169.988987] The buggy address is located 4 bytes inside of [ 2169.988987] 64-byte region [ffff88817d9d9000, ffff88817d9d9040) [ 2169.990333] [ 2169.990545] The buggy address belongs to the physical page: [ 2169.991210] page:000000006295539f refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x17d9d9 [ 2169.992314] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 2169.993142] raw: 0017ffffc0000200 ffffea0005dd19c0 dead000000000003 ffff888100041640 [ 2169.994058] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000 [ 2169.994976] page dumped because: kasan: bad access detected [ 2169.995643] [ 2169.995848] Memory state around the buggy address: [ 2169.996430] ffff88817d9d8f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 2169.997290] ffff88817d9d8f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 2169.998150] >ffff88817d9d9000: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 2169.999008] ^ [ 2169.999413] ffff88817d9d9080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 2170.000272] ffff88817d9d9100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 2170.001130] ================================================================== [ 2170.002107] ok 22 - kmalloc_memmove_negative_size [ 2170.002287] ================================================================== [ 2170.003766] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x1cf/0x2a0 [test_kasan] [ 2170.004834] Read of size 64 at addr ffff88817d9d9504 by task kunit_try_catch/48057 [ 2170.005732] [ 2170.005937] CPU: 1 PID: 48057 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-251.1961_763395317.el9.x86_64+debug #1 [ 2170.007534] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2170.008222] Call Trace: [ 2170.008535] [ 2170.008807] ? kmalloc_memmove_invalid_size+0x1cf/0x2a0 [test_kasan] [ 2170.009569] dump_stack_lvl+0x57/0x81 [ 2170.010021] print_address_description.constprop.0+0x1f/0x1e0 [ 2170.010718] ? kmalloc_memmove_invalid_size+0x1cf/0x2a0 [test_kasan] [ 2170.011480] print_report.cold+0x5c/0x237 [ 2170.011972] kasan_report+0xc9/0x100 [ 2170.012419] ? kmalloc_memmove_invalid_size+0x1cf/0x2a0 [test_kasan] [ 2170.013181] kasan_check_range+0xfd/0x1e0 [ 2170.013672] memmove+0x20/0x60 [ 2170.014058] kmalloc_memmove_invalid_size+0x1cf/0x2a0 [test_kasan] [ 2170.014802] ? kmalloc_oob_in_memset+0x280/0x280 [test_kasan] [ 2170.015502] ? do_raw_spin_trylock+0xb5/0x180 [ 2170.016037] ? do_raw_spin_lock+0x270/0x270 [ 2170.016552] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2170.017220] ? kunit_add_resource+0x197/0x280 [kunit] [ 2170.017837] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2170.018431] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2170.019042] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2170.019776] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2170.020395] kthread+0x2a4/0x350 [ 2170.020803] ? kthread_complete_and_exit+0x20/0x20 [ 2170.021386] ret_from_fork+0x1f/0x30 [ 2170.021839] [ 2170.022120] [ 2170.022325] Allocated by task 48057: [ 2170.022766] kasan_save_stack+0x1e/0x40 [ 2170.023233] __kasan_kmalloc+0x81/0xa0 [ 2170.023697] kmalloc_memmove_invalid_size+0xac/0x2a0 [test_kasan] [ 2170.024428] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2170.025020] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2170.025752] kthread+0x2a4/0x350 [ 2170.026154] ret_from_fork+0x1f/0x30 [ 2170.026599] [ 2170.026803] The buggy address belongs to the object at ffff88817d9d9500 [ 2170.026803] which belongs to the cache kmalloc-64 of size 64 [ 2170.028240] The buggy address is located 4 bytes inside of [ 2170.028240] 64-byte region [ffff88817d9d9500, ffff88817d9d9540) [ 2170.029585] [ 2170.029790] The buggy address belongs to the physical page: [ 2170.030455] page:000000006295539f refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88817d9d9780 pfn:0x17d9d9 [ 2170.031707] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 2170.032534] raw: 0017ffffc0000200 ffffea0005dd19c0 dead000000000003 ffff888100041640 [ 2170.033449] raw: ffff88817d9d9780 0000000080200012 00000001ffffffff 0000000000000000 [ 2170.034361] page dumped because: kasan: bad access detected [ 2170.035025] [ 2170.035231] Memory state around the buggy address: [ 2170.035812] ffff88817d9d9400: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 2170.036671] ffff88817d9d9480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 2170.037531] >ffff88817d9d9500: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 2170.038384] ^ [ 2170.039022] ffff88817d9d9580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 2170.039880] ffff88817d9d9600: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 2170.040739] ================================================================== [ 2170.041851] ok 23 - kmalloc_memmove_invalid_size [ 2170.042154] ================================================================== [ 2170.043628] BUG: KASAN: use-after-free in kmalloc_uaf+0x286/0x2b0 [test_kasan] [ 2170.044492] Read of size 1 at addr ffff88814672b068 by task kunit_try_catch/48058 [ 2170.045375] [ 2170.045583] CPU: 1 PID: 48058 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-251.1961_763395317.el9.x86_64+debug #1 [ 2170.047177] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2170.047868] Call Trace: [ 2170.048178] [ 2170.048454] ? kmalloc_uaf+0x286/0x2b0 [test_kasan] [ 2170.049046] dump_stack_lvl+0x57/0x81 [ 2170.049505] print_address_description.constprop.0+0x1f/0x1e0 [ 2170.050198] ? kmalloc_uaf+0x286/0x2b0 [test_kasan] [ 2170.050793] print_report.cold+0x5c/0x237 [ 2170.051286] kasan_report+0xc9/0x100 [ 2170.051737] ? kmalloc_uaf+0x286/0x2b0 [test_kasan] [ 2170.052334] kmalloc_uaf+0x286/0x2b0 [test_kasan] [ 2170.052912] ? kmalloc_uaf2+0x430/0x430 [test_kasan] [ 2170.053519] ? do_raw_spin_trylock+0xb5/0x180 [ 2170.054053] ? do_raw_spin_lock+0x270/0x270 [ 2170.054570] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2170.055241] ? kunit_add_resource+0x197/0x280 [kunit] [ 2170.055862] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2170.056462] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2170.057077] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2170.057812] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2170.058438] kthread+0x2a4/0x350 [ 2170.058841] ? kthread_complete_and_exit+0x20/0x20 [ 2170.059427] ret_from_fork+0x1f/0x30 [ 2170.059879] [ 2170.060160] [ 2170.060366] Allocated by task 48058: [ 2170.060809] kasan_save_stack+0x1e/0x40 [ 2170.061284] __kasan_kmalloc+0x81/0xa0 [ 2170.061748] kmalloc_uaf+0x98/0x2b0 [test_kasan] [ 2170.062313] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2170.062911] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2170.063645] kthread+0x2a4/0x350 [ 2170.064047] ret_from_fork+0x1f/0x30 [ 2170.064490] [ 2170.064695] Freed by task 48058: [ 2170.065096] kasan_save_stack+0x1e/0x40 [ 2170.065566] kasan_set_track+0x21/0x30 [ 2170.066027] kasan_set_free_info+0x20/0x40 [ 2170.066528] __kasan_slab_free+0x108/0x170 [ 2170.067025] slab_free_freelist_hook+0x11d/0x1d0 [ 2170.067592] kfree+0xe2/0x3c0 [ 2170.067967] kmalloc_uaf+0x12b/0x2b0 [test_kasan] [ 2170.068544] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2170.069136] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2170.069871] kthread+0x2a4/0x350 [ 2170.070275] ret_from_fork+0x1f/0x30 [ 2170.070719] [ 2170.070925] The buggy address belongs to the object at ffff88814672b060 [ 2170.070925] which belongs to the cache kmalloc-16 of size 16 [ 2170.072363] The buggy address is located 8 bytes inside of [ 2170.072363] 16-byte region [ffff88814672b060, ffff88814672b070) [ 2170.073711] [ 2170.073917] The buggy address belongs to the physical page: [ 2170.074583] page:00000000ccecf309 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x14672b [ 2170.075689] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 2170.076516] raw: 0017ffffc0000200 ffffea000523ad00 dead000000000002 ffff8881000413c0 [ 2170.077432] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 2170.078345] page dumped because: kasan: bad access detected [ 2170.079010] [ 2170.079215] Memory state around the buggy address: [ 2170.079796] ffff88814672af00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 2170.080656] ffff88814672af80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 2170.081519] >ffff88814672b000: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2170.082374] ^ [ 2170.083162] ffff88814672b080: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2170.084020] ffff88814672b100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2170.084880] ================================================================== [ 2170.087744] ok 24 - kmalloc_uaf [ 2170.090687] ================================================================== [ 2170.092017] BUG: KASAN: use-after-free in kmalloc_uaf_memset+0x1b4/0x280 [test_kasan] [ 2170.092965] Write of size 33 at addr ffff888105376300 by task kunit_try_catch/48059 [ 2170.093882] [ 2170.094090] CPU: 0 PID: 48059 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-251.1961_763395317.el9.x86_64+debug #1 [ 2170.095707] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2170.096400] Call Trace: [ 2170.096716] [ 2170.096992] ? kmalloc_uaf_memset+0x1b4/0x280 [test_kasan] [ 2170.097659] dump_stack_lvl+0x57/0x81 [ 2170.098116] print_address_description.constprop.0+0x1f/0x1e0 [ 2170.098821] ? kmalloc_uaf_memset+0x1b4/0x280 [test_kasan] [ 2170.099488] print_report.cold+0x5c/0x237 [ 2170.099985] kasan_report+0xc9/0x100 [ 2170.100436] ? kmalloc_uaf_memset+0xc1/0x280 [test_kasan] [ 2170.101091] ? kmalloc_uaf_memset+0x1b4/0x280 [test_kasan] [ 2170.101761] kasan_check_range+0xfd/0x1e0 [ 2170.102256] memset+0x20/0x50 [ 2170.102641] kmalloc_uaf_memset+0x1b4/0x280 [test_kasan] [ 2170.103289] ? kmem_cache_accounted+0x170/0x170 [test_kasan] [ 2170.103986] ? do_raw_spin_trylock+0xb5/0x180 [ 2170.104527] ? do_raw_spin_lock+0x270/0x270 [ 2170.105043] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2170.105721] ? kunit_add_resource+0x197/0x280 [kunit] [ 2170.106341] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2170.106945] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2170.107569] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2170.108315] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2170.108943] kthread+0x2a4/0x350 [ 2170.109349] ? kthread_complete_and_exit+0x20/0x20 [ 2170.109940] ret_from_fork+0x1f/0x30 [ 2170.110395] [ 2170.110681] [ 2170.110888] Allocated by task 48059: [ 2170.111330] kasan_save_stack+0x1e/0x40 [ 2170.111810] __kasan_kmalloc+0x81/0xa0 [ 2170.112272] kmalloc_uaf_memset+0x9a/0x280 [test_kasan] [ 2170.112909] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2170.113509] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2170.114245] kthread+0x2a4/0x350 [ 2170.114655] ret_from_fork+0x1f/0x30 [ 2170.115099] [ 2170.115306] Freed by task 48059: [ 2170.115713] kasan_save_stack+0x1e/0x40 [ 2170.116213] kasan_set_track+0x21/0x30 [ 2170.116734] kasan_set_free_info+0x20/0x40 [ 2170.117293] __kasan_slab_free+0x108/0x170 [ 2170.117798] slab_free_freelist_hook+0x11d/0x1d0 [ 2170.118485] kfree+0xe2/0x3c0 [ 2170.118907] kmalloc_uaf_memset+0x137/0x280 [test_kasan] [ 2170.119584] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2170.120179] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2170.120924] kthread+0x2a4/0x350 [ 2170.121331] ret_from_fork+0x1f/0x30 [ 2170.121780] [ 2170.121987] The buggy address belongs to the object at ffff888105376300 [ 2170.121987] which belongs to the cache kmalloc-64 of size 64 [ 2170.123443] The buggy address is located 0 bytes inside of [ 2170.123443] 64-byte region [ffff888105376300, ffff888105376340) [ 2170.124802] [ 2170.125009] The buggy address belongs to the physical page: [ 2170.125685] page:00000000ecae8427 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105376 [ 2170.126800] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 2170.127639] raw: 0017ffffc0000200 ffffea0005f50fc0 dead000000000006 ffff888100041640 [ 2170.128563] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000 [ 2170.129484] page dumped because: kasan: bad access detected [ 2170.130152] [ 2170.130359] Memory state around the buggy address: [ 2170.130944] ffff888105376200: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 2170.131810] ffff888105376280: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 2170.132676] >ffff888105376300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 2170.133544] ^ [ 2170.133949] ffff888105376380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 2170.134817] ffff888105376400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 2170.135684] ================================================================== [ 2170.136684] ok 25 - kmalloc_uaf_memset [ 2170.142130] ================================================================== [ 2170.143522] BUG: KASAN: use-after-free in kmalloc_uaf2+0x402/0x430 [test_kasan] [ 2170.144401] Read of size 1 at addr ffff8881053766a8 by task kunit_try_catch/48060 [ 2170.145299] [ 2170.145510] CPU: 0 PID: 48060 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-251.1961_763395317.el9.x86_64+debug #1 [ 2170.147116] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2170.147814] Call Trace: [ 2170.148127] [ 2170.148401] ? kmalloc_uaf2+0x402/0x430 [test_kasan] [ 2170.149012] dump_stack_lvl+0x57/0x81 [ 2170.149470] print_address_description.constprop.0+0x1f/0x1e0 [ 2170.150168] ? kmalloc_uaf2+0x402/0x430 [test_kasan] [ 2170.150778] print_report.cold+0x5c/0x237 [ 2170.151274] kasan_report+0xc9/0x100 [ 2170.151724] ? kmalloc_uaf2+0x402/0x430 [test_kasan] [ 2170.152330] kmalloc_uaf2+0x402/0x430 [test_kasan] [ 2170.152921] ? kfree_via_page+0x290/0x290 [test_kasan] [ 2170.153548] ? rcu_read_lock_sched_held+0x12/0x80 [ 2170.154124] ? lock_acquire+0x4ea/0x620 [ 2170.154601] ? rcu_read_unlock+0x40/0x40 [ 2170.155085] ? rcu_read_unlock+0x40/0x40 [ 2170.155570] ? rcu_read_lock_sched_held+0x12/0x80 [ 2170.156146] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2170.156822] ? do_raw_spin_lock+0x270/0x270 [ 2170.157337] ? trace_hardirqs_on+0x2d/0x160 [ 2170.157853] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2170.158460] ? kunit_add_resource+0x197/0x280 [kunit] [ 2170.159080] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2170.159678] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2170.160295] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2170.161035] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2170.161664] kthread+0x2a4/0x350 [ 2170.162071] ? kthread_complete_and_exit+0x20/0x20 [ 2170.162660] ret_from_fork+0x1f/0x30 [ 2170.163113] [ 2170.163396] [ 2170.163607] Allocated by task 48060: [ 2170.164049] kasan_save_stack+0x1e/0x40 [ 2170.164525] __kasan_kmalloc+0x81/0xa0 [ 2170.164987] kmalloc_uaf2+0xad/0x430 [test_kasan] [ 2170.165565] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2170.166161] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2170.166898] kthread+0x2a4/0x350 [ 2170.167303] ret_from_fork+0x1f/0x30 [ 2170.167749] [ 2170.167955] Freed by task 48060: [ 2170.168359] kasan_save_stack+0x1e/0x40 [ 2170.168833] kasan_set_track+0x21/0x30 [ 2170.169296] kasan_set_free_info+0x20/0x40 [ 2170.169801] __kasan_slab_free+0x108/0x170 [ 2170.170301] slab_free_freelist_hook+0x11d/0x1d0 [ 2170.170868] kfree+0xe2/0x3c0 [ 2170.171244] kmalloc_uaf2+0x144/0x430 [test_kasan] [ 2170.171831] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2170.172427] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2170.173161] kthread+0x2a4/0x350 [ 2170.173569] ret_from_fork+0x1f/0x30 [ 2170.174117] [ 2170.174347] The buggy address belongs to the object at ffff888105376680 [ 2170.174347] which belongs to the cache kmalloc-64 of size 64 [ 2170.175847] The buggy address is located 40 bytes inside of [ 2170.175847] 64-byte region [ffff888105376680, ffff8881053766c0) [ 2170.177208] [ 2170.177418] The buggy address belongs to the physical page: [ 2170.178086] page:00000000ecae8427 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105376 [ 2170.179195] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 2170.180027] raw: 0017ffffc0000200 ffffea0005f50fc0 dead000000000006 ffff888100041640 [ 2170.180949] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000 [ 2170.181871] page dumped because: kasan: bad access detected [ 2170.182540] [ 2170.182747] Memory state around the buggy address: [ 2170.183327] ffff888105376580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 2170.184192] ffff888105376600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 2170.185057] >ffff888105376680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 2170.185921] ^ [ 2170.186478] ffff888105376700: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 2170.187339] ffff888105376780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 2170.188204] ================================================================== [ 2170.190101] ok 26 - kmalloc_uaf2 [ 2170.190265] ok 27 - kfree_via_page [ 2170.190902] ok 28 - kfree_via_phys [ 2170.191808] ================================================================== [ 2170.193140] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x2d4/0x2e0 [test_kasan] [ 2170.194077] Read of size 1 at addr ffff888178308b18 by task kunit_try_catch/48063 [ 2170.194966] [ 2170.195173] CPU: 1 PID: 48063 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-251.1961_763395317.el9.x86_64+debug #1 [ 2170.196772] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2170.197465] Call Trace: [ 2170.197775] [ 2170.198048] ? kmem_cache_oob+0x2d4/0x2e0 [test_kasan] [ 2170.198674] dump_stack_lvl+0x57/0x81 [ 2170.199128] print_address_description.constprop.0+0x1f/0x1e0 [ 2170.199824] ? kmem_cache_oob+0x2d4/0x2e0 [test_kasan] [ 2170.200449] print_report.cold+0x5c/0x237 [ 2170.200944] kasan_report+0xc9/0x100 [ 2170.201390] ? kmem_cache_oob+0x2d4/0x2e0 [test_kasan] [ 2170.202016] kmem_cache_oob+0x2d4/0x2e0 [test_kasan] [ 2170.202622] ? kmem_cache_double_free+0x280/0x280 [test_kasan] [ 2170.203326] ? do_raw_spin_trylock+0xb5/0x180 [ 2170.203865] ? do_raw_spin_lock+0x270/0x270 [ 2170.204379] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2170.205113] ? kunit_add_resource+0x197/0x280 [kunit] [ 2170.205813] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2170.206411] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2170.207026] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2170.207760] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2170.208381] kthread+0x2a4/0x350 [ 2170.208787] ? kthread_complete_and_exit+0x20/0x20 [ 2170.209369] ret_from_fork+0x1f/0x30 [ 2170.209823] [ 2170.210105] [ 2170.210312] Allocated by task 48063: [ 2170.210758] kasan_save_stack+0x1e/0x40 [ 2170.211227] __kasan_slab_alloc+0x66/0x80 [ 2170.211718] kmem_cache_alloc+0x161/0x310 [ 2170.212206] kmem_cache_oob+0x121/0x2e0 [test_kasan] [ 2170.212810] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2170.213405] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2170.214135] kthread+0x2a4/0x350 [ 2170.214541] ret_from_fork+0x1f/0x30 [ 2170.214982] [ 2170.215188] The buggy address belongs to the object at ffff888178308a50 [ 2170.215188] which belongs to the cache test_cache of size 200 [ 2170.216636] The buggy address is located 0 bytes to the right of [ 2170.216636] 200-byte region [ffff888178308a50, ffff888178308b18) [ 2170.218044] [ 2170.218249] The buggy address belongs to the physical page: [ 2170.218914] page:0000000042742c29 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x178308 [ 2170.220015] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 2170.220843] raw: 0017ffffc0000200 0000000000000000 dead000000000122 ffff8881795cb500 [ 2170.221760] raw: 0000000000000000 00000000800f000f 00000001ffffffff 0000000000000000 [ 2170.222675] page dumped because: kasan: bad access detected [ 2170.223337] [ 2170.223547] Memory state around the buggy address: [ 2170.224124] ffff888178308a00: fc fc fc fc fc fc fc fc fc fc 00 00 00 00 00 00 [ 2170.224987] ffff888178308a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2170.225846] >ffff888178308b00: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2170.226705] ^ [ 2170.227191] ffff888178308b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2170.228049] ffff888178308c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2170.228906] ================================================================== [ 2170.247748] ok 29 - kmem_cache_oob [ 2170.780051] ok 30 - kmem_cache_accounted [ 2170.794587] ok 31 - kmem_cache_bulk [ 2170.795373] ================================================================== [ 2170.796746] BUG: KASAN: global-out-of-bounds in kasan_global_oob_right+0x1df/0x1f0 [test_kasan] [ 2170.797774] Read of size 1 at addr ffffffffc160e90d by task kunit_try_catch/48068 [ 2170.798639] [ 2170.798841] CPU: 0 PID: 48068 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-251.1961_763395317.el9.x86_64+debug #1 [ 2170.800410] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2170.801083] Call Trace: [ 2170.801409] [ 2170.801715] ? kasan_global_oob_right+0x1df/0x1f0 [test_kasan] [ 2170.802514] dump_stack_lvl+0x57/0x81 [ 2170.803028] print_address_description.constprop.0+0x1f/0x1e0 [ 2170.803820] ? kasan_global_oob_right+0x1df/0x1f0 [test_kasan] [ 2170.804528] print_report.cold+0x5c/0x237 [ 2170.805028] kasan_report+0xc9/0x100 [ 2170.805546] ? kasan_global_oob_right+0x1df/0x1f0 [test_kasan] [ 2170.806334] kasan_global_oob_right+0x1df/0x1f0 [test_kasan] [ 2170.807009] ? kasan_stack_oob+0x200/0x200 [test_kasan] [ 2170.807630] ? do_raw_spin_trylock+0xb5/0x180 [ 2170.808153] ? do_raw_spin_lock+0x270/0x270 [ 2170.808657] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2170.809333] ? kunit_add_resource+0x197/0x280 [kunit] [ 2170.809957] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2170.810612] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2170.811301] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2170.812084] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2170.812694] kthread+0x2a4/0x350 [ 2170.813134] ? kthread_complete_and_exit+0x20/0x20 [ 2170.813793] ret_from_fork+0x1f/0x30 [ 2170.814302] [ 2170.814621] [ 2170.814852] The buggy address belongs to the variable: [ 2170.815525] global_array+0xd/0xfffffffffffe5700 [test_kasan] [ 2170.816200] [ 2170.816402] Memory state around the buggy address: [ 2170.816965] ffffffffc160e800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2170.817804] ffffffffc160e880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2170.818644] >ffffffffc160e900: 00 02 f9 f9 f9 f9 f9 f9 01 f9 f9 f9 f9 f9 f9 f9 [ 2170.819482] ^ [ 2170.819901] ffffffffc160e980: 02 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 f9 f9 [ 2170.820739] ffffffffc160ea00: f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 [ 2170.821579] ================================================================== [ 2170.822529] ok 32 - kasan_global_oob_right [ 2170.822710] ok 33 - kasan_global_oob_left # SKIP Test requires CONFIG_CC_IS_CLANG=y [ 2170.823492] ================================================================== [ 2170.825306] BUG: KASAN: stack-out-of-bounds in kasan_stack_oob+0x1eb/0x200 [test_kasan] [ 2170.826354] Read of size 1 at addr ffffc9000178fe7a by task kunit_try_catch/48070 [ 2170.827302] [ 2170.827513] CPU: 1 PID: 48070 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-251.1961_763395317.el9.x86_64+debug #1 [ 2170.829111] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2170.829807] Call Trace: [ 2170.830117] [ 2170.830394] ? kasan_stack_oob+0x1eb/0x200 [test_kasan] [ 2170.831025] dump_stack_lvl+0x57/0x81 [ 2170.831486] print_address_description.constprop.0+0x1f/0x1e0 [ 2170.832238] ? kasan_stack_oob+0x1eb/0x200 [test_kasan] [ 2170.832954] print_report.cold+0x5c/0x237 [ 2170.833452] kasan_report+0xc9/0x100 [ 2170.833897] ? kasan_stack_oob+0x1eb/0x200 [test_kasan] [ 2170.834535] kasan_stack_oob+0x1eb/0x200 [test_kasan] [ 2170.835149] ? match_all_mem_tag+0x20/0x20 [test_kasan] [ 2170.835783] ? rcu_read_unlock+0x40/0x40 [ 2170.836264] ? rcu_read_lock_sched_held+0x12/0x80 [ 2170.836844] ? do_raw_spin_trylock+0xb5/0x180 [ 2170.837383] ? do_raw_spin_lock+0x270/0x270 [ 2170.837897] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2170.838574] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2170.839176] ? kunit_add_resource+0x197/0x280 [kunit] [ 2170.839795] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2170.840390] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2170.841004] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2170.841742] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2170.842364] kthread+0x2a4/0x350 [ 2170.842771] ? kthread_complete_and_exit+0x20/0x20 [ 2170.843353] ret_from_fork+0x1f/0x30 [ 2170.843808] [ 2170.844091] [ 2170.844297] The buggy address belongs to stack of task kunit_try_catch/48070 [ 2170.845138] and is located at offset 266 in frame: [ 2170.845797] kasan_stack_oob+0x0/0x200 [test_kasan] [ 2170.846465] [ 2170.846671] This frame has 4 objects: [ 2170.847119] [48, 56) 'array' [ 2170.847122] [80, 128) '__assertion' [ 2170.847498] [160, 224) '__assertion' [ 2170.847938] [256, 266) 'stack_array' [ 2170.848390] [ 2170.849040] The buggy address belongs to the virtual mapping at [ 2170.849040] [ffffc90001788000, ffffc90001791000) created by: [ 2170.849040] dup_task_struct+0x5e/0x5a0 [ 2170.850915] [ 2170.851145] The buggy address belongs to the physical page: [ 2170.851857] page:0000000042742c29 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x178308 [ 2170.852968] flags: 0x17ffffc0000000(node=0|zone=2|lastcpupid=0x1fffff) [ 2170.853857] raw: 0017ffffc0000000 0000000000000000 dead000000000122 0000000000000000 [ 2170.854802] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 2170.855716] page dumped because: kasan: bad access detected [ 2170.856384] [ 2170.856590] Memory state around the buggy address: [ 2170.857168] ffffc9000178fd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 [ 2170.858031] ffffc9000178fd80: f1 f1 f1 f1 00 f2 f2 f2 00 00 00 00 00 00 f2 f2 [ 2170.858890] >ffffc9000178fe00: f2 f2 00 00 00 00 00 00 00 00 f2 f2 f2 f2 00 02 [ 2170.859752] ^ [ 2170.860607] ffffc9000178fe80: f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2170.861465] ffffc9000178ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2170.862320] ================================================================== [ 2170.863351] ok 34 - kasan_stack_oob [ 2170.863537] ================================================================== [ 2170.864946] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_left+0x27d/0x2a0 [test_kasan] [ 2170.865969] Read of size 1 at addr ffffc9000177fd1f by task kunit_try_catch/48071 [ 2170.866859] [ 2170.867065] CPU: 1 PID: 48071 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-251.1961_763395317.el9.x86_64+debug #1 [ 2170.868695] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2170.869474] Call Trace: [ 2170.869809] [ 2170.870110] ? kasan_alloca_oob_left+0x27d/0x2a0 [test_kasan] [ 2170.870892] dump_stack_lvl+0x57/0x81 [ 2170.871368] print_address_description.constprop.0+0x1f/0x1e0 [ 2170.872062] ? kasan_alloca_oob_left+0x27d/0x2a0 [test_kasan] [ 2170.872758] print_report.cold+0x5c/0x237 [ 2170.873251] kasan_report+0xc9/0x100 [ 2170.873700] ? kasan_alloca_oob_left+0x27d/0x2a0 [test_kasan] [ 2170.874399] kasan_alloca_oob_left+0x27d/0x2a0 [test_kasan] [ 2170.875070] ? rcu_read_lock_sched_held+0x12/0x80 [ 2170.875649] ? rcu_read_lock_sched_held+0x12/0x80 [ 2170.876251] ? lock_acquire+0x4ea/0x620 [ 2170.876784] ? kasan_alloca_oob_right+0x290/0x290 [test_kasan] [ 2170.877544] ? rcu_read_lock_sched_held+0x12/0x80 [ 2170.878118] ? do_raw_spin_trylock+0xb5/0x180 [ 2170.878658] ? do_raw_spin_lock+0x270/0x270 [ 2170.879171] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2170.879845] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2170.880449] ? kunit_add_resource+0x197/0x280 [kunit] [ 2170.881067] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2170.881665] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2170.882277] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2170.883013] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2170.883640] kthread+0x2a4/0x350 [ 2170.884044] ? kthread_complete_and_exit+0x20/0x20 [ 2170.884630] ret_from_fork+0x1f/0x30 [ 2170.885081] [ 2170.885363] [ 2170.885573] The buggy address belongs to stack of task kunit_try_catch/48071 [ 2170.886418] [ 2170.886625] The buggy address belongs to the virtual mapping at [ 2170.886625] [ffffc90001778000, ffffc90001781000) created by: [ 2170.886625] dup_task_struct+0x5e/0x5a0 [ 2170.888430] [ 2170.888636] The buggy address belongs to the physical page: [ 2170.889302] page:00000000037081e0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x15a764 [ 2170.890413] flags: 0x17ffffc0000000(node=0|zone=2|lastcpupid=0x1fffff) [ 2170.891189] raw: 0017ffffc0000000 0000000000000000 dead000000000122 0000000000000000 [ 2170.892191] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 2170.893158] page dumped because: kasan: bad access detected [ 2170.893826] [ 2170.894032] Memory state around the buggy address: [ 2170.894613] ffffc9000177fc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2170.895472] ffffc9000177fc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2170.896330] >ffffc9000177fd00: ca ca ca ca 00 02 cb cb cb cb cb cb 00 00 00 00 [ 2170.897184] ^ [ 2170.897674] ffffc9000177fd80: f1 f1 f1 f1 04 f2 00 f2 f2 f2 00 00 00 00 00 00 [ 2170.898535] ffffc9000177fe00: f2 f2 f2 f2 00 00 00 00 00 00 00 00 f3 f3 f3 f3 [ 2170.899396] ================================================================== [ 2170.900349] ok 35 - kasan_alloca_oob_left [ 2170.900519] ================================================================== [ 2170.901922] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_right+0x275/0x290 [test_kasan] [ 2170.902957] Read of size 1 at addr ffffc9000178fd2a by task kunit_try_catch/48072 [ 2170.903846] [ 2170.904053] CPU: 1 PID: 48072 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-251.1961_763395317.el9.x86_64+debug #1 [ 2170.905656] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2170.906346] Call Trace: [ 2170.906660] [ 2170.906933] ? kasan_alloca_oob_right+0x275/0x290 [test_kasan] [ 2170.907640] dump_stack_lvl+0x57/0x81 [ 2170.908094] print_address_description.constprop.0+0x1f/0x1e0 [ 2170.908791] ? kasan_alloca_oob_right+0x275/0x290 [test_kasan] [ 2170.909554] print_report.cold+0x5c/0x237 [ 2170.910107] kasan_report+0xc9/0x100 [ 2170.910577] ? kasan_alloca_oob_right+0x275/0x290 [test_kasan] [ 2170.911281] kasan_alloca_oob_right+0x275/0x290 [test_kasan] [ 2170.911973] ? rcu_read_lock_sched_held+0x12/0x80 [ 2170.912552] ? rcu_read_lock_sched_held+0x12/0x80 [ 2170.913122] ? lock_acquire+0x4ea/0x620 [ 2170.913600] ? ksize_unpoisons_memory+0x300/0x300 [test_kasan] [ 2170.914303] ? rcu_read_lock_sched_held+0x12/0x80 [ 2170.914882] ? do_raw_spin_trylock+0xb5/0x180 [ 2170.915421] ? do_raw_spin_lock+0x270/0x270 [ 2170.915935] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2170.916609] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2170.917212] ? kunit_add_resource+0x197/0x280 [kunit] [ 2170.917831] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2170.918427] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2170.919039] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2170.919777] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2170.920403] kthread+0x2a4/0x350 [ 2170.920807] ? kthread_complete_and_exit+0x20/0x20 [ 2170.921395] ret_from_fork+0x1f/0x30 [ 2170.921846] [ 2170.922127] [ 2170.922333] The buggy address belongs to stack of task kunit_try_catch/48072 [ 2170.923179] [ 2170.923389] The buggy address belongs to the virtual mapping at [ 2170.923389] [ffffc90001788000, ffffc90001791000) created by: [ 2170.923389] dup_task_struct+0x5e/0x5a0 [ 2170.925192] [ 2170.925404] The buggy address belongs to the physical page: [ 2170.926135] page:0000000042742c29 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x178308 [ 2170.927310] flags: 0x17ffffc0000000(node=0|zone=2|lastcpupid=0x1fffff) [ 2170.928090] raw: 0017ffffc0000000 0000000000000000 dead000000000122 0000000000000000 [ 2170.929076] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 2170.930061] page dumped because: kasan: bad access detected [ 2170.930728] [ 2170.930934] Memory state around the buggy address: [ 2170.931515] ffffc9000178fc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2170.932491] ffffc9000178fc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2170.933451] >ffffc9000178fd00: ca ca ca ca 00 02 cb cb cb cb cb cb 00 00 00 00 [ 2170.934305] ^ [ 2170.934860] ffffc9000178fd80: f1 f1 f1 f1 04 f2 00 f2 f2 f2 00 00 00 00 00 00 [ 2170.935721] ffffc9000178fe00: f2 f2 f2 f2 00 00 00 00 00 00 00 00 f3 f3 f3 f3 [ 2170.936582] ================================================================== [ 2170.937631] ok 36 - kasan_alloca_oob_right [ 2170.937782] ================================================================== [ 2170.939197] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x2cf/0x300 [test_kasan] [ 2170.940212] Read of size 1 at addr ffff888179e84e80 by task kunit_try_catch/48073 [ 2170.941101] [ 2170.941307] CPU: 1 PID: 48073 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-251.1961_763395317.el9.x86_64+debug #1 [ 2170.942906] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2170.943600] Call Trace: [ 2170.943910] [ 2170.944183] ? ksize_unpoisons_memory+0x2cf/0x300 [test_kasan] [ 2170.944889] dump_stack_lvl+0x57/0x81 [ 2170.945342] print_address_description.constprop.0+0x1f/0x1e0 [ 2170.946038] ? ksize_unpoisons_memory+0x2cf/0x300 [test_kasan] [ 2170.946746] print_report.cold+0x5c/0x237 [ 2170.947297] kasan_report+0xc9/0x100 [ 2170.947801] ? ksize_unpoisons_memory+0x2cf/0x300 [test_kasan] [ 2170.948531] ksize_unpoisons_memory+0x2cf/0x300 [test_kasan] [ 2170.949217] ? ksize_uaf+0x4a0/0x4a0 [test_kasan] [ 2170.949795] ? do_raw_spin_trylock+0xb5/0x180 [ 2170.950331] ? do_raw_spin_lock+0x270/0x270 [ 2170.950900] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2170.951660] ? kunit_add_resource+0x197/0x280 [kunit] [ 2170.952275] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2170.952871] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2170.953489] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2170.954219] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2170.954842] kthread+0x2a4/0x350 [ 2170.955245] ? kthread_complete_and_exit+0x20/0x20 [ 2170.955832] ret_from_fork+0x1f/0x30 [ 2170.956283] [ 2170.956568] [ 2170.956774] Allocated by task 48073: [ 2170.957214] kasan_save_stack+0x1e/0x40 [ 2170.957688] __kasan_kmalloc+0x81/0xa0 [ 2170.958149] ksize_unpoisons_memory+0x9a/0x300 [test_kasan] [ 2170.958820] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2170.959415] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2170.960146] kthread+0x2a4/0x350 [ 2170.960553] ret_from_fork+0x1f/0x30 [ 2170.960994] [ 2170.961199] The buggy address belongs to the object at ffff888179e84e00 [ 2170.961199] which belongs to the cache kmalloc-128 of size 128 [ 2170.962711] The buggy address is located 0 bytes to the right of [ 2170.962711] 128-byte region [ffff888179e84e00, ffff888179e84e80) [ 2170.964200] [ 2170.964409] The buggy address belongs to the physical page: [ 2170.965073] page:000000003dc52e80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x179e84 [ 2170.966175] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 2170.967001] raw: 0017ffffc0000200 dead000000000100 dead000000000122 ffff8881000418c0 [ 2170.967917] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 2170.968831] page dumped because: kasan: bad access detected [ 2170.969497] [ 2170.969702] Memory state around the buggy address: [ 2170.970338] ffff888179e84d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2170.971272] ffff888179e84e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2170.972133] >ffff888179e84e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2170.972991] ^ [ 2170.973397] ffff888179e84f00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2170.974255] ffff888179e84f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2170.975114] ================================================================== [ 2170.976084] ok 37 - ksize_unpoisons_memory [ 2170.976241] ================================================================== [ 2170.977666] BUG: KASAN: use-after-free in ksize_uaf+0x1ad/0x4a0 [test_kasan] [ 2170.978513] Read of size 1 at addr ffff888179e84d00 by task kunit_try_catch/48074 [ 2170.979404] [ 2170.979610] CPU: 1 PID: 48074 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-251.1961_763395317.el9.x86_64+debug #1 [ 2170.981209] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2170.981901] Call Trace: [ 2170.982211] [ 2170.982488] ? ksize_uaf+0x1ad/0x4a0 [test_kasan] [ 2170.983065] dump_stack_lvl+0x57/0x81 [ 2170.983522] print_address_description.constprop.0+0x1f/0x1e0 [ 2170.984217] ? ksize_uaf+0x1ad/0x4a0 [test_kasan] [ 2170.984795] print_report.cold+0x5c/0x237 [ 2170.985288] kasan_report+0xc9/0x100 [ 2170.985735] ? ksize_uaf+0x1ad/0x4a0 [test_kasan] [ 2170.986308] ? ksize_uaf+0x1ad/0x4a0 [test_kasan] [ 2170.986886] __kasan_check_byte+0x36/0x50 [ 2170.987380] ksize+0x1b/0x50 [ 2170.987748] ksize_uaf+0x1ad/0x4a0 [test_kasan] [ 2170.988303] ? kmem_cache_oob+0x2e0/0x2e0 [test_kasan] [ 2170.988926] ? do_raw_spin_trylock+0xb5/0x180 [ 2170.989468] ? do_raw_spin_lock+0x270/0x270 [ 2170.989982] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2170.990656] ? kunit_add_resource+0x197/0x280 [kunit] [ 2170.991273] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2170.991870] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2170.992489] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2170.993222] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2170.993846] kthread+0x2a4/0x350 [ 2170.994249] ? kthread_complete_and_exit+0x20/0x20 [ 2170.994834] ret_from_fork+0x1f/0x30 [ 2170.995285] [ 2170.995570] [ 2170.995777] Allocated by task 48074: [ 2170.996217] kasan_save_stack+0x1e/0x40 [ 2170.996690] __kasan_kmalloc+0x81/0xa0 [ 2170.997151] ksize_uaf+0x9a/0x4a0 [test_kasan] [ 2170.997698] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2170.998291] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2170.999025] kthread+0x2a4/0x350 [ 2170.999433] ret_from_fork+0x1f/0x30 [ 2170.999877] [ 2171.000082] Freed by task 48074: [ 2171.000487] kasan_save_stack+0x1e/0x40 [ 2171.000955] kasan_set_track+0x21/0x30 [ 2171.001418] kasan_set_free_info+0x20/0x40 [ 2171.001915] __kasan_slab_free+0x108/0x170 [ 2171.002457] slab_free_freelist_hook+0x11d/0x1d0 [ 2171.003086] kfree+0xe2/0x3c0 [ 2171.003495] ksize_uaf+0x137/0x4a0 [test_kasan] [ 2171.004050] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2171.004646] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2171.005382] kthread+0x2a4/0x350 [ 2171.005785] ret_from_fork+0x1f/0x30 [ 2171.006227] [ 2171.006438] The buggy address belongs to the object at ffff888179e84d00 [ 2171.006438] which belongs to the cache kmalloc-128 of size 128 [ 2171.007894] The buggy address is located 0 bytes inside of [ 2171.007894] 128-byte region [ffff888179e84d00, ffff888179e84d80) [ 2171.009247] [ 2171.009456] The buggy address belongs to the physical page: [ 2171.010120] page:000000003dc52e80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x179e84 [ 2171.011225] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 2171.012053] raw: 0017ffffc0000200 dead000000000100 dead000000000122 ffff8881000418c0 [ 2171.012972] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 2171.013887] page dumped because: kasan: bad access detected [ 2171.014553] [ 2171.014758] Memory state around the buggy address: [ 2171.015335] ffff888179e84c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2171.016197] ffff888179e84c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2171.017055] >ffff888179e84d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2171.017971] ^ [ 2171.018426] ffff888179e84d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2171.019393] ffff888179e84e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2171.020281] ================================================================== [ 2171.021256] ================================================================== [ 2171.022122] BUG: KASAN: use-after-free in ksize_uaf+0x47d/0x4a0 [test_kasan] [ 2171.023080] Read of size 1 at addr ffff888179e84d00 by task kunit_try_catch/48074 [ 2171.023995] [ 2171.024201] CPU: 1 PID: 48074 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-251.1961_763395317.el9.x86_64+debug #1 [ 2171.025802] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2171.026494] Call Trace: [ 2171.026805] [ 2171.027078] ? ksize_uaf+0x47d/0x4a0 [test_kasan] [ 2171.027656] dump_stack_lvl+0x57/0x81 [ 2171.028108] print_address_description.constprop.0+0x1f/0x1e0 [ 2171.028807] ? ksize_uaf+0x47d/0x4a0 [test_kasan] [ 2171.029383] print_report.cold+0x5c/0x237 [ 2171.029877] kasan_report+0xc9/0x100 [ 2171.030322] ? ksize_uaf+0x47d/0x4a0 [test_kasan] [ 2171.030901] ksize_uaf+0x47d/0x4a0 [test_kasan] [ 2171.031465] ? kmem_cache_oob+0x2e0/0x2e0 [test_kasan] [ 2171.032087] ? do_raw_spin_trylock+0xb5/0x180 [ 2171.032627] ? do_raw_spin_lock+0x270/0x270 [ 2171.033142] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2171.033815] ? kunit_add_resource+0x197/0x280 [kunit] [ 2171.034437] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2171.035085] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2171.035789] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2171.036529] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2171.037151] kthread+0x2a4/0x350 [ 2171.037558] ? kthread_complete_and_exit+0x20/0x20 [ 2171.038141] ret_from_fork+0x1f/0x30 [ 2171.038595] [ 2171.038877] [ 2171.039083] Allocated by task 48074: [ 2171.039524] kasan_save_stack+0x1e/0x40 [ 2171.039995] __kasan_kmalloc+0x81/0xa0 [ 2171.040457] ksize_uaf+0x9a/0x4a0 [test_kasan] [ 2171.041005] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2171.041599] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2171.042329] kthread+0x2a4/0x350 [ 2171.042735] ret_from_fork+0x1f/0x30 [ 2171.043177] [ 2171.043386] Freed by task 48074: [ 2171.043788] kasan_save_stack+0x1e/0x40 [ 2171.044258] kasan_set_track+0x21/0x30 [ 2171.044720] kasan_set_free_info+0x20/0x40 [ 2171.045220] __kasan_slab_free+0x108/0x170 [ 2171.045720] slab_free_freelist_hook+0x11d/0x1d0 [ 2171.046283] kfree+0xe2/0x3c0 [ 2171.046659] ksize_uaf+0x137/0x4a0 [test_kasan] [ 2171.047212] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2171.047808] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2171.048544] kthread+0x2a4/0x350 [ 2171.048947] ret_from_fork+0x1f/0x30 [ 2171.049392] [ 2171.049597] The buggy address belongs to the object at ffff888179e84d00 [ 2171.049597] which belongs to the cache kmalloc-128 of size 128 [ 2171.051057] The buggy address is located 0 bytes inside of [ 2171.051057] 128-byte region [ffff888179e84d00, ffff888179e84d80) [ 2171.052415] [ 2171.052621] The buggy address belongs to the physical page: [ 2171.053284] page:000000003dc52e80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x179e84 [ 2171.054392] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 2171.055217] raw: 0017ffffc0000200 dead000000000100 dead000000000122 ffff8881000418c0 [ 2171.056134] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 2171.057053] page dumped because: kasan: bad access detected [ 2171.057718] [ 2171.057924] Memory state around the buggy address: [ 2171.058504] ffff888179e84c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2171.059361] ffff888179e84c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2171.060222] >ffff888179e84d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2171.061085] ^ [ 2171.061491] ffff888179e84d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2171.062349] ffff888179e84e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2171.063210] ================================================================== [ 2171.064090] ================================================================== [ 2171.064958] BUG: KASAN: use-after-free in ksize_uaf+0x470/0x4a0 [test_kasan] [ 2171.065807] Read of size 1 at addr ffff888179e84d78 by task kunit_try_catch/48074 [ 2171.066697] [ 2171.066904] CPU: 1 PID: 48074 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-251.1961_763395317.el9.x86_64+debug #1 [ 2171.068506] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2171.069195] Call Trace: [ 2171.069508] [ 2171.069781] ? ksize_uaf+0x470/0x4a0 [test_kasan] [ 2171.070393] dump_stack_lvl+0x57/0x81 [ 2171.070900] print_address_description.constprop.0+0x1f/0x1e0 [ 2171.071646] ? ksize_uaf+0x470/0x4a0 [test_kasan] [ 2171.072219] print_report.cold+0x5c/0x237 [ 2171.072717] kasan_report+0xc9/0x100 [ 2171.073161] ? ksize_uaf+0x470/0x4a0 [test_kasan] [ 2171.073738] ksize_uaf+0x470/0x4a0 [test_kasan] [ 2171.074294] ? kmem_cache_oob+0x2e0/0x2e0 [test_kasan] [ 2171.074918] ? do_raw_spin_trylock+0xb5/0x180 [ 2171.075458] ? do_raw_spin_lock+0x270/0x270 [ 2171.075972] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2171.076647] ? kunit_add_resource+0x197/0x280 [kunit] [ 2171.077262] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2171.077944] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2171.078620] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2171.079352] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2171.079978] kthread+0x2a4/0x350 [ 2171.080384] ? kthread_complete_and_exit+0x20/0x20 [ 2171.080967] ret_from_fork+0x1f/0x30 [ 2171.081422] [ 2171.081704] [ 2171.081910] Allocated by task 48074: [ 2171.082351] kasan_save_stack+0x1e/0x40 [ 2171.082824] __kasan_kmalloc+0x81/0xa0 [ 2171.083284] ksize_uaf+0x9a/0x4a0 [test_kasan] [ 2171.083832] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2171.084427] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2171.085158] kthread+0x2a4/0x350 [ 2171.085564] ret_from_fork+0x1f/0x30 [ 2171.086006] [ 2171.086211] Freed by task 48074: [ 2171.086617] kasan_save_stack+0x1e/0x40 [ 2171.087088] kasan_set_track+0x21/0x30 [ 2171.087550] kasan_set_free_info+0x20/0x40 [ 2171.088048] __kasan_slab_free+0x108/0x170 [ 2171.088549] slab_free_freelist_hook+0x11d/0x1d0 [ 2171.089110] kfree+0xe2/0x3c0 [ 2171.089487] ksize_uaf+0x137/0x4a0 [test_kasan] [ 2171.090042] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2171.090637] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2171.091373] kthread+0x2a4/0x350 [ 2171.091776] ret_from_fork+0x1f/0x30 [ 2171.092218] [ 2171.092427] The buggy address belongs to the object at ffff888179e84d00 [ 2171.092427] which belongs to the cache kmalloc-128 of size 128 [ 2171.093882] The buggy address is located 120 bytes inside of [ 2171.093882] 128-byte region [ffff888179e84d00, ffff888179e84d80) [ 2171.095340] [ 2171.095573] The buggy address belongs to the physical page: [ 2171.096258] page:000000003dc52e80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x179e84 [ 2171.097363] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 2171.098194] raw: 0017ffffc0000200 dead000000000100 dead000000000122 ffff8881000418c0 [ 2171.099198] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 2171.100168] page dumped because: kasan: bad access detected [ 2171.100832] [ 2171.101039] Memory state around the buggy address: [ 2171.101621] ffff888179e84c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2171.102479] ffff888179e84c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2171.103335] >ffff888179e84d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2171.104195] ^ [ 2171.105046] ffff888179e84d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2171.105907] ffff888179e84e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2171.106767] ================================================================== [ 2171.109972] ok 38 - ksize_uaf [ 2171.113573] ================================================================== [ 2171.114877] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x152/0x400 [ 2171.115788] [ 2171.115996] CPU: 0 PID: 48075 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-251.1961_763395317.el9.x86_64+debug #1 [ 2171.117608] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2171.118301] Call Trace: [ 2171.118615] [ 2171.118892] dump_stack_lvl+0x57/0x81 [ 2171.119348] print_address_description.constprop.0+0x1f/0x1e0 [ 2171.120051] print_report.cold+0x5c/0x237 [ 2171.120547] ? kmem_cache_free+0x152/0x400 [ 2171.121051] ? kmem_cache_free+0x152/0x400 [ 2171.121593] kasan_report_invalid_free+0x99/0xc0 [ 2171.122229] ? kmem_cache_free+0x152/0x400 [ 2171.122772] ? kmem_cache_free+0x152/0x400 [ 2171.123272] __kasan_slab_free+0x152/0x170 [ 2171.123841] slab_free_freelist_hook+0x11d/0x1d0 [ 2171.124492] ? kmem_cache_double_free+0x1bd/0x280 [test_kasan] [ 2171.125200] kmem_cache_free+0x152/0x400 [ 2171.125692] kmem_cache_double_free+0x1bd/0x280 [test_kasan] [ 2171.126385] ? kmem_cache_invalid_free+0x280/0x280 [test_kasan] [ 2171.127222] ? do_raw_spin_trylock+0xb5/0x180 [ 2171.127816] ? do_raw_spin_lock+0x270/0x270 [ 2171.128331] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2171.129045] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2171.129724] ? kunit_add_resource+0x197/0x280 [kunit] [ 2171.130390] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2171.130988] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2171.131606] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2171.132439] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2171.133107] kthread+0x2a4/0x350 [ 2171.133515] ? kthread_complete_and_exit+0x20/0x20 [ 2171.134101] ret_from_fork+0x1f/0x30 [ 2171.134558] [ 2171.134841] [ 2171.135048] Allocated by task 48075: [ 2171.135500] kasan_save_stack+0x1e/0x40 [ 2171.135972] __kasan_slab_alloc+0x66/0x80 [ 2171.136466] kmem_cache_alloc+0x161/0x310 [ 2171.136956] kmem_cache_double_free+0x123/0x280 [test_kasan] [ 2171.137647] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2171.138243] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2171.138985] kthread+0x2a4/0x350 [ 2171.139392] ret_from_fork+0x1f/0x30 [ 2171.139837] [ 2171.140043] Freed by task 48075: [ 2171.140450] kasan_save_stack+0x1e/0x40 [ 2171.140922] kasan_set_track+0x21/0x30 [ 2171.141455] kasan_set_free_info+0x20/0x40 [ 2171.142031] __kasan_slab_free+0x108/0x170 [ 2171.142533] slab_free_freelist_hook+0x11d/0x1d0 [ 2171.143098] kmem_cache_free+0x152/0x400 [ 2171.143604] kmem_cache_double_free+0x144/0x280 [test_kasan] [ 2171.144374] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2171.145041] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2171.145844] kthread+0x2a4/0x350 [ 2171.146248] ret_from_fork+0x1f/0x30 [ 2171.146695] [ 2171.146901] The buggy address belongs to the object at ffff888146c6b000 [ 2171.146901] which belongs to the cache test_cache of size 200 [ 2171.148358] The buggy address is located 0 bytes inside of [ 2171.148358] 200-byte region [ffff888146c6b000, ffff888146c6b0c8) [ 2171.149720] [ 2171.149927] The buggy address belongs to the physical page: [ 2171.150596] page:00000000194ee660 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x146c6b [ 2171.151707] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 2171.152541] raw: 0017ffffc0000200 0000000000000000 dead000000000122 ffff888174fd0780 [ 2171.153466] raw: 0000000000000000 00000000800f000f 00000001ffffffff 0000000000000000 [ 2171.154391] page dumped because: kasan: bad access detected [ 2171.155059] [ 2171.155265] Memory state around the buggy address: [ 2171.155852] ffff888146c6af00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 2171.156717] ffff888146c6af80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2171.157582] >ffff888146c6b000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2171.158449] ^ [ 2171.158857] ffff888146c6b080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 2171.159722] ffff888146c6b100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2171.160585] ================================================================== [ 2171.179736] ok 39 - kmem_cache_double_free [ 2171.180195] ================================================================== [ 2171.181659] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x152/0x400 [ 2171.182573] [ 2171.182781] CPU: 0 PID: 48076 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-251.1961_763395317.el9.x86_64+debug #1 [ 2171.184393] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2171.185087] Call Trace: [ 2171.185403] [ 2171.185681] dump_stack_lvl+0x57/0x81 [ 2171.186138] print_address_description.constprop.0+0x1f/0x1e0 [ 2171.186924] print_report.cold+0x5c/0x237 [ 2171.187469] ? kmem_cache_free+0x152/0x400 [ 2171.187971] ? kmem_cache_free+0x152/0x400 [ 2171.188476] kasan_report_invalid_free+0x99/0xc0 [ 2171.189048] ? kmem_cache_free+0x152/0x400 [ 2171.189552] ? kmem_cache_free+0x152/0x400 [ 2171.190054] __kasan_slab_free+0x152/0x170 [ 2171.190561] slab_free_freelist_hook+0x11d/0x1d0 [ 2171.191132] ? kmem_cache_invalid_free+0x1b6/0x280 [test_kasan] [ 2171.191857] kmem_cache_free+0x152/0x400 [ 2171.192345] kmem_cache_invalid_free+0x1b6/0x280 [test_kasan] [ 2171.193052] ? kmem_cache_double_destroy+0x250/0x250 [test_kasan] [ 2171.193798] ? do_raw_spin_trylock+0xb5/0x180 [ 2171.194338] ? do_raw_spin_lock+0x270/0x270 [ 2171.194861] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2171.195545] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 2171.196150] ? kunit_add_resource+0x197/0x280 [kunit] [ 2171.196775] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2171.197376] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2171.197995] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2171.198741] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2171.199371] kthread+0x2a4/0x350 [ 2171.199777] ? kthread_complete_and_exit+0x20/0x20 [ 2171.200344] ret_from_fork+0x1f/0x30 [ 2171.200786] [ 2171.201060] [ 2171.201259] Allocated by task 48076: [ 2171.201718] kasan_save_stack+0x1e/0x40 [ 2171.202193] __kasan_slab_alloc+0x66/0x80 [ 2171.202694] kmem_cache_alloc+0x161/0x310 [ 2171.203201] kmem_cache_invalid_free+0x126/0x280 [test_kasan] [ 2171.204009] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2171.204685] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2171.205427] kthread+0x2a4/0x350 [ 2171.205833] ret_from_fork+0x1f/0x30 [ 2171.206278] [ 2171.206497] The buggy address belongs to the object at ffff888146c6bb58 [ 2171.206497] which belongs to the cache test_cache of size 200 [ 2171.207906] The buggy address is located 1 bytes inside of [ 2171.207906] 200-byte region [ffff888146c6bb58, ffff888146c6bc20) [ 2171.209229] [ 2171.209451] The buggy address belongs to the physical page: [ 2171.210119] page:00000000194ee660 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x146c6b [ 2171.211237] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 2171.212062] raw: 0017ffffc0000200 0000000000000000 dead000000000122 ffff888174fd03c0 [ 2171.212999] raw: 0000000000000000 00000000800f000f 00000001ffffffff 0000000000000000 [ 2171.214023] page dumped because: kasan: bad access detected [ 2171.214734] [ 2171.214955] Memory state around the buggy address: [ 2171.215543] ffff888146c6ba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2171.216412] ffff888146c6ba80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2171.217287] >ffff888146c6bb00: fc fc fc fc fc fc fc fc fc fc fc 00 00 00 00 00 [ 2171.218163] ^ [ 2171.218895] ffff888146c6bb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2171.219761] ffff888146c6bc00: 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc [ 2171.220680] ================================================================== [ 2171.236222] ok 40 - kmem_cache_invalid_free [ 2171.237049] ================================================================== [ 2171.242911] BUG: KASAN: use-after-free in kmem_cache_double_destroy+0x1a0/0x250 [test_kasan] [ 2171.243970] Read of size 1 at addr ffff8881795cb3c0 by task kunit_try_catch/48077 [ 2171.244861] [ 2171.245068] CPU: 1 PID: 48077 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-251.1961_763395317.el9.x86_64+debug #1 [ 2171.246778] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2171.247490] Call Trace: [ 2171.247800] [ 2171.248074] ? kmem_cache_double_destroy+0x1a0/0x250 [test_kasan] [ 2171.248806] dump_stack_lvl+0x57/0x81 [ 2171.249260] print_address_description.constprop.0+0x1f/0x1e0 [ 2171.250057] ? kmem_cache_double_destroy+0x1a0/0x250 [test_kasan] [ 2171.250837] print_report.cold+0x5c/0x237 [ 2171.251329] kasan_report+0xc9/0x100 [ 2171.251775] ? kmem_cache_free+0x110/0x400 [ 2171.252272] ? kmem_cache_double_destroy+0x1a0/0x250 [test_kasan] [ 2171.253008] ? kmem_cache_double_destroy+0x1a0/0x250 [test_kasan] [ 2171.253740] __kasan_check_byte+0x36/0x50 [ 2171.254232] kmem_cache_destroy+0x21/0x170 [ 2171.254736] kmem_cache_double_destroy+0x1a0/0x250 [test_kasan] [ 2171.255476] ? kmalloc_oob_right+0x510/0x510 [test_kasan] [ 2171.256128] ? do_raw_spin_trylock+0xb5/0x180 [ 2171.256666] ? do_raw_spin_lock+0x270/0x270 [ 2171.257190] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2171.257869] ? kunit_add_resource+0x197/0x280 [kunit] [ 2171.258490] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2171.259088] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2171.259704] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2171.260445] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2171.261067] kthread+0x2a4/0x350 [ 2171.261474] ? kthread_complete_and_exit+0x20/0x20 [ 2171.262057] ret_from_fork+0x1f/0x30 [ 2171.262515] [ 2171.262797] [ 2171.263009] Allocated by task 48077: [ 2171.263454] kasan_save_stack+0x1e/0x40 [ 2171.263923] __kasan_slab_alloc+0x66/0x80 [ 2171.264413] kmem_cache_alloc+0x161/0x310 [ 2171.264903] kmem_cache_create_usercopy+0x1b9/0x310 [ 2171.265495] kmem_cache_create+0x12/0x20 [ 2171.265973] kmem_cache_double_destroy+0x8d/0x250 [test_kasan] [ 2171.266679] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2171.267271] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2171.268004] kthread+0x2a4/0x350 [ 2171.268410] ret_from_fork+0x1f/0x30 [ 2171.268852] [ 2171.269057] Freed by task 48077: [ 2171.269461] kasan_save_stack+0x1e/0x40 [ 2171.269930] kasan_set_track+0x21/0x30 [ 2171.270392] kasan_set_free_info+0x20/0x40 [ 2171.270889] __kasan_slab_free+0x108/0x170 [ 2171.271392] slab_free_freelist_hook+0x11d/0x1d0 [ 2171.271955] kmem_cache_free+0x152/0x400 [ 2171.272438] kobject_cleanup+0x101/0x390 [ 2171.272918] kmem_cache_double_destroy+0x12a/0x250 [test_kasan] [ 2171.273632] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2171.274223] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2171.274960] kthread+0x2a4/0x350 [ 2171.275367] ret_from_fork+0x1f/0x30 [ 2171.275810] [ 2171.276015] The buggy address belongs to the object at ffff8881795cb3c0 [ 2171.276015] which belongs to the cache kmem_cache of size 240 [ 2171.277465] The buggy address is located 0 bytes inside of [ 2171.277465] 240-byte region [ffff8881795cb3c0, ffff8881795cb4b0) [ 2171.278818] [ 2171.279025] The buggy address belongs to the physical page: [ 2171.279690] page:000000000f30b139 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1795cb [ 2171.280793] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 2171.281620] raw: 0017ffffc0000200 0000000000000000 dead000000000122 ffff888100041000 [ 2171.282539] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000 [ 2171.283454] page dumped because: kasan: bad access detected [ 2171.284115] [ 2171.284320] Memory state around the buggy address: [ 2171.284902] ffff8881795cb280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2171.285761] ffff8881795cb300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2171.286631] >ffff8881795cb380: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 2171.287597] ^ [ 2171.288259] ffff8881795cb400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2171.289151] ffff8881795cb480: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc [ 2171.290109] ================================================================== [ 2171.291454] ok 41 - kmem_cache_double_destroy [ 2171.291654] ok 42 - kasan_memchr # SKIP Test requires CONFIG_AMD_MEM_ENCRYPT=n [ 2171.292487] ok 43 - kasan_memcmp # SKIP Test requires CONFIG_AMD_MEM_ENCRYPT=n [ 2171.293572] ok 44 - kasan_strings # SKIP Test requires CONFIG_AMD_MEM_ENCRYPT=n [ 2171.294661] ================================================================== [ 2171.296435] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0xff/0x850 [test_kasan] [ 2171.297528] Write of size 8 at addr ffff888174f73b48 by task kunit_try_catch/48081 [ 2171.298426] [ 2171.298633] CPU: 1 PID: 48081 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-251.1961_763395317.el9.x86_64+debug #1 [ 2171.300228] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2171.300921] Call Trace: [ 2171.301232] [ 2171.301511] ? kasan_bitops_modify.constprop.0+0xff/0x850 [test_kasan] [ 2171.302288] dump_stack_lvl+0x57/0x81 [ 2171.302745] print_address_description.constprop.0+0x1f/0x1e0 [ 2171.303443] ? kasan_bitops_modify.constprop.0+0xff/0x850 [test_kasan] [ 2171.304223] print_report.cold+0x5c/0x237 [ 2171.304720] kasan_report+0xc9/0x100 [ 2171.305204] ? kasan_bitops_modify.constprop.0+0xff/0x850 [test_kasan] [ 2171.306081] kasan_check_range+0xfd/0x1e0 [ 2171.306601] kasan_bitops_modify.constprop.0+0xff/0x850 [test_kasan] [ 2171.307365] ? kasan_test_init+0x50/0x50 [test_kasan] [ 2171.307981] ? kunit_kfree+0x200/0x200 [kunit] [ 2171.308530] ? rcu_read_lock_sched_held+0x12/0x80 [ 2171.309107] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2171.309778] ? rcu_read_lock_held+0x30/0x50 [ 2171.310286] ? trace_kmalloc+0x3c/0x100 [ 2171.310761] ? kmem_cache_alloc_trace+0x1af/0x320 [ 2171.311335] kasan_bitops_generic+0xfa/0x164 [test_kasan] [ 2171.311991] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 2171.312874] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 2171.313561] ? kunit_add_resource+0x197/0x280 [kunit] [ 2171.314178] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2171.314774] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2171.315391] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2171.316121] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2171.316745] kthread+0x2a4/0x350 [ 2171.317197] ? kthread_complete_and_exit+0x20/0x20 [ 2171.317851] ret_from_fork+0x1f/0x30 [ 2171.318355] [ 2171.318676] [ 2171.318906] Allocated by task 48081: [ 2171.319404] kasan_save_stack+0x1e/0x40 [ 2171.319929] __kasan_kmalloc+0x81/0xa0 [ 2171.320463] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 2171.321187] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2171.321855] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2171.322686] kthread+0x2a4/0x350 [ 2171.323137] ret_from_fork+0x1f/0x30 [ 2171.323642] [ 2171.323873] The buggy address belongs to the object at ffff888174f73b40 [ 2171.323873] which belongs to the cache kmalloc-16 of size 16 [ 2171.325506] The buggy address is located 8 bytes inside of [ 2171.325506] 16-byte region [ffff888174f73b40, ffff888174f73b50) [ 2171.327017] [ 2171.327248] The buggy address belongs to the physical page: [ 2171.327999] page:00000000734f0f41 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x174f73 [ 2171.329239] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 2171.330170] raw: 0017ffffc0000200 0000000000000000 dead000000000001 ffff8881000413c0 [ 2171.331202] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 2171.332228] page dumped because: kasan: bad access detected [ 2171.332983] [ 2171.333212] Memory state around the buggy address: [ 2171.333867] ffff888174f73a00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2171.334835] ffff888174f73a80: fa fb fc fc fa fb fc fc fa fb fc fc fb fb fc fc [ 2171.335799] >ffff888174f73b00: fa fb fc fc fa fb fc fc 00 01 fc fc fa fb fc fc [ 2171.336767] ^ [ 2171.337518] ffff888174f73b80: fa fb fc fc fa fb fc fc fb fb fc fc fa fb fc fc [ 2171.338490] ffff888174f73c00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2171.339462] ================================================================== [ 2171.340608] ================================================================== [ 2171.341587] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x1a4/0x850 [test_kasan] [ 2171.342826] Write of size 8 at addr ffff888174f73b48 by task kunit_try_catch/48081 [ 2171.343842] [ 2171.344074] CPU: 1 PID: 48081 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-251.1961_763395317.el9.x86_64+debug #1 [ 2171.345874] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2171.346660] Call Trace: [ 2171.347008] [ 2171.347313] ? kasan_bitops_modify.constprop.0+0x1a4/0x850 [test_kasan] [ 2171.348203] dump_stack_lvl+0x57/0x81 [ 2171.348719] print_address_description.constprop.0+0x1f/0x1e0 [ 2171.349508] ? kasan_bitops_modify.constprop.0+0x1a4/0x850 [test_kasan] [ 2171.350397] print_report.cold+0x5c/0x237 [ 2171.350950] kasan_report+0xc9/0x100 [ 2171.351456] ? kasan_bitops_modify.constprop.0+0x1a4/0x850 [test_kasan] [ 2171.352341] kasan_check_range+0xfd/0x1e0 [ 2171.352909] kasan_bitops_modify.constprop.0+0x1a4/0x850 [test_kasan] [ 2171.353777] ? kasan_test_init+0x50/0x50 [test_kasan] [ 2171.354471] ? kunit_kfree+0x200/0x200 [kunit] [ 2171.355082] ? rcu_read_lock_sched_held+0x12/0x80 [ 2171.355732] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2171.356490] ? rcu_read_lock_held+0x30/0x50 [ 2171.356998] ? trace_kmalloc+0x3c/0x100 [ 2171.357472] ? kmem_cache_alloc_trace+0x1af/0x320 [ 2171.358046] kasan_bitops_generic+0xfa/0x164 [test_kasan] [ 2171.358703] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 2171.359590] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 2171.360275] ? kunit_add_resource+0x197/0x280 [kunit] [ 2171.360895] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2171.361496] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2171.362112] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2171.362902] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2171.363601] kthread+0x2a4/0x350 [ 2171.364019] ? kthread_complete_and_exit+0x20/0x20 [ 2171.364605] ret_from_fork+0x1f/0x30 [ 2171.365057] [ 2171.365339] [ 2171.365548] Allocated by task 48081: [ 2171.365987] kasan_save_stack+0x1e/0x40 [ 2171.366459] __kasan_kmalloc+0x81/0xa0 [ 2171.366919] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 2171.367571] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2171.368164] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2171.368900] kthread+0x2a4/0x350 [ 2171.369302] ret_from_fork+0x1f/0x30 [ 2171.369748] [ 2171.369953] The buggy address belongs to the object at ffff888174f73b40 [ 2171.369953] which belongs to the cache kmalloc-16 of size 16 [ 2171.371396] The buggy address is located 8 bytes inside of [ 2171.371396] 16-byte region [ffff888174f73b40, ffff888174f73b50) [ 2171.372740] [ 2171.372945] The buggy address belongs to the physical page: [ 2171.373614] page:00000000734f0f41 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x174f73 [ 2171.374716] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 2171.375543] raw: 0017ffffc0000200 0000000000000000 dead000000000001 ffff8881000413c0 [ 2171.376461] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 2171.377377] page dumped because: kasan: bad access detected [ 2171.378041] [ 2171.378246] Memory state around the buggy address: [ 2171.378827] ffff888174f73a00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2171.379691] ffff888174f73a80: fa fb fc fc fa fb fc fc fa fb fc fc fb fb fc fc [ 2171.380551] >ffff888174f73b00: fa fb fc fc fa fb fc fc 00 01 fc fc fa fb fc fc [ 2171.381408] ^ [ 2171.382072] ffff888174f73b80: fa fb fc fc fa fb fc fc fb fb fc fc fa fb fc fc [ 2171.382932] ffff888174f73c00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2171.383792] ================================================================== [ 2171.384666] ================================================================== [ 2171.385531] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x24d/0x850 [test_kasan] [ 2171.386628] Write of size 8 at addr ffff888174f73b48 by task kunit_try_catch/48081 [ 2171.387526] [ 2171.387732] CPU: 1 PID: 48081 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-251.1961_763395317.el9.x86_64+debug #1 [ 2171.389329] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2171.390026] Call Trace: [ 2171.390336] [ 2171.390613] ? kasan_bitops_modify.constprop.0+0x24d/0x850 [test_kasan] [ 2171.391408] dump_stack_lvl+0x57/0x81 [ 2171.391861] print_address_description.constprop.0+0x1f/0x1e0 [ 2171.392562] ? kasan_bitops_modify.constprop.0+0x24d/0x850 [test_kasan] [ 2171.393388] print_report.cold+0x5c/0x237 [ 2171.393940] kasan_report+0xc9/0x100 [ 2171.394448] ? kasan_bitops_modify.constprop.0+0x24d/0x850 [test_kasan] [ 2171.395335] kasan_check_range+0xfd/0x1e0 [ 2171.395830] kasan_bitops_modify.constprop.0+0x24d/0x850 [test_kasan] [ 2171.396604] ? kasan_test_init+0x50/0x50 [test_kasan] [ 2171.397219] ? kunit_kfree+0x200/0x200 [kunit] [ 2171.397770] ? rcu_read_lock_sched_held+0x12/0x80 [ 2171.398344] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2171.399016] ? rcu_read_lock_held+0x30/0x50 [ 2171.399530] ? trace_kmalloc+0x3c/0x100 [ 2171.400000] ? kmem_cache_alloc_trace+0x1af/0x320 [ 2171.400579] kasan_bitops_generic+0xfa/0x164 [test_kasan] [ 2171.401227] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 2171.402113] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 2171.402803] ? kunit_add_resource+0x197/0x280 [kunit] [ 2171.403423] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2171.404019] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2171.404636] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2171.405372] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2171.405993] kthread+0x2a4/0x350 [ 2171.406398] ? kthread_complete_and_exit+0x20/0x20 [ 2171.406979] ret_from_fork+0x1f/0x30 [ 2171.407435] [ 2171.407717] [ 2171.407922] Allocated by task 48081: [ 2171.408363] kasan_save_stack+0x1e/0x40 [ 2171.408831] __kasan_kmalloc+0x81/0xa0 [ 2171.409290] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 2171.409992] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2171.410672] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2171.411407] kthread+0x2a4/0x350 [ 2171.411811] ret_from_fork+0x1f/0x30 [ 2171.412252] [ 2171.412463] The buggy address belongs to the object at ffff888174f73b40 [ 2171.412463] which belongs to the cache kmalloc-16 of size 16 [ 2171.413901] The buggy address is located 8 bytes inside of [ 2171.413901] 16-byte region [ffff888174f73b40, ffff888174f73b50) [ 2171.415242] [ 2171.415451] The buggy address belongs to the physical page: [ 2171.416115] page:00000000734f0f41 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x174f73 [ 2171.417224] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 2171.418050] raw: 0017ffffc0000200 0000000000000000 dead000000000001 ffff8881000413c0 [ 2171.418975] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 2171.419889] page dumped because: kasan: bad access detected [ 2171.420556] [ 2171.420762] Memory state around the buggy address: [ 2171.421342] ffff888174f73a00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2171.422202] ffff888174f73a80: fa fb fc fc fa fb fc fc fa fb fc fc fb fb fc fc [ 2171.423063] >ffff888174f73b00: fa fb fc fc fa fb fc fc 00 01 fc fc fa fb fc fc [ 2171.423922] ^ [ 2171.424589] ffff888174f73b80: fa fb fc fc fa fb fc fc fb fb fc fc fa fb fc fc [ 2171.425450] ffff888174f73c00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2171.426307] ================================================================== [ 2171.427178] ================================================================== [ 2171.428041] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x2f2/0x850 [test_kasan] [ 2171.429140] Write of size 8 at addr ffff888174f73b48 by task kunit_try_catch/48081 [ 2171.430041] [ 2171.430246] CPU: 1 PID: 48081 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-251.1961_763395317.el9.x86_64+debug #1 [ 2171.431846] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2171.432537] Call Trace: [ 2171.432860] [ 2171.433132] ? kasan_bitops_modify.constprop.0+0x2f2/0x850 [test_kasan] [ 2171.433923] dump_stack_lvl+0x57/0x81 [ 2171.434379] print_address_description.constprop.0+0x1f/0x1e0 [ 2171.435071] ? kasan_bitops_modify.constprop.0+0x2f2/0x850 [test_kasan] [ 2171.435863] print_report.cold+0x5c/0x237 [ 2171.436354] kasan_report+0xc9/0x100 [ 2171.436805] ? kasan_bitops_modify.constprop.0+0x2f2/0x850 [test_kasan] [ 2171.437597] kasan_check_range+0xfd/0x1e0 [ 2171.438089] kasan_bitops_modify.constprop.0+0x2f2/0x850 [test_kasan] [ 2171.438865] ? kasan_test_init+0x50/0x50 [test_kasan] [ 2171.439484] ? kunit_kfree+0x200/0x200 [kunit] [ 2171.440029] ? rcu_read_lock_sched_held+0x12/0x80 [ 2171.440610] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2171.441291] ? rcu_read_lock_held+0x30/0x50 [ 2171.441802] ? trace_kmalloc+0x3c/0x100 [ 2171.442274] ? kmem_cache_alloc_trace+0x1af/0x320 [ 2171.442853] kasan_bitops_generic+0xfa/0x164 [test_kasan] [ 2171.443505] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 2171.444390] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 2171.445074] ? kunit_add_resource+0x197/0x280 [kunit] [ 2171.445696] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2171.446288] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2171.446905] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2171.447642] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2171.448265] kthread+0x2a4/0x350 [ 2171.448673] ? kthread_complete_and_exit+0x20/0x20 [ 2171.449256] ret_from_fork+0x1f/0x30 [ 2171.449714] [ 2171.449996] [ 2171.450202] Allocated by task 48081: [ 2171.450647] kasan_save_stack+0x1e/0x40 [ 2171.451117] __kasan_kmalloc+0x81/0xa0 [ 2171.451580] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 2171.452229] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2171.452826] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2171.453561] kthread+0x2a4/0x350 [ 2171.453965] ret_from_fork+0x1f/0x30 [ 2171.454409] [ 2171.454614] The buggy address belongs to the object at ffff888174f73b40 [ 2171.454614] which belongs to the cache kmalloc-16 of size 16 [ 2171.456051] The buggy address is located 8 bytes inside of [ 2171.456051] 16-byte region [ffff888174f73b40, ffff888174f73b50) [ 2171.457402] [ 2171.457608] The buggy address belongs to the physical page: [ 2171.458272] page:00000000734f0f41 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x174f73 [ 2171.459379] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 2171.460202] raw: 0017ffffc0000200 0000000000000000 dead000000000001 ffff8881000413c0 [ 2171.461122] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 2171.462038] page dumped because: kasan: bad access detected [ 2171.462703] [ 2171.462909] Memory state around the buggy address: [ 2171.463492] ffff888174f73a00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2171.464352] ffff888174f73a80: fa fb fc fc fa fb fc fc fa fb fc fc fb fb fc fc [ 2171.465214] >ffff888174f73b00: fa fb fc fc fa fb fc fc 00 01 fc fc fa fb fc fc [ 2171.466074] ^ [ 2171.466741] ffff888174f73b80: fa fb fc fc fa fb fc fc fb fb fc fc fa fb fc fc [ 2171.467599] ffff888174f73c00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2171.468458] ================================================================== [ 2171.469325] ================================================================== [ 2171.470193] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x39b/0x850 [test_kasan] [ 2171.471293] Write of size 8 at addr ffff888174f73b48 by task kunit_try_catch/48081 [ 2171.472196] [ 2171.472407] CPU: 1 PID: 48081 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-251.1961_763395317.el9.x86_64+debug #1 [ 2171.474003] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2171.474696] Call Trace: [ 2171.475005] [ 2171.475278] ? kasan_bitops_modify.constprop.0+0x39b/0x850 [test_kasan] [ 2171.476070] dump_stack_lvl+0x57/0x81 [ 2171.476529] print_address_description.constprop.0+0x1f/0x1e0 [ 2171.477222] ? kasan_bitops_modify.constprop.0+0x39b/0x850 [test_kasan] [ 2171.478015] print_report.cold+0x5c/0x237 [ 2171.478512] kasan_report+0xc9/0x100 [ 2171.478957] ? kasan_bitops_modify.constprop.0+0x39b/0x850 [test_kasan] [ 2171.479749] kasan_check_range+0xfd/0x1e0 [ 2171.480240] kasan_bitops_modify.constprop.0+0x39b/0x850 [test_kasan] [ 2171.481012] ? kasan_test_init+0x50/0x50 [test_kasan] [ 2171.481700] ? kunit_kfree+0x200/0x200 [kunit] [ 2171.482307] ? rcu_read_lock_sched_held+0x12/0x80 [ 2171.482888] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2171.483561] ? rcu_read_lock_held+0x30/0x50 [ 2171.484071] ? trace_kmalloc+0x3c/0x100 [ 2171.484544] ? kmem_cache_alloc_trace+0x1af/0x320 [ 2171.485122] kasan_bitops_generic+0xfa/0x164 [test_kasan] [ 2171.485776] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 2171.486664] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 2171.487350] ? kunit_add_resource+0x197/0x280 [kunit] [ 2171.487971] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2171.488569] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2171.489181] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2171.489915] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2171.490540] kthread+0x2a4/0x350 [ 2171.490943] ? kthread_complete_and_exit+0x20/0x20 [ 2171.491529] ret_from_fork+0x1f/0x30 [ 2171.491980] [ 2171.492261] [ 2171.492471] Allocated by task 48081: [ 2171.492913] kasan_save_stack+0x1e/0x40 [ 2171.493387] __kasan_kmalloc+0x81/0xa0 [ 2171.493846] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 2171.494499] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2171.495093] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2171.495829] kthread+0x2a4/0x350 [ 2171.496231] ret_from_fork+0x1f/0x30 [ 2171.496678] [ 2171.496883] The buggy address belongs to the object at ffff888174f73b40 [ 2171.496883] which belongs to the cache kmalloc-16 of size 16 [ 2171.498322] The buggy address is located 8 bytes inside of [ 2171.498322] 16-byte region [ffff888174f73b40, ffff888174f73b50) [ 2171.499670] [ 2171.499876] The buggy address belongs to the physical page: [ 2171.500543] page:00000000734f0f41 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x174f73 [ 2171.501651] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 2171.502482] raw: 0017ffffc0000200 0000000000000000 dead000000000001 ffff8881000413c0 [ 2171.503399] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 2171.504312] page dumped because: kasan: bad access detected [ 2171.504979] [ 2171.505186] Memory state around the buggy address: [ 2171.505776] ffff888174f73a00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2171.506638] ffff888174f73a80: fa fb fc fc fa fb fc fc fa fb fc fc fb fb fc fc [ 2171.507499] >ffff888174f73b00: fa fb fc fc fa fb fc fc 00 01 fc fc fa fb fc fc [ 2171.508360] ^ [ 2171.509024] ffff888174f73b80: fa fb fc fc fa fb fc fc fb fb fc fc fa fb fc fc [ 2171.509886] ffff888174f73c00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2171.510744] ================================================================== [ 2171.511629] ================================================================== [ 2171.512492] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x440/0x850 [test_kasan] [ 2171.513590] Write of size 8 at addr ffff888174f73b48 by task kunit_try_catch/48081 [ 2171.514491] [ 2171.514698] CPU: 1 PID: 48081 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-251.1961_763395317.el9.x86_64+debug #1 [ 2171.516296] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2171.516988] Call Trace: [ 2171.517299] [ 2171.517575] ? kasan_bitops_modify.constprop.0+0x440/0x850 [test_kasan] [ 2171.518367] dump_stack_lvl+0x57/0x81 [ 2171.518820] print_address_description.constprop.0+0x1f/0x1e0 [ 2171.519517] ? kasan_bitops_modify.constprop.0+0x440/0x850 [test_kasan] [ 2171.520308] print_report.cold+0x5c/0x237 [ 2171.520804] kasan_report+0xc9/0x100 [ 2171.521251] ? kasan_bitops_modify.constprop.0+0x440/0x850 [test_kasan] [ 2171.522044] kasan_check_range+0xfd/0x1e0 [ 2171.522541] kasan_bitops_modify.constprop.0+0x440/0x850 [test_kasan] [ 2171.523310] ? kasan_test_init+0x50/0x50 [test_kasan] [ 2171.523928] ? kunit_kfree+0x200/0x200 [kunit] [ 2171.524477] ? rcu_read_lock_sched_held+0x12/0x80 [ 2171.525051] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2171.525723] ? rcu_read_lock_held+0x30/0x50 [ 2171.526230] ? trace_kmalloc+0x3c/0x100 [ 2171.526706] ? kmem_cache_alloc_trace+0x1af/0x320 [ 2171.527280] kasan_bitops_generic+0xfa/0x164 [test_kasan] [ 2171.527933] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 2171.528819] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 2171.529516] ? kunit_add_resource+0x197/0x280 [kunit] [ 2171.530133] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2171.530731] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2171.531347] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2171.532084] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2171.532711] kthread+0x2a4/0x350 [ 2171.533115] ? kthread_complete_and_exit+0x20/0x20 [ 2171.533703] ret_from_fork+0x1f/0x30 [ 2171.534153] [ 2171.534438] [ 2171.534645] Allocated by task 48081: [ 2171.535085] kasan_save_stack+0x1e/0x40 [ 2171.535556] __kasan_kmalloc+0x81/0xa0 [ 2171.536015] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 2171.536669] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2171.537261] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2171.537996] kthread+0x2a4/0x350 [ 2171.538402] ret_from_fork+0x1f/0x30 [ 2171.538844] [ 2171.539050] The buggy address belongs to the object at ffff888174f73b40 [ 2171.539050] which belongs to the cache kmalloc-16 of size 16 [ 2171.540492] The buggy address is located 8 bytes inside of [ 2171.540492] 16-byte region [ffff888174f73b40, ffff888174f73b50) [ 2171.541838] [ 2171.542044] The buggy address belongs to the physical page: [ 2171.542711] page:00000000734f0f41 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x174f73 [ 2171.543817] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 2171.544649] raw: 0017ffffc0000200 0000000000000000 dead000000000001 ffff8881000413c0 [ 2171.545570] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 2171.546487] page dumped because: kasan: bad access detected [ 2171.547151] [ 2171.547360] Memory state around the buggy address: [ 2171.547939] ffff888174f73a00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2171.548801] ffff888174f73a80: fa fb fc fc fa fb fc fc fa fb fc fc fb fb fc fc [ 2171.549667] >ffff888174f73b00: fa fb fc fc fa fb fc fc 00 01 fc fc fa fb fc fc [ 2171.550529] ^ [ 2171.551193] ffff888174f73b80: fa fb fc fc fa fb fc fc fb fb fc fc fa fb fc fc [ 2171.552053] ffff888174f73c00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2171.552911] ================================================================== [ 2171.553793] ================================================================== [ 2171.554659] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x4e9/0x850 [test_kasan] [ 2171.555756] Write of size 8 at addr ffff888174f73b48 by task kunit_try_catch/48081 [ 2171.556655] [ 2171.556881] CPU: 1 PID: 48081 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-251.1961_763395317.el9.x86_64+debug #1 [ 2171.558607] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2171.559296] Call Trace: [ 2171.559611] [ 2171.559884] ? kasan_bitops_modify.constprop.0+0x4e9/0x850 [test_kasan] [ 2171.560676] dump_stack_lvl+0x57/0x81 [ 2171.561127] print_address_description.constprop.0+0x1f/0x1e0 [ 2171.561824] ? kasan_bitops_modify.constprop.0+0x4e9/0x850 [test_kasan] [ 2171.562615] print_report.cold+0x5c/0x237 [ 2171.563107] kasan_report+0xc9/0x100 [ 2171.563554] ? kasan_bitops_modify.constprop.0+0x4e9/0x850 [test_kasan] [ 2171.564344] kasan_check_range+0xfd/0x1e0 [ 2171.564838] kasan_bitops_modify.constprop.0+0x4e9/0x850 [test_kasan] [ 2171.565610] ? kasan_test_init+0x50/0x50 [test_kasan] [ 2171.566221] ? kunit_kfree+0x200/0x200 [kunit] [ 2171.566769] ? rcu_read_lock_sched_held+0x12/0x80 [ 2171.567343] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2171.568015] ? rcu_read_lock_held+0x30/0x50 [ 2171.568530] ? trace_kmalloc+0x3c/0x100 [ 2171.568999] ? kmem_cache_alloc_trace+0x1af/0x320 [ 2171.569580] kasan_bitops_generic+0xfa/0x164 [test_kasan] [ 2171.570229] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 2171.571114] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 2171.571803] ? kunit_add_resource+0x197/0x280 [kunit] [ 2171.572423] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2171.573018] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2171.573635] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2171.574377] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2171.575001] kthread+0x2a4/0x350 [ 2171.575408] ? kthread_complete_and_exit+0x20/0x20 [ 2171.575992] ret_from_fork+0x1f/0x30 [ 2171.576447] [ 2171.576729] [ 2171.576935] Allocated by task 48081: [ 2171.577379] kasan_save_stack+0x1e/0x40 [ 2171.577848] __kasan_kmalloc+0x81/0xa0 [ 2171.578308] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 2171.578963] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2171.579559] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2171.580290] kthread+0x2a4/0x350 [ 2171.580698] ret_from_fork+0x1f/0x30 [ 2171.581142] [ 2171.581347] The buggy address belongs to the object at ffff888174f73b40 [ 2171.581347] which belongs to the cache kmalloc-16 of size 16 [ 2171.582789] The buggy address is located 8 bytes inside of [ 2171.582789] 16-byte region [ffff888174f73b40, ffff888174f73b50) [ 2171.584134] [ 2171.584339] The buggy address belongs to the physical page: [ 2171.585005] page:00000000734f0f41 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x174f73 [ 2171.586111] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 2171.586939] raw: 0017ffffc0000200 0000000000000000 dead000000000001 ffff8881000413c0 [ 2171.587859] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 2171.588776] page dumped because: kasan: bad access detected [ 2171.589442] [ 2171.589649] Memory state around the buggy address: [ 2171.590228] ffff888174f73a00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2171.591089] ffff888174f73a80: fa fb fc fc fa fb fc fc fa fb fc fc fb fb fc fc [ 2171.591949] >ffff888174f73b00: fa fb fc fc fa fb fc fc 00 01 fc fc fa fb fc fc [ 2171.592809] ^ [ 2171.593476] ffff888174f73b80: fa fb fc fc fa fb fc fc fb fb fc fc fa fb fc fc [ 2171.594332] ffff888174f73c00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2171.595190] ================================================================== [ 2171.596062] ================================================================== [ 2171.596926] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x58e/0x850 [test_kasan] [ 2171.598022] Write of size 8 at addr ffff888174f73b48 by task kunit_try_catch/48081 [ 2171.598919] [ 2171.599125] CPU: 1 PID: 48081 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-251.1961_763395317.el9.x86_64+debug #1 [ 2171.600721] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2171.601413] Call Trace: [ 2171.601722] [ 2171.601995] ? kasan_bitops_modify.constprop.0+0x58e/0x850 [test_kasan] [ 2171.602787] dump_stack_lvl+0x57/0x81 [ 2171.603239] print_address_description.constprop.0+0x1f/0x1e0 [ 2171.603937] ? kasan_bitops_modify.constprop.0+0x58e/0x850 [test_kasan] [ 2171.604727] print_report.cold+0x5c/0x237 [ 2171.605220] kasan_report+0xc9/0x100 [ 2171.605669] ? kasan_bitops_modify.constprop.0+0x58e/0x850 [test_kasan] [ 2171.606460] kasan_check_range+0xfd/0x1e0 [ 2171.606950] kasan_bitops_modify.constprop.0+0x58e/0x850 [test_kasan] [ 2171.607725] ? kasan_test_init+0x50/0x50 [test_kasan] [ 2171.608340] ? kunit_kfree+0x200/0x200 [kunit] [ 2171.608889] ? rcu_read_lock_sched_held+0x12/0x80 [ 2171.609466] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2171.610136] ? rcu_read_lock_held+0x30/0x50 [ 2171.610650] ? trace_kmalloc+0x3c/0x100 [ 2171.611120] ? kmem_cache_alloc_trace+0x1af/0x320 [ 2171.611698] kasan_bitops_generic+0xfa/0x164 [test_kasan] [ 2171.612355] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 2171.613236] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 2171.613923] ? kunit_add_resource+0x197/0x280 [kunit] [ 2171.614544] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2171.615138] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2171.615755] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2171.616495] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2171.617116] kthread+0x2a4/0x350 [ 2171.617522] ? kthread_complete_and_exit+0x20/0x20 [ 2171.618104] ret_from_fork+0x1f/0x30 [ 2171.618561] [ 2171.618843] [ 2171.619049] Allocated by task 48081: [ 2171.619491] kasan_save_stack+0x1e/0x40 [ 2171.619961] __kasan_kmalloc+0x81/0xa0 [ 2171.620423] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 2171.621071] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2171.621667] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2171.622405] kthread+0x2a4/0x350 [ 2171.622807] ret_from_fork+0x1f/0x30 [ 2171.623248] [ 2171.623456] The buggy address belongs to the object at ffff888174f73b40 [ 2171.623456] which belongs to the cache kmalloc-16 of size 16 [ 2171.624893] The buggy address is located 8 bytes inside of [ 2171.624893] 16-byte region [ffff888174f73b40, ffff888174f73b50) [ 2171.626238] [ 2171.626446] The buggy address belongs to the physical page: [ 2171.627109] page:00000000734f0f41 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x174f73 [ 2171.628213] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 2171.629040] raw: 0017ffffc0000200 0000000000000000 dead000000000001 