[ 3071.547024] # Subtest: bitfields
[ 3071.547048] 1..2
[ 3071.551627] ok 1 - test_bitfields_constants
[ 3071.552147] ok 2 - test_bitfields_variables
[ 3071.552687] ok 1 - bitfields
[ 3072.071672] # Subtest: cmdline
[ 3072.071709] 1..4
[ 3072.072442] ok 1 - cmdline_test_noint
[ 3072.073709] ok 2 - cmdline_test_lead_int
[ 3072.074339] ok 3 - cmdline_test_tail_int
[ 3072.075404] ok 4 - cmdline_test_range
[ 3072.075922] ok 2 - cmdline
[ 3072.511466] # Subtest: ext4_inode_test
[ 3072.511476] 1..1
[ 3072.512085] # inode_test_xtimestamp_decoding: ok 1 - 1901-12-13 Lower bound of 32bit < 0 timestamp, no extra bits
[ 3072.518423] # inode_test_xtimestamp_decoding: ok 2 - 1969-12-31 Upper bound of 32bit < 0 timestamp, no extra bits
[ 3072.519991] # inode_test_xtimestamp_decoding: ok 3 - 1970-01-01 Lower bound of 32bit >=0 timestamp, no extra bits
[ 3072.521230] # inode_test_xtimestamp_decoding: ok 4 - 2038-01-19 Upper bound of 32bit >=0 timestamp, no extra bits
[ 3072.522788] # inode_test_xtimestamp_decoding: ok 5 - 2038-01-19 Lower bound of 32bit <0 timestamp, lo extra sec bit on
[ 3072.524092] # inode_test_xtimestamp_decoding: ok 6 - 2106-02-07 Upper bound of 32bit <0 timestamp, lo extra sec bit on
[ 3072.525842] # inode_test_xtimestamp_decoding: ok 7 - 2106-02-07 Lower bound of 32bit >=0 timestamp, lo extra sec bit on
[ 3072.527821] # inode_test_xtimestamp_decoding: ok 8 - 2174-02-25 Upper bound of 32bit >=0 timestamp, lo extra sec bit on
[ 3072.529173] # inode_test_xtimestamp_decoding: ok 9 - 2174-02-25 Lower bound of 32bit <0 timestamp, hi extra sec bit on
[ 3072.533252] # inode_test_xtimestamp_decoding: ok 10 - 2242-03-16 Upper bound of 32bit <0 timestamp, hi extra sec bit on
[ 3072.534824] # inode_test_xtimestamp_decoding: ok 11 - 2242-03-16 Lower bound of 32bit >=0 timestamp, hi extra sec bit on
[ 3072.536111] # inode_test_xtimestamp_decoding: ok 12 - 2310-04-04 Upper bound of 32bit >=0 timestamp, hi extra sec bit on
[ 3072.537806] # inode_test_xtimestamp_decoding: ok 13 - 2310-04-04 Upper bound of 32bit>=0 timestamp, hi extra sec bit 1. 1 ns
[ 3072.542754] # inode_test_xtimestamp_decoding: ok 14 - 2378-04-22 Lower bound of 32bit>= timestamp. Extra sec bits 1. Max ns
[ 3072.547348] # inode_test_xtimestamp_decoding: ok 15 - 2378-04-22 Lower bound of 32bit >=0 timestamp. All extra sec bits on
[ 3072.551761] # inode_test_xtimestamp_decoding: ok 16 - 2446-05-10 Upper bound of 32bit >=0 timestamp. All extra sec bits on
[ 3072.554756] ok 1 - inode_test_xtimestamp_decoding
[ 3072.557578] ok 3 - ext4_inode_test
[ 3073.651467] # Subtest: kunit-try-catch-test
[ 3073.651478] 1..2
[ 3073.654300] ok 1 - kunit_test_try_catch_successful_try_no_catch
[ 3073.655108] ok 2 - kunit_test_try_catch_unsuccessful_try_does_catch
[ 3073.655705] ok 4 - kunit-try-catch-test
[ 3073.658268] # Subtest: kunit-resource-test
[ 3073.658275] 1..7
[ 3073.659529] ok 1 - kunit_resource_test_init_resources
[ 3073.660261] ok 2 - kunit_resource_test_alloc_resource
[ 3073.661357] ok 3 - kunit_resource_test_destroy_resource
[ 3073.662694] ok 4 - kunit_resource_test_cleanup_resources
[ 3073.663853] ok 5 - kunit_resource_test_proper_free_ordering
[ 3073.664963] ok 6 - kunit_resource_test_static
[ 3073.665959] ok 7 - kunit_resource_test_named
[ 3073.666418] ok 5 - kunit-resource-test
[ 3073.667396] # Subtest: kunit-log-test
[ 3073.667402] 1..1
[ 3073.668833] put this in log.
[ 3073.669054] this too.
[ 3073.669317] add to suite log.
[ 3073.669567] along with this.
[ 3073.670539] ok 1 - kunit_log_test
[ 3073.670927] ok 6 - kunit-log-test
[ 3073.671818] # Subtest: kunit_status
[ 3073.671824] 1..2
[ 3073.673190] ok 1 - kunit_status_set_failure_test
[ 3073.673944] ok 2 - kunit_status_mark_skipped_test
[ 3073.674388] ok 7 - kunit_status
[ 3073.786627] # Subtest: rtc_lib_test_cases
[ 3073.786634] 1..1
[ 3077.361079] ok 1 - rtc_time64_to_tm_test_date_range
[ 3077.361326] ok 8 - rtc_lib_test_cases
[ 3077.550858] # Subtest: list-kunit-test
[ 3077.550870] 1..36
[ 3077.557758] ok 1 - list_test_list_init
[ 3077.558336] ok 2 - list_test_list_add
[ 3077.559506] ok 3 - list_test_list_add_tail
[ 3077.560204] ok 4 - list_test_list_del
[ 3077.561329] ok 5 - list_test_list_replace
[ 3077.562299] ok 6 - list_test_list_replace_init
[ 3077.563491] ok 7 - list_test_list_swap
[ 3077.564580] ok 8 - list_test_list_del_init
[ 3077.565211] ok 9 - list_test_list_move
[ 3077.566517] ok 10 - list_test_list_move_tail
[ 3077.567161] ok 11 - list_test_list_bulk_move_tail
[ 3077.570702] ok 12 - list_test_list_is_first
[ 3077.571715] ok 13 - list_test_list_is_last
[ 3077.572714] ok 14 - list_test_list_empty
[ 3077.573733] ok 15 - list_test_list_empty_careful
[ 3077.574477] ok 16 - list_test_list_rotate_left
[ 3077.575693] ok 17 - list_test_list_rotate_to_front
[ 3077.576728] ok 18 - list_test_list_is_singular
[ 3077.577756] ok 19 - list_test_list_cut_position
[ 3077.578792] ok 20 - list_test_list_cut_before
[ 3077.579852] ok 21 - list_test_list_splice
[ 3077.580965] ok 22 - list_test_list_splice_tail
[ 3077.581873] ok 23 - list_test_list_splice_init
[ 3077.583076] ok 24 - list_test_list_splice_tail_init
[ 3077.583944] ok 25 - list_test_list_entry
[ 3077.585095] ok 26 - list_test_list_first_entry
[ 3077.586072] ok 27 - list_test_list_last_entry
[ 3077.587108] ok 28 - list_test_list_first_entry_or_null
[ 3077.588119] ok 29 - list_test_list_next_entry
[ 3077.594787] ok 30 - list_test_list_prev_entry
[ 3077.595984] ok 31 - list_test_list_for_each
[ 3077.596871] ok 32 - list_test_list_for_each_prev
[ 3077.597889] ok 33 - list_test_list_for_each_safe
[ 3077.598897] ok 34 - list_test_list_for_each_prev_safe
[ 3077.599849] ok 35 - list_test_list_for_each_entry
[ 3077.601009] ok 36 - list_test_list_for_each_entry_reverse
[ 3077.601570] ok 9 - list-kunit-test
[ 3077.715979] # Subtest: memcpy
[ 3077.715986] 1..4
[ 3077.716891] # memset_test: ok: memset() direct assignment
[ 3077.717805] # memset_test: ok: memset() complete overwrite
[ 3077.718362] # memset_test: ok: memset() middle overwrite
[ 3077.718922] # memset_test: ok: memset() argument side-effects
[ 3077.719532] # memset_test: ok: memset() memset_after()
[ 3077.720413] # memset_test: ok: memset() memset_startat()
[ 3077.721771] ok 1 - memset_test
[ 3077.721945] # memcpy_test: ok: memcpy() static initializers
[ 3077.722821] # memcpy_test: ok: memcpy() direct assignment
[ 3077.723357] # memcpy_test: ok: memcpy() complete overwrite
[ 3077.723910] # memcpy_test: ok: memcpy() middle overwrite
[ 3077.724442] # memcpy_test: ok: memcpy() argument side-effects
[ 3077.725815] ok 2 - memcpy_test
[ 3077.726159] # memmove_test: ok: memmove() static initializers
[ 3077.727158] # memmove_test: ok: memmove() direct assignment
[ 3077.727717] # memmove_test: ok: memmove() complete overwrite
[ 3077.728259] # memmove_test: ok: memmove() middle overwrite
[ 3077.728831] # memmove_test: ok: memmove() argument side-effects
[ 3077.729442] # memmove_test: ok: memmove() overlapping write
[ 3077.730894] ok 3 - memmove_test
[ 3077.731178] ok 4 - strtomem_test
[ 3077.731636] ok 10 - memcpy
[ 3077.840855] # Subtest: mptcp-crypto
[ 3077.840862] 1..1
[ 3077.850574] ok 1 - mptcp_crypto_test_basic
[ 3077.850808] ok 11 - mptcp-crypto
[ 3077.979135] # Subtest: mptcp-token
[ 3077.979143] 1..4
[ 3077.980961] ok 1 - mptcp_token_test_req_basic
[ 3077.981895] ok 2 - mptcp_token_test_msk_basic
[ 3077.982816] ok 3 - mptcp_token_test_accept
[ 3077.984047] ok 4 - mptcp_token_test_destroyed
[ 3077.984560] ok 12 - mptcp-token
[ 3078.303267] # Subtest: rational
[ 3078.303293] 1..1
[ 3078.304223] # rational_test: ok 1 - Exceeds bounds, semi-convergent term > 1/2 last term
[ 3078.304937] # rational_test: ok 2 - Exceeds bounds, semi-convergent term < 1/2 last term
[ 3078.306146] # rational_test: ok 3 - Closest to zero
[ 3078.307541] # rational_test: ok 4 - Closest to smallest non-zero
[ 3078.308259] # rational_test: ok 5 - Use convergent
[ 3078.309660] # rational_test: ok 6 - Exact answer
[ 3078.310661] # rational_test: ok 7 - Semiconvergent, numerator limit
[ 3078.311634] # rational_test: ok 8 - Semiconvergent, denominator limit
[ 3078.312202] ok 1 - rational_test
[ 3078.312953] ok 13 - rational
[ 3078.417263] # Subtest: resource
[ 3078.417270] 1..2
[ 3078.418007] ok 1 - resource_test_union
[ 3078.418785] ok 2 - resource_test_intersection
[ 3078.419202] ok 14 - resource
[ 3078.525413] # Subtest: slub_test
[ 3078.525420] 1..2
[ 3078.564607] ok 1 - test_clobber_zone
[ 3078.577533] ok 2 - test_clobber_redzone_free
[ 3078.577978] ok 15 - slub_test
[ 3078.796064] # Subtest: snd_soc_tplg_test
[ 3078.796074] 1..11
[ 3078.801216] ok 1 - snd_soc_tplg_test_load_with_null_comp
[ 3078.811796] ok 2 - snd_soc_tplg_test_load_with_null_ops
[ 3078.813826] ok 3 - snd_soc_tplg_test_load_with_null_fw
[ 3078.816875] ok 4 - snd_soc_tplg_test_load_empty_tplg
[ 3078.819920] ok 5 - snd_soc_tplg_test_load_empty_tplg_bad_magic
[ 3078.822935] ok 6 - snd_soc_tplg_test_load_empty_tplg_bad_abi
[ 3078.826021] ok 7 - snd_soc_tplg_test_load_empty_tplg_bad_size
[ 3078.829859] ok 8 - snd_soc_tplg_test_load_empty_tplg_bad_payload_size
[ 3078.832882] ok 9 - snd_soc_tplg_test_load_pcm_tplg
[ 3078.842006] ok 10 - snd_soc_tplg_test_load_pcm_tplg_reload_comp
[ 3078.849336] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3078.855738] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3078.900757] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3078.904875] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3078.926902] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3078.930154] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3078.956080] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3078.960227] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3078.983777] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3078.987154] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3079.008007] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3079.011993] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3079.035964] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3079.040171] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3079.079740] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3079.082259] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3079.112581] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3079.118152] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3079.151637] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3079.162107] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3079.201251] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3079.206182] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3079.234290] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3079.239071] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3079.264446] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3079.268122] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3079.290511] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3079.294052] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3079.319289] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3079.323128] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3079.349532] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3079.353109] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3079.375010] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3079.389132] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3079.410782] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3079.415172] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3079.438282] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3079.442029] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3079.473516] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3079.478063] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3079.500931] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3079.504103] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3079.529144] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3079.531096] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3079.550862] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3079.555191] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3079.576767] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3079.581182] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3079.604036] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3079.609246] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3079.638466] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3079.642121] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3079.704982] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3079.709248] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3079.733045] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3079.737118] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3