ffff8881000413c0 [ 2171.629959] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 2171.630872] page dumped because: kasan: bad access detected [ 2171.631539] [ 2171.631744] Memory state around the buggy address: [ 2171.632322] ffff888174f73a00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2171.633181] ffff888174f73a80: fa fb fc fc fa fb fc fc fa fb fc fc fb fb fc fc [ 2171.634039] >ffff888174f73b00: fa fb fc fc fa fb fc fc 00 01 fc fc fa fb fc fc [ 2171.634900] ^ [ 2171.635572] ffff888174f73b80: fa fb fc fc fa fb fc fc fb fb fc fc fa fb fc fc [ 2171.636507] ffff888174f73c00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2171.637404] ================================================================== [ 2171.638273] ================================================================== [ 2171.639138] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xff/0x990 [test_kasan] [ 2171.640316] Write of size 8 at addr ffff888174f73b48 by task kunit_try_catch/48081 [ 2171.641213] [ 2171.641425] CPU: 1 PID: 48081 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-251.1961_763395317.el9.x86_64+debug #1 [ 2171.643020] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2171.643712] Call Trace: [ 2171.644023] [ 2171.644296] ? kasan_bitops_test_and_modify.constprop.0+0xff/0x990 [test_kasan] [ 2171.645173] dump_stack_lvl+0x57/0x81 [ 2171.645630] print_address_description.constprop.0+0x1f/0x1e0 [ 2171.646325] ? kasan_bitops_test_and_modify.constprop.0+0xff/0x990 [test_kasan] [ 2171.647197] print_report.cold+0x5c/0x237 [ 2171.647693] kasan_report+0xc9/0x100 [ 2171.648137] ? kasan_bitops_test_and_modify.constprop.0+0xff/0x990 [test_kasan] [ 2171.649015] kasan_check_range+0xfd/0x1e0 [ 2171.649510] kasan_bitops_test_and_modify.constprop.0+0xff/0x990 [test_kasan] [ 2171.650368] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan] [ 2171.651159] ? kunit_kfree+0x200/0x200 [kunit] [ 2171.651709] ? rcu_read_lock_sched_held+0x12/0x80 [ 2171.652283] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2171.652955] ? rcu_read_lock_held+0x30/0x50 [ 2171.653467] ? trace_kmalloc+0x3c/0x100 [ 2171.653937] ? kmem_cache_alloc_trace+0x1af/0x320 [ 2171.654515] kasan_bitops_generic+0x105/0x164 [test_kasan] [ 2171.655187] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 2171.656071] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 2171.656760] ? kunit_add_resource+0x197/0x280 [kunit] [ 2171.657378] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2171.657983] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2171.658599] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2171.659329] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2171.659954] kthread+0x2a4/0x350 [ 2171.660361] ? kthread_complete_and_exit+0x20/0x20 [ 2171.660943] ret_from_fork+0x1f/0x30 [ 2171.661398] [ 2171.661679] [ 2171.661884] Allocated by task 48081: [ 2171.662325] kasan_save_stack+0x1e/0x40 [ 2171.662797] __kasan_kmalloc+0x81/0xa0 [ 2171.663256] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 2171.663908] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2171.664503] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2171.665234] kthread+0x2a4/0x350 [ 2171.665640] ret_from_fork+0x1f/0x30 [ 2171.666080] [ 2171.666287] The buggy address belongs to the object at ffff888174f73b40 [ 2171.666287] which belongs to the cache kmalloc-16 of size 16 [ 2171.667727] The buggy address is located 8 bytes inside of [ 2171.667727] 16-byte region [ffff888174f73b40, ffff888174f73b50) [ 2171.669071] [ 2171.669277] The buggy address belongs to the physical page: [ 2171.669946] page:00000000734f0f41 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x174f73 [ 2171.671048] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 2171.671874] raw: 0017ffffc0000200 0000000000000000 dead000000000001 ffff8881000413c0 [ 2171.672793] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 2171.673713] page dumped because: kasan: bad access detected [ 2171.674381] [ 2171.674587] Memory state around the buggy address: [ 2171.675167] ffff888174f73a00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2171.676027] ffff888174f73a80: fa fb fc fc fa fb fc fc fa fb fc fc fb fb fc fc [ 2171.676885] >ffff888174f73b00: fa fb fc fc fa fb fc fc 00 01 fc fc fa fb fc fc [ 2171.677746] ^ [ 2171.678413] ffff888174f73b80: fa fb fc fc fa fb fc fc fb fb fc fc fa fb fc fc [ 2171.679267] ffff888174f73c00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2171.680124] ================================================================== [ 2171.681000] ================================================================== [ 2171.681865] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x1a9/0x990 [test_kasan] [ 2171.683055] Write of size 8 at addr ffff888174f73b48 by task kunit_try_catch/48081 [ 2171.683956] [ 2171.684163] CPU: 1 PID: 48081 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-251.1961_763395317.el9.x86_64+debug #1 [ 2171.685767] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2171.686459] Call Trace: [ 2171.686770] [ 2171.687043] ? kasan_bitops_test_and_modify.constprop.0+0x1a9/0x990 [test_kasan] [ 2171.687927] dump_stack_lvl+0x57/0x81 [ 2171.688384] print_address_description.constprop.0+0x1f/0x1e0 [ 2171.689076] ? kasan_bitops_test_and_modify.constprop.0+0x1a9/0x990 [test_kasan] [ 2171.689960] print_report.cold+0x5c/0x237 [ 2171.690457] kasan_report+0xc9/0x100 [ 2171.690901] ? kasan_bitops_test_and_modify.constprop.0+0x1a9/0x990 [test_kasan] [ 2171.691785] kasan_check_range+0xfd/0x1e0 [ 2171.692275] kasan_bitops_test_and_modify.constprop.0+0x1a9/0x990 [test_kasan] [ 2171.693143] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan] [ 2171.693937] ? kunit_kfree+0x200/0x200 [kunit] [ 2171.694489] ? rcu_read_lock_sched_held+0x12/0x80 [ 2171.695064] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2171.695740] ? rcu_read_lock_held+0x30/0x50 [ 2171.696248] ? trace_kmalloc+0x3c/0x100 [ 2171.696725] ? kmem_cache_alloc_trace+0x1af/0x320 [ 2171.697300] kasan_bitops_generic+0x105/0x164 [test_kasan] [ 2171.697963] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 2171.698850] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 2171.699542] ? kunit_add_resource+0x197/0x280 [kunit] [ 2171.700157] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2171.700760] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2171.701377] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2171.702111] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2171.702737] kthread+0x2a4/0x350 [ 2171.703140] ? kthread_complete_and_exit+0x20/0x20 [ 2171.703725] ret_from_fork+0x1f/0x30 [ 2171.704177] [ 2171.704463] [ 2171.704668] Allocated by task 48081: [ 2171.705109] kasan_save_stack+0x1e/0x40 [ 2171.705583] __kasan_kmalloc+0x81/0xa0 [ 2171.706042] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 2171.706696] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2171.707290] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2171.708026] kthread+0x2a4/0x350 [ 2171.708433] ret_from_fork+0x1f/0x30 [ 2171.708877] [ 2171.709083] The buggy address belongs to the object at ffff888174f73b40 [ 2171.709083] which belongs to the cache kmalloc-16 of size 16 [ 2171.710537] The buggy address is located 8 bytes inside of [ 2171.710537] 16-byte region [ffff888174f73b40, ffff888174f73b50) [ 2171.711877] [ 2171.712084] The buggy address belongs to the physical page: [ 2171.712749] page:00000000734f0f41 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x174f73 [ 2171.713855] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 2171.714684] raw: 0017ffffc0000200 0000000000000000 dead000000000001 ffff8881000413c0 [ 2171.715603] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 2171.716520] page dumped because: kasan: bad access detected [ 2171.717182] [ 2171.717392] Memory state around the buggy address: [ 2171.717970] ffff888174f73a00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2171.718829] ffff888174f73a80: fa fb fc fc fa fb fc fc fa fb fc fc fb fb fc fc [ 2171.719690] >ffff888174f73b00: fa fb fc fc fa fb fc fc 00 01 fc fc fa fb fc fc [ 2171.720548] ^ [ 2171.721214] ffff888174f73b80: fa fb fc fc fa fb fc fc fb fb fc fc fa fb fc fc [ 2171.722073] ffff888174f73c00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2171.722934] ================================================================== [ 2171.723811] ================================================================== [ 2171.724676] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x252/0x990 [test_kasan] [ 2171.725875] Write of size 8 at addr ffff888174f73b48 by task kunit_try_catch/48081 [ 2171.726773] [ 2171.726979] CPU: 1 PID: 48081 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-251.1961_763395317.el9.x86_64+debug #1 [ 2171.728582] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2171.729270] Call Trace: [ 2171.729589] [ 2171.729862] ? kasan_bitops_test_and_modify.constprop.0+0x252/0x990 [test_kasan] [ 2171.730746] dump_stack_lvl+0x57/0x81 [ 2171.731197] print_address_description.constprop.0+0x1f/0x1e0 [ 2171.731893] ? kasan_bitops_test_and_modify.constprop.0+0x252/0x990 [test_kasan] [ 2171.732777] print_report.cold+0x5c/0x237 [ 2171.733269] kasan_report+0xc9/0x100 [ 2171.733719] ? kasan_bitops_test_and_modify.constprop.0+0x252/0x990 [test_kasan] [ 2171.734609] kasan_check_range+0xfd/0x1e0 [ 2171.735100] kasan_bitops_test_and_modify.constprop.0+0x252/0x990 [test_kasan] [ 2171.735965] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan] [ 2171.736759] ? kunit_kfree+0x200/0x200 [kunit] [ 2171.737305] ? rcu_read_lock_sched_held+0x12/0x80 [ 2171.737883] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2171.738554] ? rcu_read_lock_held+0x30/0x50 [ 2171.739062] ? trace_kmalloc+0x3c/0x100 [ 2171.739538] ? kmem_cache_alloc_trace+0x1af/0x320 [ 2171.740114] kasan_bitops_generic+0x105/0x164 [test_kasan] [ 2171.740777] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 2171.741665] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 2171.742360] ? kunit_add_resource+0x197/0x280 [kunit] [ 2171.742975] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2171.743573] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2171.744187] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2171.744926] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2171.745553] kthread+0x2a4/0x350 [ 2171.745956] ? kthread_complete_and_exit+0x20/0x20 [ 2171.746542] ret_from_fork+0x1f/0x30 [ 2171.746994] [ 2171.747277] [ 2171.747486] Allocated by task 48081: [ 2171.747933] kasan_save_stack+0x1e/0x40 [ 2171.748408] __kasan_kmalloc+0x81/0xa0 [ 2171.748868] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 2171.749521] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2171.750115] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2171.750856] kthread+0x2a4/0x350 [ 2171.751259] ret_from_fork+0x1f/0x30 [ 2171.751705] [ 2171.751910] The buggy address belongs to the object at ffff888174f73b40 [ 2171.751910] which belongs to the cache kmalloc-16 of size 16 [ 2171.753356] The buggy address is located 8 bytes inside of [ 2171.753356] 16-byte region [ffff888174f73b40, ffff888174f73b50) [ 2171.754701] [ 2171.754907] The buggy address belongs to the physical page: [ 2171.755571] page:00000000734f0f41 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x174f73 [ 2171.756676] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 2171.757506] raw: 0017ffffc0000200 0000000000000000 dead000000000001 ffff8881000413c0 [ 2171.758425] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 2171.759338] page dumped because: kasan: bad access detected [ 2171.760005] [ 2171.760211] Memory state around the buggy address: [ 2171.760794] ffff888174f73a00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2171.761656] ffff888174f73a80: fa fb fc fc fa fb fc fc fa fb fc fc fb fb fc fc [ 2171.762516] >ffff888174f73b00: fa fb fc fc fa fb fc fc 00 01 fc fc fa fb fc fc [ 2171.763376] ^ [ 2171.764038] ffff888174f73b80: fa fb fc fc fa fb fc fc fb fb fc fc fa fb fc fc [ 2171.764899] ffff888174f73c00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2171.765758] ================================================================== [ 2171.766639] ================================================================== [ 2171.767503] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x2fc/0x990 [test_kasan] [ 2171.768695] Write of size 8 at addr ffff888174f73b48 by task kunit_try_catch/48081 [ 2171.769710] [ 2171.769956] CPU: 1 PID: 48081 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-251.1961_763395317.el9.x86_64+debug #1 [ 2171.771558] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2171.772244] Call Trace: [ 2171.772558] [ 2171.772831] ? kasan_bitops_test_and_modify.constprop.0+0x2fc/0x990 [test_kasan] [ 2171.773716] dump_stack_lvl+0x57/0x81 [ 2171.774168] print_address_description.constprop.0+0x1f/0x1e0 [ 2171.774865] ? kasan_bitops_test_and_modify.constprop.0+0x2fc/0x990 [test_kasan] [ 2171.775748] print_report.cold+0x5c/0x237 [ 2171.776241] kasan_report+0xc9/0x100 [ 2171.776692] ? kasan_bitops_test_and_modify.constprop.0+0x2fc/0x990 [test_kasan] [ 2171.777578] kasan_check_range+0xfd/0x1e0 [ 2171.778068] kasan_bitops_test_and_modify.constprop.0+0x2fc/0x990 [test_kasan] [ 2171.778933] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan] [ 2171.779728] ? kunit_kfree+0x200/0x200 [kunit] [ 2171.780276] ? rcu_read_lock_sched_held+0x12/0x80 [ 2171.780854] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2171.781551] ? rcu_read_lock_held+0x30/0x50 [ 2171.782121] ? trace_kmalloc+0x3c/0x100 [ 2171.782655] ? kmem_cache_alloc_trace+0x1af/0x320 [ 2171.783231] kasan_bitops_generic+0x105/0x164 [test_kasan] [ 2171.783893] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 2171.784778] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 2171.785471] ? kunit_add_resource+0x197/0x280 [kunit] [ 2171.786088] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2171.786685] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2171.787298] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2171.788037] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2171.788662] kthread+0x2a4/0x350 [ 2171.789064] ? kthread_complete_and_exit+0x20/0x20 [ 2171.789651] ret_from_fork+0x1f/0x30 [ 2171.790101] [ 2171.790387] [ 2171.790593] Allocated by task 48081: [ 2171.791033] kasan_save_stack+0x1e/0x40 [ 2171.791505] __kasan_kmalloc+0x81/0xa0 [ 2171.791964] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 2171.792618] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2171.793213] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2171.793948] kthread+0x2a4/0x350 [ 2171.794357] ret_from_fork+0x1f/0x30 [ 2171.794797] [ 2171.795002] The buggy address belongs to the object at ffff888174f73b40 [ 2171.795002] which belongs to the cache kmalloc-16 of size 16 [ 2171.796446] The buggy address is located 8 bytes inside of [ 2171.796446] 16-byte region [ffff888174f73b40, ffff888174f73b50) [ 2171.797789] [ 2171.797995] The buggy address belongs to the physical page: [ 2171.798661] page:00000000734f0f41 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x174f73 [ 2171.799766] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 2171.800595] raw: 0017ffffc0000200 0000000000000000 dead000000000001 ffff8881000413c0 [ 2171.801514] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 2171.802429] page dumped because: kasan: bad access detected [ 2171.803092] [ 2171.803297] Memory state around the buggy address: [ 2171.803879] ffff888174f73a00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2171.804740] ffff888174f73a80: fa fb fc fc fa fb fc fc fa fb fc fc fb fb fc fc [ 2171.805603] >ffff888174f73b00: fa fb fc fc fa fb fc fc 00 01 fc fc fa fb fc fc [ 2171.806464] ^ [ 2171.807129] ffff888174f73b80: fa fb fc fc fa fb fc fc fb fb fc fc fa fb fc fc [ 2171.807987] ffff888174f73c00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2171.808846] ================================================================== [ 2171.809720] ================================================================== [ 2171.810584] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x3a6/0x990 [test_kasan] [ 2171.811779] Write of size 8 at addr ffff888174f73b48 by task kunit_try_catch/48081 [ 2171.812678] [ 2171.812885] CPU: 1 PID: 48081 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-251.1961_763395317.el9.x86_64+debug #1 [ 2171.814481] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2171.815170] Call Trace: [ 2171.815484] [ 2171.815758] ? kasan_bitops_test_and_modify.constprop.0+0x3a6/0x990 [test_kasan] [ 2171.816640] dump_stack_lvl+0x57/0x81 [ 2171.817093] print_address_description.constprop.0+0x1f/0x1e0 [ 2171.817793] ? kasan_bitops_test_and_modify.constprop.0+0x3a6/0x990 [test_kasan] [ 2171.818678] print_report.cold+0x5c/0x237 [ 2171.819221] kasan_report+0xc9/0x100 [ 2171.819749] ? kasan_bitops_test_and_modify.constprop.0+0x3a6/0x990 [test_kasan] [ 2171.820663] kasan_check_range+0xfd/0x1e0 [ 2171.821159] kasan_bitops_test_and_modify.constprop.0+0x3a6/0x990 [test_kasan] [ 2171.822025] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan] [ 2171.822822] ? kunit_kfree+0x200/0x200 [kunit] [ 2171.823372] ? rcu_read_lock_sched_held+0x12/0x80 [ 2171.823947] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2171.824620] ? rcu_read_lock_held+0x30/0x50 [ 2171.825130] ? trace_kmalloc+0x3c/0x100 [ 2171.825606] ? kmem_cache_alloc_trace+0x1af/0x320 [ 2171.826183] kasan_bitops_generic+0x105/0x164 [test_kasan] [ 2171.826846] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 2171.827731] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 2171.828423] ? kunit_add_resource+0x197/0x280 [kunit] [ 2171.829039] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2171.829637] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2171.830250] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2171.830985] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2171.831611] kthread+0x2a4/0x350 [ 