079.760883] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3079.764251] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3079.788737] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3079.792061] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3079.817649] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3079.819784] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3079.848267] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3079.859040] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3079.917680] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3079.923718] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3079.942566] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3079.948290] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3079.972207] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3079.976154] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3079.998434] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3080.002175] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3080.024627] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3080.026378] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3080.046282] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3080.050166] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3080.082288] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3080.086440] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3080.109847] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3080.113099] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3080.142615] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3080.147674] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3080.195913] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3080.203987] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3080.239228] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3080.244952] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3080.266516] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3080.271606] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3080.294228] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3080.298153] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3080.329737] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3080.333736] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3080.357719] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3080.361088] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3080.382397] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3080.384198] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3080.409147] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3080.413083] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3080.439116] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3080.443136] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3080.469059] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3080.473077] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3080.498691] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3080.502077] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3080.529757] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3080.543017] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3080.568477] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3080.570457] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3080.591802] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3080.598482] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3080.616971] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3080.621016] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3080.641724] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3080.645058] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3080.666548] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3080.674866] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3080.696056] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3080.700085] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3080.725855] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3080.731149] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3080.752722] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3080.758075] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3080.779391] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3080.791070] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3080.815206] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3080.817158] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3080.842790] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3080.844702] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3080.867280] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3080.873883] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3080.917915] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3080.928293] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3080.966921] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3080.970085] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3080.993077] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3080.997096] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3081.017223] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3081.021068] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3081.042180] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3081.046072] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3081.066649] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3081.084532] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3081.106875] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3081.110145] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3081.131929] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3081.140401] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3081.169226] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3081.173097] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3081.194038] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3081.197002] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3081.222264] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3081.226084] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3081.246739] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3081.248553] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3081.271215] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3081.275102] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3081.296653] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3081.300090] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3081.320259] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3081.325117] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3081.352035] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3081.356064] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3081.375895] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3081.381093] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3081.401597] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3081.405062] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3081.426433] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3081.430102] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3081.453216] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3081.457103] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3081.477510] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3081.481990] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3081.502199] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3081.503946] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3081.525237] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3081.529907] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3081.553248] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3081.558137] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3081.581527] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3081.586991] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3081.607593] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3081.611151] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3081.631741] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3081.636161] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3081.659783] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3081.665281] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3081.686642] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3081.690173] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3081.712991] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3081.715116] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3081.738285] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3081.742041] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3081.767201] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3081.773619] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3081.795895] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3081.801157] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3081.822730] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3081.826998] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3081.846255] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred
[ 3081.851030] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name!
[ 3081.876690] ok 11 - snd_soc_tplg_test_load_pcm_tplg_reload_card
[ 3081.876718] ok 16 - snd_soc_tplg_test
[ 3082.153960] # Subtest: soc-utils
[ 3082.153970] 1..1
[ 3082.157561] ok 1 - test_tdm_params_to_bclk
[ 3082.157787] ok 17 - soc-utils
[ 3082.769387] # Subtest: sysctl_test
[ 3082.769397] 1..10
[ 3082.772574] ok 1 - sysctl_test_api_dointvec_null_tbl_data
[ 3082.774511] ok 2 - sysctl_test_api_dointvec_table_maxlen_unset
[ 3082.779928] ok 3 - sysctl_test_api_dointvec_table_len_is_zero
[ 3082.783555] ok 4 - sysctl_test_api_dointvec_table_read_but_position_set
[ 3082.785620] ok 5 - sysctl_test_dointvec_read_happy_single_positive
[ 3082.788449] ok 6 - sysctl_test_dointvec_read_happy_single_negative
[ 3082.791493] ok 7 - sysctl_test_dointvec_write_happy_single_positive
[ 3082.793505] ok 8 - sysctl_test_dointvec_write_happy_single_negative
[ 3082.799958] ok 9 - sysctl_test_api_dointvec_write_single_less_int_min
[ 3082.803498] ok 10 - sysctl_test_api_dointvec_write_single_greater_int_max
[ 3082.804145] ok 18 - sysctl_test
[ 3083.050714] # Subtest: bits-test
[ 3083.050740] 1..3
[ 3083.053657] ok 1 - genmask_test
[ 3083.056474] ok 2 - genmask_ull_test
[ 3083.058593] ok 3 - genmask_input_check_test
[ 3083.058948] ok 19 - bits-test
[ 3084.050851] # Subtest: kasan
[ 3084.050870] 1..55
[ 3084.056600] ==================================================================
[ 3084.057474] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x4ed/0x510 [test_kasan]
[ 3084.058198] Write of size 1 at addr ffff8880527bc573 by task kunit_try_catch/119503
[ 3084.059099] CPU: 0 PID: 119503 Comm: kunit_try_catch Kdump: loaded Not tainted 5.14.0-256.1991_766543265.el9.x86_64+debug #1
[ 3084.060023] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 3084.060511] Call Trace:
[ 3084.060761]
[ 3084.060955] ? kmalloc_oob_right+0x4ed/0x510 [test_kasan]
[ 3084.061411] dump_stack_lvl+0x57/0x81
[ 3084.061834] print_address_description.constprop.0+0x1f/0x1e0
[ 3084.062364] ? kmalloc_oob_right+0x4ed/0x510 [test_kasan]
[ 3084.062826] print_report.cold+0x5c/0x237
[ 3084.063190] kasan_report+0xc9/0x100
[ 3084.063506] ? kmalloc_oob_right+0x4ed/0x510 [test_kasan]
[ 3084.063970] kmalloc_oob_right+0x4ed/0x510 [test_kasan]
[ 3084.064427] ? kmalloc_oob_left+0x2e0/0x2e0 [test_kasan]
[ 3084.064937] ? lockdep_hardirqs_on_prepare.part.0+0x18c/0x370
[ 3084.065443] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 3084.065929] ? kunit_add_resource+0x197/0x280 [kunit]
[ 3084.066360] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3084.066781] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 3084.067210] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3084.067755] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 3084.068209] kthread+0x2a7/0x350
[ 3084.068499] ? kthread_complete_and_exit+0x20/0x20
[ 3084.068914] ret_from_fork+0x22/0x30
[ 3084.069247]
[ 3084.069603] Allocated by task 119503:
[ 3084.069930] kasan_save_stack+0x1e/0x40
[ 3084.070264] __kasan_kmalloc+0x81/0xa0
[ 3084.070592] kmalloc_oob_right+0x98/0x510 [test_kasan]
[ 3084.071027] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3084.071442] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3084.071959] kthread+0x2a7/0x350
[ 3084.072247] ret_from_fork+0x22/0x30
[ 3084.072712] The buggy address belongs to the object at ffff8880527bc500
which belongs to the cache kmalloc-128 of size 128
[ 3084.073737] The buggy address is located 115 bytes inside of
128-byte region [ffff8880527bc500, ffff8880527bc580)
[ 3084.074842] The buggy address belongs to the physical page:
[ 3084.075318] page:00000000890b0012 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x527bc
[ 3084.076173] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 3084.076757] raw: 000fffffc0000200 ffffea000426adc0 dead000000000006 ffff8881000418c0
[ 3084.077404] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[ 3084.078045] page dumped because: kasan: bad access detected
[ 3084.078659] Memory state around the buggy address:
[ 3084.079060] ffff8880527bc400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 3084.079672] ffff8880527bc480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 3084.080268] >ffff8880527bc500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[ 3084.080869] ^
[ 3084.081435] ffff8880527bc580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 3084.082128] ffff8880527bc600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 3084.082733] ==================================================================
[ 3084.083368] Disabling lock debugging due to kernel taint
[ 3084.083830] ==================================================================