2171.832015] ? kthread_complete_and_exit+0x20/0x20 [ 2171.832604] ret_from_fork+0x1f/0x30 [ 2171.833055] [ 2171.833339] [ 2171.833556] Allocated by task 48081: [ 2171.833996] kasan_save_stack+0x1e/0x40 [ 2171.834468] __kasan_kmalloc+0x81/0xa0 [ 2171.834928] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 2171.835580] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2171.836171] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2171.836905] kthread+0x2a4/0x350 [ 2171.837307] ret_from_fork+0x1f/0x30 [ 2171.837751] [ 2171.837957] The buggy address belongs to the object at ffff888174f73b40 [ 2171.837957] which belongs to the cache kmalloc-16 of size 16 [ 2171.839399] The buggy address is located 8 bytes inside of [ 2171.839399] 16-byte region [ffff888174f73b40, ffff888174f73b50) [ 2171.840751] [ 2171.840957] The buggy address belongs to the physical page: [ 2171.841622] page:00000000734f0f41 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x174f73 [ 2171.842731] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 2171.843557] raw: 0017ffffc0000200 0000000000000000 dead000000000001 ffff8881000413c0 [ 2171.844475] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 2171.845392] page dumped because: kasan: bad access detected [ 2171.846054] [ 2171.846260] Memory state around the buggy address: [ 2171.846842] ffff888174f73a00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2171.847705] ffff888174f73a80: fa fb fc fc fa fb fc fc fa fb fc fc fb fb fc fc [ 2171.848566] >ffff888174f73b00: fa fb fc fc fa fb fc fc 00 01 fc fc fa fb fc fc [ 2171.849424] ^ [ 2171.850087] ffff888174f73b80: fa fb fc fc fa fb fc fc fb fb fc fc fa fb fc fc [ 2171.850948] ffff888174f73c00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2171.851806] ================================================================== [ 2171.852679] ================================================================== [ 2171.853543] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x44f/0x990 [test_kasan] [ 2171.854732] Write of size 8 at addr ffff888174f73b48 by task kunit_try_catch/48081 [ 2171.855634] [ 2171.855839] CPU: 1 PID: 48081 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-251.1961_763395317.el9.x86_64+debug #1 [ 2171.857440] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2171.858127] Call Trace: [ 2171.858440] [ 2171.858713] ? kasan_bitops_test_and_modify.constprop.0+0x44f/0x990 [test_kasan] [ 2171.859598] dump_stack_lvl+0x57/0x81 [ 2171.860050] print_address_description.constprop.0+0x1f/0x1e0 [ 2171.860755] ? kasan_bitops_test_and_modify.constprop.0+0x44f/0x990 [test_kasan] [ 2171.861643] print_report.cold+0x5c/0x237 [ 2171.862137] kasan_report+0xc9/0x100 [ 2171.862585] ? kasan_bitops_test_and_modify.constprop.0+0x44f/0x990 [test_kasan] [ 2171.863474] kasan_check_range+0xfd/0x1e0 [ 2171.863965] kasan_bitops_test_and_modify.constprop.0+0x44f/0x990 [test_kasan] [ 2171.864831] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan] [ 2171.865626] ? kunit_kfree+0x200/0x200 [kunit] [ 2171.866178] ? rcu_read_lock_sched_held+0x12/0x80 [ 2171.866758] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2171.867430] ? rcu_read_lock_held+0x30/0x50 [ 2171.867940] ? trace_kmalloc+0x3c/0x100 [ 2171.868417] ? kmem_cache_alloc_trace+0x1af/0x320 [ 2171.868995] kasan_bitops_generic+0x105/0x164 [test_kasan] [ 2171.869659] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 2171.870547] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 2171.871239] ? kunit_add_resource+0x197/0x280 [kunit] [ 2171.871859] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2171.872456] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2171.873069] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2171.873803] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2171.874429] kthread+0x2a4/0x350 [ 2171.874833] ? kthread_complete_and_exit+0x20/0x20 [ 2171.875418] ret_from_fork+0x1f/0x30 [ 2171.875869] [ 2171.876152] [ 2171.876362] Allocated by task 48081: [ 2171.876802] kasan_save_stack+0x1e/0x40 [ 2171.877271] __kasan_kmalloc+0x81/0xa0 [ 2171.877735] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 2171.878389] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2171.878981] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2171.879718] kthread+0x2a4/0x350 [ 2171.880120] ret_from_fork+0x1f/0x30 [ 2171.880567] [ 2171.880772] The buggy address belongs to the object at ffff888174f73b40 [ 2171.880772] which belongs to the cache kmalloc-16 of size 16 [ 2171.882207] The buggy address is located 8 bytes inside of [ 2171.882207] 16-byte region [ffff888174f73b40, ffff888174f73b50) [ 2171.883554] [ 2171.883759] The buggy address belongs to the physical page: [ 2171.884424] page:00000000734f0f41 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x174f73 [ 2171.885531] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 2171.886358] raw: 0017ffffc0000200 0000000000000000 dead000000000001 ffff8881000413c0 [ 2171.887270] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 2171.888184] page dumped because: kasan: bad access detected [ 2171.888865] [ 2171.889070] Memory state around the buggy address: [ 2171.889652] ffff888174f73a00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2171.890520] ffff888174f73a80: fa fb fc fc fa fb fc fc fa fb fc fc fb fb fc fc [ 2171.891379] >ffff888174f73b00: fa fb fc fc fa fb fc fc 00 01 fc fc fa fb fc fc [ 2171.892234] ^ [ 2171.892902] ffff888174f73b80: fa fb fc fc fa fb fc fc fb fb fc fc fa fb fc fc [ 2171.893759] ffff888174f73c00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2171.894619] ================================================================== [ 2171.895492] ================================================================== [ 2171.896358] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x4f9/0x990 [test_kasan] [ 2171.897548] Write of size 8 at addr ffff888174f73b48 by task kunit_try_catch/48081 [ 2171.898447] [ 2171.898653] CPU: 1 PID: 48081 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-251.1961_763395317.el9.x86_64+debug #1 [ 2171.900250] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2171.900944] Call Trace: [ 2171.901253] [ 2171.901530] ? kasan_bitops_test_and_modify.constprop.0+0x4f9/0x990 [test_kasan] [ 2171.902414] dump_stack_lvl+0x57/0x81 [ 2171.902867] print_address_description.constprop.0+0x1f/0x1e0 [ 2171.903563] ? kasan_bitops_test_and_modify.constprop.0+0x4f9/0x990 [test_kasan] [ 2171.904448] print_report.cold+0x5c/0x237 [ 2171.904942] kasan_report+0xc9/0x100 [ 2171.905393] ? kasan_bitops_test_and_modify.constprop.0+0x4f9/0x990 [test_kasan] [ 2171.906275] kasan_check_range+0xfd/0x1e0 [ 2171.906769] kasan_bitops_test_and_modify.constprop.0+0x4f9/0x990 [test_kasan] [ 2171.907703] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan] [ 2171.908588] ? kunit_kfree+0x200/0x200 [kunit] [ 2171.909134] ? rcu_read_lock_sched_held+0x12/0x80 [ 2171.909713] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2171.910390] ? rcu_read_lock_held+0x30/0x50 [ 2171.910898] ? trace_kmalloc+0x3c/0x100 [ 2171.911374] ? kmem_cache_alloc_trace+0x1af/0x320 [ 2171.911948] kasan_bitops_generic+0x105/0x164 [test_kasan] [ 2171.912610] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 2171.913496] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 2171.914182] ? kunit_add_resource+0x197/0x280 [kunit] [ 2171.914802] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2171.915399] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2171.916012] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2171.916751] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2171.917384] kthread+0x2a4/0x350 [ 2171.917789] ? kthread_complete_and_exit+0x20/0x20 [ 2171.918375] ret_from_fork+0x1f/0x30 [ 2171.918826] [ 2171.919107] [ 2171.919312] Allocated by task 48081: [ 2171.919753] kasan_save_stack+0x1e/0x40 [ 2171.920222] __kasan_kmalloc+0x81/0xa0 [ 2171.920723] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 2171.921451] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2171.922086] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2171.922819] kthread+0x2a4/0x350 [ 2171.923222] ret_from_fork+0x1f/0x30 [ 2171.923665] [ 2171.923870] The buggy address belongs to the object at ffff888174f73b40 [ 2171.923870] which belongs to the cache kmalloc-16 of size 16 [ 2171.925304] The buggy address is located 8 bytes inside of [ 2171.925304] 16-byte region [ffff888174f73b40, ffff888174f73b50) [ 2171.926654] [ 2171.926859] The buggy address belongs to the physical page: [ 2171.927525] page:00000000734f0f41 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x174f73 [ 2171.928627] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 2171.929454] raw: 0017ffffc0000200 0000000000000000 dead000000000001 ffff8881000413c0 [ 2171.930372] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 2171.931286] page dumped because: kasan: bad access detected [ 2171.931955] [ 2171.932160] Memory state around the buggy address: [ 2171.932742] ffff888174f73a00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2171.933601] ffff888174f73a80: fa fb fc fc fa fb fc fc fa fb fc fc fb fb fc fc [ 2171.934459] >ffff888174f73b00: fa fb fc fc fa fb fc fc 00 01 fc fc fa fb fc fc [ 2171.935314] ^ [ 2171.935983] ffff888174f73b80: fa fb fc fc fa fb fc fc fb fb fc fc fa fb fc fc [ 2171.936844] ffff888174f73c00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2171.937703] ================================================================== [ 2171.938577] ================================================================== [ 2171.939440] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x5a2/0x990 [test_kasan] [ 2171.940631] Read of size 8 at addr ffff888174f73b48 by task kunit_try_catch/48081 [ 2171.941523] [ 2171.941730] CPU: 1 PID: 48081 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-251.1961_763395317.el9.x86_64+debug #1 [ 2171.943325] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2171.944016] Call Trace: [ 2171.944326] [ 2171.944604] ? kasan_bitops_test_and_modify.constprop.0+0x5a2/0x990 [test_kasan] [ 2171.945491] dump_stack_lvl+0x57/0x81 [ 2171.945943] print_address_description.constprop.0+0x1f/0x1e0 [ 2171.946640] ? kasan_bitops_test_and_modify.constprop.0+0x5a2/0x990 [test_kasan] [ 2171.947523] print_report.cold+0x5c/0x237 [ 2171.948016] kasan_report+0xc9/0x100 [ 2171.948463] ? kasan_bitops_test_and_modify.constprop.0+0x5a2/0x990 [test_kasan] [ 2171.949347] kasan_check_range+0xfd/0x1e0 [ 2171.949838] kasan_bitops_test_and_modify.constprop.0+0x5a2/0x990 [test_kasan] [ 2171.950706] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan] [ 2171.951500] ? kunit_kfree+0x200/0x200 [kunit] [ 2171.952046] ? rcu_read_lock_sched_held+0x12/0x80 [ 2171.952623] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2171.953291] ? rcu_read_lock_held+0x30/0x50 [ 2171.953803] ? trace_kmalloc+0x3c/0x100 [ 2171.954273] ? kmem_cache_alloc_trace+0x1af/0x320 [ 2171.954851] kasan_bitops_generic+0x105/0x164 [test_kasan] [ 2171.955516] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 2171.956402] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 2171.957088] ? kunit_add_resource+0x197/0x280 [kunit] [ 2171.957709] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2171.958303] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2171.958919] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2171.959654] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2171.960275] kthread+0x2a4/0x350 [ 2171.960682] ? kthread_complete_and_exit+0x20/0x20 [ 2171.961263] ret_from_fork+0x1f/0x30 [ 2171.961719] [ 2171.962000] [ 2171.962205] Allocated by task 48081: [ 2171.962647] kasan_save_stack+0x1e/0x40 [ 2171.963117] __kasan_kmalloc+0x81/0xa0 [ 2171.963580] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 2171.964227] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2171.964823] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2171.965557] kthread+0x2a4/0x350 [ 2171.965959] ret_from_fork+0x1f/0x30 [ 2171.966404] [ 2171.966609] The buggy address belongs to the object at ffff888174f73b40 [ 2171.966609] which belongs to the cache kmalloc-16 of size 16 [ 2171.968047] The buggy address is located 8 bytes inside of [ 2171.968047] 16-byte region [ffff888174f73b40, ffff888174f73b50) [ 2171.969392] [ 2171.969598] The buggy address belongs to the physical page: [ 2171.970262] page:00000000734f0f41 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x174f73 [ 2171.971369] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 2171.972194] raw: 0017ffffc0000200 0000000000000000 dead000000000001 ffff8881000413c0 [ 2171.973165] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 2171.974080] page dumped because: kasan: bad access detected [ 2171.974745] [ 2171.974950] Memory state around the buggy address: [ 2171.975533] ffff888174f73a00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2171.976395] ffff888174f73a80: fa fb fc fc fa fb fc fc fa fb fc fc fb fb fc fc [ 2171.977252] >ffff888174f73b00: fa fb fc fc fa fb fc fc 00 01 fc fc fa fb fc fc [ 2171.978111] ^ [ 2171.978779] ffff888174f73b80: fa fb fc fc fa fb fc fc fb fb fc fc fa fb fc fc [ 2171.979637] ffff888174f73c00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2171.980495] ================================================================== [ 2171.981369] ================================================================== [ 2171.982229] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x984/0x990 [test_kasan] [ 2171.983420] Read of size 8 at addr ffff888174f73b48 by task kunit_try_catch/48081 [ 2171.984306] [ 2171.984516] CPU: 1 PID: 48081 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-251.1961_763395317.el9.x86_64+debug #1 [ 2171.986113] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2171.986803] Call Trace: [ 2171.987113] [ 2171.987388] ? kasan_bitops_test_and_modify.constprop.0+0x984/0x990 [test_kasan] [ 2171.988269] dump_stack_lvl+0x57/0x81 [ 2171.988724] print_address_description.constprop.0+0x1f/0x1e0 [ 2171.989440] ? kasan_bitops_test_and_modify.constprop.0+0x984/0x990 [test_kasan] [ 2171.990319] print_report.cold+0x5c/0x237 [ 2171.990817] kasan_report+0xc9/0x100 [ 2171.991261] ? kasan_bitops_test_and_modify.constprop.0+0x984/0x990 [test_kasan] [ 2171.992145] kasan_bitops_test_and_modify.constprop.0+0x984/0x990 [test_kasan] [ 2171.993011] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan] [ 2171.993808] ? kunit_kfree+0x200/0x200 [kunit] [ 2171.994360] ? rcu_read_lock_sched_held+0x12/0x80 [ 2171.994934] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2171.995606] ? rcu_read_lock_held+0x30/0x50 [ 2171.996114] ? trace_kmalloc+0x3c/0x100 [ 2171.996588] ? kmem_cache_alloc_trace+0x1af/0x320 [ 2171.997164] kasan_bitops_generic+0x105/0x164 [test_kasan] [ 2171.997827] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 2171.998711] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 2171.999399] ? kunit_add_resource+0x197/0x280 [kunit] [ 2172.000015] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2172.000610] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2172.001223] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2172.001957] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2172.002582] kthread+0x2a4/0x350 [ 2172.002985] ? kthread_complete_and_exit+0x20/0x20 [ 2172.003570] ret_from_fork+0x1f/0x30 [ 2172.004021] [ 2172.004302] [ 2172.004511] Allocated by task 48081: [ 2172.004950] kasan_save_stack+0x1e/0x40 [ 2172.005422] __kasan_kmalloc+0x81/0xa0 [ 2172.005881] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 2172.006535] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2172.007125] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2172.007859] kthread+0x2a4/0x350 [ 2172.008261] ret_from_fork+0x1f/0x30 [ 2172.008708] [ 2172.008913] The buggy address belongs to the object at ffff888174f73b40 [ 2172.008913] which belongs to the cache kmalloc-16 of size 16 [ 2172.010351] The buggy address is located 8 bytes inside of [ 2172.010351] 16-byte region [ffff888174f73b40, ffff888174f73b50) [ 2172.011694] [ 2172.011901] The buggy address belongs to the physical page: [ 2172.012567] page:00000000734f0f41 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x174f73 [ 2172.013670] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 2172.014496] raw: 0017ffffc0000200 0000000000000000 dead000000000001 ffff8881000413c0 [ 2172.015414] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 2172.016327] page dumped because: kasan: bad access detected [ 2172.016992] [ 2172.017198] Memory state around the buggy address: [ 2172.017777] ffff888174f73a00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2172.018636] ffff888174f73a80: fa fb fc fc fa fb fc fc fa fb fc fc fb fb fc fc [ 2172.019496] >ffff888174f73b00: fa fb fc fc fa fb fc fc 00 01 fc fc fa fb fc fc [ 2172.020353] ^ [ 2172.021017] ffff888174f73b80: fa fb fc fc fa fb fc fc fb fb fc fc fa fb fc fc [ 2172.021878] ffff888174f73c00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2172.022735] ================================================================== [ 2172.023608] ================================================================== [ 2172.024469] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x66e/0x990 [test_kasan] [ 2172.025658] Write of size 8 at addr ffff888174f73b48 by task kunit_try_catch/48081 [ 2172.026560] [ 2172.026766] CPU: 1 PID: 48081 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-251.1961_763395317.el9.x86_64+debug #1 [ 2172.028359] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2172.029048] Call Trace: [ 2172.029362] [ 2172.029635] ? kasan_bitops_test_and_modify.constprop.0+0x66e/0x990 [test_kasan] [ 2172.030520] dump_stack_lvl+0x57/0x81 [ 2172.030974] print_address_description.constprop.0+0x1f/0x1e0 [ 2172.031669] ? kasan_bitops_test_and_modify.constprop.0+0x66e/0x990 [test_kasan] [ 2172.032551] print_report.cold+0x5c/0x237 [ 2172.033044] kasan_report+0xc9/0x100 [ 2172.033491] ? kasan_bitops_test_and_modify.constprop.0+0x66e/0x990 [test_kasan] [ 