[ 3084.084433] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x4e3/0x510 [test_kasan]
[ 3084.085108] Write of size 1 at addr ffff8880527bc578 by task kunit_try_catch/119503
[ 3084.085897] CPU: 0 PID: 119503 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-256.1991_766543265.el9.x86_64+debug #1
[ 3084.087016] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 3084.087496] Call Trace:
[ 3084.087721]
[ 3084.087914] ? kmalloc_oob_right+0x4e3/0x510 [test_kasan]
[ 3084.088368] dump_stack_lvl+0x57/0x81
[ 3084.088740] print_address_description.constprop.0+0x1f/0x1e0
[ 3084.089273] ? kmalloc_oob_right+0x4e3/0x510 [test_kasan]
[ 3084.089732] print_report.cold+0x5c/0x237
[ 3084.090078] kasan_report+0xc9/0x100
[ 3084.090389] ? kmalloc_oob_right+0x4e3/0x510 [test_kasan]
[ 3084.090849] kmalloc_oob_right+0x4e3/0x510 [test_kasan]
[ 3084.091291] ? kmalloc_oob_left+0x2e0/0x2e0 [test_kasan]
[ 3084.091746] ? lockdep_hardirqs_on_prepare.part.0+0x18c/0x370
[ 3084.092251] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 3084.092763] ? kunit_add_resource+0x197/0x280 [kunit]
[ 3084.093194] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3084.093614] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 3084.094042] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3084.094558] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 3084.094993] kthread+0x2a7/0x350
[ 3084.095277] ? kthread_complete_and_exit+0x20/0x20
[ 3084.095690] ret_from_fork+0x22/0x30
[ 3084.096005]
[ 3084.096347] Allocated by task 119503:
[ 3084.096666] kasan_save_stack+0x1e/0x40
[ 3084.096995] __kasan_kmalloc+0x81/0xa0
[ 3084.097317] kmalloc_oob_right+0x98/0x510 [test_kasan]
[ 3084.097764] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3084.098178] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3084.098693] kthread+0x2a7/0x350
[ 3084.098975] ret_from_fork+0x22/0x30
[ 3084.099429] The buggy address belongs to the object at ffff8880527bc500
which belongs to the cache kmalloc-128 of size 128
[ 3084.100453] The buggy address is located 120 bytes inside of
128-byte region [ffff8880527bc500, ffff8880527bc580)
[ 3084.101560] The buggy address belongs to the physical page:
[ 3084.102024] page:00000000890b0012 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x527bc
[ 3084.102788] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 3084.103356] raw: 000fffffc0000200 ffffea000426adc0 dead000000000006 ffff8881000418c0
[ 3084.103997] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[ 3084.104636] page dumped because: kasan: bad access detected
[ 3084.105243] Memory state around the buggy address:
[ 3084.105677] ffff8880527bc400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 3084.106312] ffff8880527bc480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 3084.106916] >ffff8880527bc500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[ 3084.107511] ^
[ 3084.108272] ffff8880527bc580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 3084.108879] ffff8880527bc600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 3084.109474] ==================================================================
[ 3084.110097] ==================================================================
[ 3084.110706] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x4d9/0x510 [test_kasan]
[ 3084.111373] Read of size 1 at addr ffff8880527bc580 by task kunit_try_catch/119503
[ 3084.112241] CPU: 0 PID: 119503 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-256.1991_766543265.el9.x86_64+debug #1
[ 3084.113360] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 3084.113843] Call Trace:
[ 3084.114061]
[ 3084.114252] ? kmalloc_oob_right+0x4d9/0x510 [test_kasan]
[ 3084.114872] dump_stack_lvl+0x57/0x81
[ 3084.115256] print_address_description.constprop.0+0x1f/0x1e0
[ 3084.115799] ? kmalloc_oob_right+0x4d9/0x510 [test_kasan]
[ 3084.116299] print_report.cold+0x5c/0x237
[ 3084.116694] kasan_report+0xc9/0x100
[ 3084.117024] ? kmalloc_oob_right+0x4d9/0x510 [test_kasan]
[ 3084.117544] kmalloc_oob_right+0x4d9/0x510 [test_kasan]
[ 3084.118035] ? kmalloc_oob_left+0x2e0/0x2e0 [test_kasan]
[ 3084.118512] ? lockdep_hardirqs_on_prepare.part.0+0x18c/0x370
[ 3084.119036] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 3084.119568] ? kunit_add_resource+0x197/0x280 [kunit]
[ 3084.120045] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3084.120485] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 3084.120982] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3084.121550] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 3084.122050] kthread+0x2a7/0x350
[ 3084.122333] ? kthread_complete_and_exit+0x20/0x20
[ 3084.122746] ret_from_fork+0x22/0x30
[ 3084.123061]
[ 3084.123403] Allocated by task 119503:
[ 3084.123763] kasan_save_stack+0x1e/0x40
[ 3084.124111] __kasan_kmalloc+0x81/0xa0
[ 3084.124462] kmalloc_oob_right+0x98/0x510 [test_kasan]
[ 3084.124925] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3084.125339] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3084.125854] kthread+0x2a7/0x350
[ 3084.126135] ret_from_fork+0x22/0x30
[ 3084.126616] The buggy address belongs to the object at ffff8880527bc500
which belongs to the cache kmalloc-128 of size 128
[ 3084.127657] The buggy address is located 0 bytes to the right of
128-byte region [ffff8880527bc500, ffff8880527bc580)
[ 3084.128790] The buggy address belongs to the physical page:
[ 3084.130180] page:00000000890b0012 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x527bc
[ 3084.132300] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 3084.133813] raw: 000fffffc0000200 ffffea000426adc0 dead000000000006 ffff8881000418c0
[ 3084.135522] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[ 3084.137210] page dumped because: kasan: bad access detected
[ 3084.138837] Memory state around the buggy address:
[ 3084.139906] ffff8880527bc480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 3084.141704] ffff8880527bc500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
[ 3084.143404] >ffff8880527bc580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 3084.145127] ^
[ 3084.145943] ffff8880527bc600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 3084.147525] ffff8880527bc680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 3084.149123] ==================================================================
[ 3084.151491] ok 1 - kmalloc_oob_right
[ 3084.152416] ==================================================================
[ 3084.155077] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x2bf/0x2e0 [test_kasan]
[ 3084.156897] Read of size 1 at addr ffff888054dab85f by task kunit_try_catch/119504
[ 3084.158849] CPU: 0 PID: 119504 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-256.1991_766543265.el9.x86_64+debug #1
[ 3084.161601] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 3084.162783] Call Trace:
[ 3084.163360]
[ 3084.163840] ? kmalloc_oob_left+0x2bf/0x2e0 [test_kasan]
[ 3084.164911] dump_stack_lvl+0x57/0x81
[ 3084.165712] print_address_description.constprop.0+0x1f/0x1e0
[ 3084.166926] ? kmalloc_oob_left+0x2bf/0x2e0 [test_kasan]
[ 3084.167997] print_report.cold+0x5c/0x237
[ 3084.168796] kasan_report+0xc9/0x100
[ 3084.169506] ? kmalloc_oob_left+0x2bf/0x2e0 [test_kasan]
[ 3084.170553] kmalloc_oob_left+0x2bf/0x2e0 [test_kasan]
[ 3084.171566] ? kmalloc_pagealloc_oob_right+0x290/0x290 [test_kasan]
[ 3084.172879] ? do_raw_spin_trylock+0xb5/0x180
[ 3084.173715] ? do_raw_spin_lock+0x270/0x270
[ 3084.174477] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 3084.175559] ? kunit_add_resource+0x197/0x280 [kunit]
[ 3084.176545] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3084.177445] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 3084.178352] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3084.179458] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 3084.180434] kthread+0x2a7/0x350
[ 3084.181068] ? kthread_complete_and_exit+0x20/0x20
[ 3084.181932] ret_from_fork+0x22/0x30
[ 3084.182594]
[ 3084.183294] Allocated by task 119417:
[ 3084.183914] kasan_save_stack+0x1e/0x40
[ 3084.184565] __kasan_kmalloc+0x81/0xa0
[ 3084.185205] proc_self_get_link+0x165/0x1d0
[ 3084.186006] pick_link+0x86f/0xfb0
[ 3084.186623] step_into+0x507/0xd50
[ 3084.187206] walk_component+0x11f/0x5b0
[ 3084.187899] link_path_walk.part.0.constprop.0+0x567/0xb90
[ 3084.188765] path_lookupat+0x79/0x6b0
[ 3084.189364] filename_lookup+0x19b/0x520
[ 3084.189981] user_path_at_empty+0x3a/0x60
[ 3084.190612] do_utimes+0xe9/0x190
[ 3084.191180] __x64_sys_utimensat+0x150/0x200
[ 3084.191858] do_syscall_64+0x5c/0x90
[ 3084.192446] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 3084.193545] Freed by task 119417:
[ 3084.194079] kasan_save_stack+0x1e/0x40
[ 3084.194706] kasan_set_track+0x21/0x30
[ 3084.195312] kasan_set_free_info+0x20/0x40
[ 3084.195974] __kasan_slab_free+0x108/0x170
[ 3084.196633] slab_free_freelist_hook+0x11d/0x1d0
[ 3084.197364] kfree+0xe2/0x3c0
[ 3084.197866] walk_component+0x1f1/0x5b0
[ 3084.198311] link_path_walk.part.0.constprop.0+0x485/0xb90
[ 3084.198827] path_lookupat+0x79/0x6b0
[ 3084.199179] filename_lookup+0x19b/0x520
[ 3084.199591] user_path_at_empty+0x3a/0x60
[ 3084.200040] do_utimes+0xe9/0x190
[ 3084.200361] __x64_sys_utimensat+0x150/0x200
[ 3084.205442] do_syscall_64+0x5c/0x90