2172.034375] kasan_check_range+0xfd/0x1e0 [ 2172.034865] kasan_bitops_test_and_modify.constprop.0+0x66e/0x990 [test_kasan] [ 2172.035732] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan] [ 2172.036528] ? kunit_kfree+0x200/0x200 [kunit] [ 2172.037073] ? rcu_read_lock_sched_held+0x12/0x80 [ 2172.037650] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2172.038318] ? rcu_read_lock_held+0x30/0x50 [ 2172.038828] ? trace_kmalloc+0x3c/0x100 [ 2172.039300] ? kmem_cache_alloc_trace+0x1af/0x320 [ 2172.039878] kasan_bitops_generic+0x105/0x164 [test_kasan] [ 2172.040539] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 2172.041426] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 2172.042110] ? kunit_add_resource+0x197/0x280 [kunit] [ 2172.042729] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2172.043322] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2172.043938] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2172.044673] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2172.045294] kthread+0x2a4/0x350 [ 2172.045701] ? kthread_complete_and_exit+0x20/0x20 [ 2172.046284] ret_from_fork+0x1f/0x30 [ 2172.046737] [ 2172.047019] [ 2172.047225] Allocated by task 48081: [ 2172.047668] kasan_save_stack+0x1e/0x40 [ 2172.048136] __kasan_kmalloc+0x81/0xa0 [ 2172.048598] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 2172.049246] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2172.049840] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2172.050578] kthread+0x2a4/0x350 [ 2172.050980] ret_from_fork+0x1f/0x30 [ 2172.051427] [ 2172.051632] The buggy address belongs to the object at ffff888174f73b40 [ 2172.051632] which belongs to the cache kmalloc-16 of size 16 [ 2172.053069] The buggy address is located 8 bytes inside of [ 2172.053069] 16-byte region [ffff888174f73b40, ffff888174f73b50) [ 2172.054417] [ 2172.054622] The buggy address belongs to the physical page: [ 2172.055285] page:00000000734f0f41 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x174f73 [ 2172.056390] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 2172.057213] raw: 0017ffffc0000200 0000000000000000 dead000000000001 ffff8881000413c0 [ 2172.058132] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 2172.059047] page dumped because: kasan: bad access detected [ 2172.059714] [ 2172.059919] Memory state around the buggy address: [ 2172.060502] ffff888174f73a00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2172.061361] ffff888174f73a80: fa fb fc fc fa fb fc fc fa fb fc fc fb fb fc fc [ 2172.062218] >ffff888174f73b00: fa fb fc fc fa fb fc fc 00 01 fc fc fa fb fc fc [ 2172.063080] ^ [ 2172.063746] ffff888174f73b80: fa fb fc fc fa fb fc fc fb fb fc fc fa fb fc fc [ 2172.064605] ffff888174f73c00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2172.065464] ================================================================== [ 2172.066820] ok 45 - kasan_bitops_generic [ 2172.067064] ok 46 - kasan_bitops_tags # SKIP Test requires CONFIG_KASAN_GENERIC=n [ 2172.067796] ================================================================== [ 2172.069591] BUG: KASAN: use-after-free in kmalloc_double_kzfree+0x1ad/0x270 [test_kasan] [ 2172.070553] Read of size 1 at addr ffff888174f73ae0 by task kunit_try_catch/48083 [ 2172.071446] [ 2172.071653] CPU: 1 PID: 48083 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-251.1961_763395317.el9.x86_64+debug #1 [ 2172.073250] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2172.073943] Call Trace: [ 2172.074253] [ 2172.074532] ? kmalloc_double_kzfree+0x1ad/0x270 [test_kasan] [ 2172.075226] dump_stack_lvl+0x57/0x81 [ 2172.075682] print_address_description.constprop.0+0x1f/0x1e0 [ 2172.076381] ? kmalloc_double_kzfree+0x1ad/0x270 [test_kasan] [ 2172.077078] print_report.cold+0x5c/0x237 [ 2172.077575] kasan_report+0xc9/0x100 [ 2172.078021] ? kmalloc_double_kzfree+0x1ad/0x270 [test_kasan] [ 2172.078723] ? kmalloc_double_kzfree+0x1ad/0x270 [test_kasan] [ 2172.079420] __kasan_check_byte+0x36/0x50 [ 2172.079911] kfree_sensitive+0x1b/0x60 [ 2172.080377] kmalloc_double_kzfree+0x1ad/0x270 [test_kasan] [ 2172.081050] ? vmalloc_oob+0x5e0/0x5e0 [test_kasan] [ 2172.081648] ? do_raw_spin_trylock+0xb5/0x180 [ 2172.082183] ? do_raw_spin_lock+0x270/0x270 [ 2172.082700] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2172.083375] ? kunit_add_resource+0x197/0x280 [kunit] [ 2172.083993] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2172.084591] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2172.085205] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2172.085941] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2172.086568] kthread+0x2a4/0x350 [ 2172.086972] ? kthread_complete_and_exit+0x20/0x20 [ 2172.087560] ret_from_fork+0x1f/0x30 [ 2172.088013] [ 2172.088294] [ 2172.088503] Allocated by task 48083: [ 2172.088943] kasan_save_stack+0x1e/0x40 [ 2172.089416] __kasan_kmalloc+0x81/0xa0 [ 2172.089876] kmalloc_double_kzfree+0x9a/0x270 [test_kasan] [ 2172.090535] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2172.091127] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2172.091862] kthread+0x2a4/0x350 [ 2172.092267] ret_from_fork+0x1f/0x30 [ 2172.092714] [ 2172.092920] Freed by task 48083: [ 2172.093321] kasan_save_stack+0x1e/0x40 [ 2172.093792] kasan_set_track+0x21/0x30 [ 2172.094251] kasan_set_free_info+0x20/0x40 [ 2172.094751] __kasan_slab_free+0x108/0x170 [ 2172.095248] slab_free_freelist_hook+0x11d/0x1d0 [ 2172.095813] kfree+0xe2/0x3c0 [ 2172.096187] kmalloc_double_kzfree+0x137/0x270 [test_kasan] [ 2172.096859] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2172.097455] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2172.098188] kthread+0x2a4/0x350 [ 2172.098594] ret_from_fork+0x1f/0x30 [ 2172.099036] [ 2172.099242] The buggy address belongs to the object at ffff888174f73ae0 [ 2172.099242] which belongs to the cache kmalloc-16 of size 16 [ 2172.100680] The buggy address is located 0 bytes inside of [ 2172.100680] 16-byte region [ffff888174f73ae0, ffff888174f73af0) [ 2172.102029] [ 2172.102236] The buggy address belongs to the physical page: [ 2172.102904] page:00000000734f0f41 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x174f73 [ 2172.104010] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 2172.104837] raw: 0017ffffc0000200 0000000000000000 dead000000000001 ffff8881000413c0 [ 2172.105757] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 2172.106675] page dumped because: kasan: bad access detected [ 2172.107342] [ 2172.107547] Memory state around the buggy address: [ 2172.108125] ffff888174f73980: fa fb fc fc fa fb fc fc fa fb fc fc fb fb fc fc [ 2172.109048] ffff888174f73a00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2172.109905] >ffff888174f73a80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2172.110762] ^ [ 2172.111521] ffff888174f73b00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2172.112380] ffff888174f73b80: fa fb fc fc fa fb fc fc fb fb fc fc fa fb fc fc [ 2172.113237] ================================================================== [ 2172.114195] ================================================================== [ 2172.115063] BUG: KASAN: double-free or invalid-free in kfree+0xe2/0x3c0 [ 2172.115850] [ 2172.116056] CPU: 1 PID: 48083 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-251.1961_763395317.el9.x86_64+debug #1 [ 2172.117662] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2172.118355] Call Trace: [ 2172.118665] [ 2172.118939] dump_stack_lvl+0x57/0x81 [ 2172.119395] print_address_description.constprop.0+0x1f/0x1e0 [ 2172.120089] print_report.cold+0x5c/0x237 [ 2172.120584] ? kfree+0xe2/0x3c0 [ 2172.120980] ? kfree+0xe2/0x3c0 [ 2172.121376] kasan_report_invalid_free+0x99/0xc0 [ 2172.121942] ? kfree+0xe2/0x3c0 [ 2172.122338] ? kfree+0xe2/0x3c0 [ 2172.122732] __kasan_slab_free+0x152/0x170 [ 2172.123231] slab_free_freelist_hook+0x11d/0x1d0 [ 2172.123800] ? kmalloc_double_kzfree+0x1ad/0x270 [test_kasan] [ 2172.124498] kfree+0xe2/0x3c0 [ 2172.124875] ? __kasan_check_byte+0x36/0x50 [ 2172.125390] kmalloc_double_kzfree+0x1ad/0x270 [test_kasan] [ 2172.126058] ? vmalloc_oob+0x5e0/0x5e0 [test_kasan] [ 2172.126657] ? do_raw_spin_trylock+0xb5/0x180 [ 2172.127191] ? do_raw_spin_lock+0x270/0x270 [ 2172.127708] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2172.128383] ? kunit_add_resource+0x197/0x280 [kunit] [ 2172.129001] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2172.129599] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2172.130211] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2172.130946] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2172.131570] kthread+0x2a4/0x350 [ 2172.131974] ? kthread_complete_and_exit+0x20/0x20 [ 2172.132561] ret_from_fork+0x1f/0x30 [ 2172.133013] [ 2172.133294] [ 2172.133502] Allocated by task 48083: [ 2172.133941] kasan_save_stack+0x1e/0x40 [ 2172.134414] __kasan_kmalloc+0x81/0xa0 [ 2172.134874] kmalloc_double_kzfree+0x9a/0x270 [test_kasan] [ 2172.135536] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2172.136128] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2172.136863] kthread+0x2a4/0x350 [ 2172.137267] ret_from_fork+0x1f/0x30 [ 2172.137713] [ 2172.137919] Freed by task 48083: [ 2172.138322] kasan_save_stack+0x1e/0x40 [ 2172.138795] kasan_set_track+0x21/0x30 [ 2172.139254] kasan_set_free_info+0x20/0x40 [ 2172.139756] __kasan_slab_free+0x108/0x170 [ 2172.140253] slab_free_freelist_hook+0x11d/0x1d0 [ 2172.140816] kfree+0xe2/0x3c0 [ 2172.141190] kmalloc_double_kzfree+0x137/0x270 [test_kasan] [ 2172.141861] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2172.142460] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2172.143202] kthread+0x2a4/0x350 [ 2172.143668] ret_from_fork+0x1f/0x30 [ 2172.144163] [ 2172.144407] The buggy address belongs to the object at ffff888174f73ae0 [ 2172.144407] which belongs to the cache kmalloc-16 of size 16 [ 2172.145844] The buggy address is located 0 bytes inside of [ 2172.145844] 16-byte region [ffff888174f73ae0, ffff888174f73af0) [ 2172.147188] [ 2172.147397] The buggy address belongs to the physical page: [ 2172.148059] page:00000000734f0f41 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x174f73 [ 2172.149168] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 2172.149995] raw: 0017ffffc0000200 0000000000000000 dead000000000001 ffff8881000413c0 [ 2172.150914] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 2172.151832] page dumped because: kasan: bad access detected [ 2172.152498] [ 2172.152704] Memory state around the buggy address: [ 2172.153281] ffff888174f73980: fa fb fc fc fa fb fc fc fa fb fc fc fb fb fc fc [ 2172.154142] ffff888174f73a00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2172.155000] >ffff888174f73a80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2172.155858] ^ [ 2172.156615] ffff888174f73b00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 2172.157474] ffff888174f73b80: fa fb fc fc fa fb fc fc fb fb fc fc fa fb fc fc [ 2172.158334] ================================================================== [ 2172.159288] ok 47 - kmalloc_double_kzfree [ 2172.159468] ok 48 - vmalloc_helpers_tags # SKIP Test requires CONFIG_KASAN_GENERIC=n [ 2172.160217] ================================================================== [ 2172.162050] BUG: KASAN: vmalloc-out-of-bounds in vmalloc_oob+0x596/0x5e0 [test_kasan] [ 2172.162984] Read of size 1 at addr ffffc900000777f3 by task kunit_try_catch/48085 [ 2172.163871] [ 2172.164080] CPU: 1 PID: 48085 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-251.1961_763395317.el9.x86_64+debug #1 [ 2172.165683] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2172.166377] Call Trace: [ 2172.166689] [ 2172.166962] ? vmalloc_oob+0x596/0x5e0 [test_kasan] [ 2172.167559] dump_stack_lvl+0x57/0x81 [ 2172.168013] print_address_description.constprop.0+0x1f/0x1e0 [ 2172.168711] ? vmalloc_oob+0x596/0x5e0 [test_kasan] [ 2172.169304] print_report.cold+0x5c/0x237 [ 2172.169801] kasan_report+0xc9/0x100 [ 2172.170246] ? vmalloc_oob+0x596/0x5e0 [test_kasan] [ 2172.170846] vmalloc_oob+0x596/0x5e0 [test_kasan] [ 2172.171425] ? kasan_global_oob_right+0x1f0/0x1f0 [test_kasan] [ 2172.172130] ? do_raw_spin_trylock+0xb5/0x180 [ 2172.172669] ? do_raw_spin_lock+0x270/0x270 [ 2172.173183] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2172.173882] ? kunit_add_resource+0x197/0x280 [kunit] [ 2172.174578] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2172.175229] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2172.175845] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2172.176583] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2172.177206] kthread+0x2a4/0x350 [ 2172.177613] ? kthread_complete_and_exit+0x20/0x20 [ 2172.178198] ret_from_fork+0x1f/0x30 [ 2172.178653] [ 2172.178935] [ 2172.179141] The buggy address belongs to the virtual mapping at [ 2172.179141] [ffffc90000077000, ffffc90000079000) created by: [ 2172.179141] vmalloc_oob+0x78/0x5e0 [test_kasan] [ 2172.181035] [ 2172.181241] The buggy address belongs to the physical page: [ 2172.181907] page:000000008ffb2be6 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x161357 [ 2172.183010] flags: 0x17ffffc0000000(node=0|zone=2|lastcpupid=0x1fffff) [ 2172.183790] raw: 0017ffffc0000000 0000000000000000 dead000000000122 0000000000000000 [ 2172.184706] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 2172.185622] page dumped because: kasan: bad access detected [ 2172.186284] [ 2172.186492] Memory state around the buggy address: [ 2172.187070] ffffc90000077680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2172.187930] ffffc90000077700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2172.188789] >ffffc90000077780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 f8 [ 2172.189648] ^ [ 2172.190461] ffffc90000077800: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 2172.191316] ffffc90000077880: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 2172.192175] ================================================================== [ 2172.193237] ================================================================== [ 2172.194107] BUG: KASAN: vmalloc-out-of-bounds in vmalloc_oob+0x58c/0x5e0 [test_kasan] [ 2172.195043] Read of size 1 at addr ffffc900000777f8 by task kunit_try_catch/48085 [ 2172.195934] [ 2172.196141] CPU: 1 PID: 48085 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-251.1961_763395317.el9.x86_64+debug #1 [ 2172.197748] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2172.198441] Call Trace: [ 2172.198753] [ 2172.199026] ? vmalloc_oob+0x58c/0x5e0 [test_kasan] [ 2172.199623] dump_stack_lvl+0x57/0x81 [ 2172.200077] print_address_description.constprop.0+0x1f/0x1e0 [ 2172.200775] ? vmalloc_oob+0x58c/0x5e0 [test_kasan] [ 2172.201370] print_report.cold+0x5c/0x237 [ 2172.201864] kasan_report+0xc9/0x100 [ 2172.202309] ? vmalloc_oob+0x58c/0x5e0 [test_kasan] [ 2172.202910] vmalloc_oob+0x58c/0x5e0 [test_kasan] [ 2172.203490] ? kasan_global_oob_right+0x1f0/0x1f0 [test_kasan] [ 2172.204194] ? do_raw_spin_trylock+0xb5/0x180 [ 2172.204734] ? do_raw_spin_lock+0x270/0x270 [ 2172.205248] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 2172.205925] ? kunit_add_resource+0x197/0x280 [kunit] [ 2172.206547] kunit_try_run_case+0x108/0x1a0 [kunit] [ 2172.207143] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 2172.207762] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 2172.208501] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 2172.209123] kthread+0x2a4/0x350 [ 2172.209530] ? kthread_complete_and_exit+0x20/0x20 [ 2172.210113] ret_from_fork+0x1f/0x30 [ 2172.210570] [ 2172.210853] [ 2172.211059] The buggy address belongs to the virtual mapping at [ 2172.211059] [ffffc90000077000, ffffc90000079000) created by: [ 2172.211059] vmalloc_oob+0x78/0x5e0 [test_kasan] [ 2172.212950] [ 2172.213156] The buggy address belongs to the physical page: [ 2172.213823] page:000000008ffb2be6 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x161357 [ 2172.214929] flags: 0x17ffffc0000000(node=0|zone=2|lastcpupid=0x1fffff) [ 2172.215708] raw: 0017ffffc0000000 0000000000000000 dead000000000122 0000000000000000 [ 2172.216628] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 2172.217543] page dumped because: kasan: bad access detected [ 2172.218208] [ 2172.218417] Memory state around the buggy address: [ 2172.218997] ffffc90000077680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2172.219859] ffffc90000077700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2172.220721] >ffffc90000077780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 f8 [ 2172.221581] ^ [ 2172.222432] ffffc90000077800: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 2172.223289] ffffc90000077880: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 2172.224148] ================================================================== [ 2172.225157] ok 49 - vmalloc_oob [ 2172.226962] ok 50 - vmap_tags # SKIP Test requires CONFIG_KASAN_SW_TAGS=y [ 2172.227609] ok 51 - vm_map_ram_tags # SKIP Test requires CONFIG_KASAN_SW_TAGS=y [ 2172.228773] ok 52 - vmalloc_percpu # SKIP Test requires CONFIG_KASAN_SW_TAGS=y [ 2172.230054] ok 53 - match_all_not_assigned # SKIP Test requires CONFIG_KASAN_GENERIC=n [ 2172.231187] ok 54 - match_all_ptr_tag # SKIP Test requires CONFIG_KASAN_GENERIC=n [ 2172.232310] ok 55 - match_all_mem_tag # SKIP Test requires CONFIG_KASAN_GENERIC=n [ 2172.233274] ok 20 - kasan [ 2172.376664] # Subtest: linear-ranges-test [ 2172.376672] 1..4 [ 2172.378342] ok 1 - range_test_get_value_amount [ 2172.379942] ok 2 - range_test_get_selector_high [ 2172.380752] ok 3 - range_test_get_selector_low [ 2172.382063] ok 4 - range_test_get_value [ 2172.382680] ok 21 - linear-ranges-test [ 2172.439335] # Subtest: list_sort [ 2172.439343] 1..1 [ 2172.449683] ok 1 - list_sort_test [ 2172.450015] ok 22 - list_sort [ 2172.576199] # Subtest: time_test_cases [ 2172.576207] 1..1 [ 2177.122988] ok 1 - time64_to_tm_test_date_range [ 2177.126108] ok 23 - time_test_cases