[ 3084.205831] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 3084.206507] The buggy address belongs to the object at ffff888054dab840
which belongs to the cache kmalloc-16 of size 16
[ 3084.207659] The buggy address is located 15 bytes to the right of
16-byte region [ffff888054dab840, ffff888054dab850)
[ 3084.208961] The buggy address belongs to the physical page:
[ 3084.209486] page:000000003e53b5cf refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x54dab
[ 3084.210406] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 3084.211106] raw: 000fffffc0000200 dead000000000100 dead000000000122 ffff8881000413c0
[ 3084.211904] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000
[ 3084.212676] page dumped because: kasan: bad access detected
[ 3084.213388] Memory state around the buggy address:
[ 3084.213845] ffff888054dab700: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[ 3084.214535] ffff888054dab780: fb fb fc fc 00 00 fc fc fb fb fc fc 00 00 fc fc
[ 3084.215296] >ffff888054dab800: fb fb fc fc 00 00 fc fc fa fb fc fc 00 07 fc fc
[ 3084.215961] ^
[ 3084.216538] ffff888054dab880: fb fb fc fc fb fb fc fc 00 00 fc fc fb fb fc fc
[ 3084.217251] ffff888054dab900: fb fb fc fc fb fb fc fc fb fb fc fc 00 00 fc fc
[ 3084.218041] ==================================================================
[ 3084.219569] ok 2 - kmalloc_oob_left
[ 3084.222574] ==================================================================
[ 3084.223686] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x2bf/0x2e0 [test_kasan]
[ 3084.224535] Read of size 1 at addr ffff888012905000 by task kunit_try_catch/119505
[ 3084.225555] CPU: 0 PID: 119505 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-256.1991_766543265.el9.x86_64+debug #1
[ 3084.226993] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 3084.227660] Call Trace:
[ 3084.227941]
[ 3084.228195] ? kmalloc_node_oob_right+0x2bf/0x2e0 [test_kasan]
[ 3084.228794] dump_stack_lvl+0x57/0x81
[ 3084.229186] print_address_description.constprop.0+0x1f/0x1e0
[ 3084.229772] ? kmalloc_node_oob_right+0x2bf/0x2e0 [test_kasan]
[ 3084.230370] print_report.cold+0x5c/0x237
[ 3084.230763] kasan_report+0xc9/0x100
[ 3084.231117] ? kmalloc_node_oob_right+0x2bf/0x2e0 [test_kasan]
[ 3084.231826] kmalloc_node_oob_right+0x2bf/0x2e0 [test_kasan]
[ 3084.232421] ? pagealloc_uaf+0x2f0/0x2f0 [test_kasan]
[ 3084.232951] ? do_raw_spin_trylock+0xb5/0x180
[ 3084.233396] ? do_raw_spin_lock+0x270/0x270
[ 3084.233885] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 3084.234492] ? kunit_add_resource+0x197/0x280 [kunit]
[ 3084.235047] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3084.235575] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 3084.236105] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3084.236772] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 3084.237306] kthread+0x2a7/0x350
[ 3084.237655] ? kthread_complete_and_exit+0x20/0x20
[ 3084.238143] ret_from_fork+0x22/0x30
[ 3084.238525]
[ 3084.238951] Allocated by task 119505:
[ 3084.239339] kasan_save_stack+0x1e/0x40
[ 3084.239734] __kasan_kmalloc+0x81/0xa0
[ 3084.240123] kmalloc_node_oob_right+0x9a/0x2e0 [test_kasan]
[ 3084.240686] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3084.241188] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3084.241801] kthread+0x2a7/0x350
[ 3084.242151] ret_from_fork+0x22/0x30
[ 3084.242709] The buggy address belongs to the object at ffff888012904000
which belongs to the cache kmalloc-4k of size 4096
[ 3084.243987] The buggy address is located 0 bytes to the right of
4096-byte region [ffff888012904000, ffff888012905000)
[ 3084.245392] The buggy address belongs to the physical page:
[ 3084.245934] page:0000000006fc0ee8 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x12900
[ 3084.246861] head:0000000006fc0ee8 order:3 compound_mapcount:0 compound_pincount:0
[ 3084.247567] flags: 0xfffffc0010200(slab|head|node=0|zone=1|lastcpupid=0x1fffff)
[ 3084.248292] raw: 000fffffc0010200 ffffea00002b5c00 dead000000000002 ffff888100042140
[ 3084.249099] raw: 0000000000000000 0000000080040004 00000001ffffffff 0000000000000000
[ 3084.249832] page dumped because: kasan: bad access detected
[ 3084.250532] Memory state around the buggy address:
[ 3084.250989] ffff888012904f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 3084.251683] ffff888012904f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 3084.252364] >ffff888012905000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 3084.253102] ^
[ 3084.253425] ffff888012905080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 3084.254357] ffff888012905100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 3084.255299] ==================================================================
[ 3084.257703] ok 3 - kmalloc_node_oob_right
[ 3084.260344] ==================================================================
[ 3084.261579] BUG: KASAN: slab-out-of-bounds in kmalloc_pagealloc_oob_right+0x27b/0x290 [test_kasan]
[ 3084.262539] Write of size 1 at addr ffff88805621600a by task kunit_try_catch/119506
[ 3084.263422] CPU: 0 PID: 119506 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-256.1991_766543265.el9.x86_64+debug #1
[ 3084.264856] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 3084.265517] Call Trace:
[ 3084.265823]
[ 3084.266045] ? kmalloc_pagealloc_oob_right+0x27b/0x290 [test_kasan]
[ 3084.266687] dump_stack_lvl+0x57/0x81
[ 3084.267089] print_address_description.constprop.0+0x1f/0x1e0
[ 3084.267731] ? kmalloc_pagealloc_oob_right+0x27b/0x290 [test_kasan]
[ 3084.268367] print_report.cold+0x5c/0x237
[ 3084.268803] kasan_report+0xc9/0x100
[ 3084.269180] ? kmalloc_pagealloc_oob_right+0x27b/0x290 [test_kasan]
[ 3084.269859] kmalloc_pagealloc_oob_right+0x27b/0x290 [test_kasan]
[ 3084.270496] ? kmalloc_pagealloc_uaf+0x280/0x280 [test_kasan]
[ 3084.271095] ? do_raw_spin_trylock+0xb5/0x180
[ 3084.271586] ? do_raw_spin_lock+0x270/0x270
[ 3084.272055] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 3084.272628] ? kunit_add_resource+0x197/0x280 [kunit]
[ 3084.273159] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3084.273640] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 3084.274121] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3084.274770] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 3084.275319] kthread+0x2a7/0x350
[ 3084.275651] ? kthread_complete_and_exit+0x20/0x20
[ 3084.276115] ret_from_fork+0x22/0x30
[ 3084.276486]
[ 3084.276897] The buggy address belongs to the physical page:
[ 3084.277493] page:00000000c64bd5e5 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x56214
[ 3084.278373] head:00000000c64bd5e5 order:2 compound_mapcount:0 compound_pincount:0
[ 3084.279132] flags: 0xfffffc0010000(head|node=0|zone=1|lastcpupid=0x1fffff)
[ 3084.279785] raw: 000fffffc0010000 0000000000000000 dead000000000122 0000000000000000
[ 3084.280520] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[ 3084.281238] page dumped because: kasan: bad access detected
[ 3084.282045] Memory state around the buggy address:
[ 3084.282591] ffff888056215f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 3084.283350] ffff888056215f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 3084.284184] >ffff888056216000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[ 3084.285023] ^
[ 3084.285367] ffff888056216080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[ 3084.286043] ffff888056216100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[ 3084.286771] ==================================================================
[ 3084.287661] ok 4 - kmalloc_pagealloc_oob_right
[ 3084.289398] ==================================================================
[ 3084.290654] BUG: KASAN: use-after-free in kmalloc_pagealloc_uaf+0x26b/0x280 [test_kasan]
[ 3084.291487] Read of size 1 at addr ffff888056214000 by task kunit_try_catch/119507
[ 3084.292571] CPU: 0 PID: 119507 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-256.1991_766543265.el9.x86_64+debug #1
[ 3084.293883] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 3084.294437] Call Trace:
[ 3084.294762]
[ 3084.295053] ? kmalloc_pagealloc_uaf+0x26b/0x280 [test_kasan]
[ 3084.295640] dump_stack_lvl+0x57/0x81
[ 3084.296030] print_address_description.constprop.0+0x1f/0x1e0
[ 3084.296710] ? kmalloc_pagealloc_uaf+0x26b/0x280 [test_kasan]
[ 3084.297396] print_report.cold+0x5c/0x237
[ 3084.297792] kasan_report+0xc9/0x100
[ 3084.298138] ? kmalloc_pagealloc_uaf+0x26b/0x280 [test_kasan]
[ 3084.298768] kmalloc_pagealloc_uaf+0x26b/0x280 [test_kasan]
[ 3084.299335] ? kmalloc_pagealloc_invalid_free+0x250/0x250 [test_kasan]
[ 3084.300019] ? do_raw_spin_trylock+0xb5/0x180
[ 3084.300454] ? do_raw_spin_lock+0x270/0x270
[ 3084.300874] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 3084.301433] ? kunit_add_resource+0x197/0x280 [kunit]
[ 3084.301979] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3084.302464] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 3084.303030] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3084.303632] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 3084.304131] kthread+0x2a7/0x350
[ 3084.304459] ? kthread_complete_and_exit+0x20/0x20
[ 3084.304930] ret_from_fork+0x22/0x30
[ 3084.305305]
[ 3084.305699] The buggy address belongs to the physical page:
[ 3084.306232] page:00000000c64bd5e5 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x56214
[ 3084.307160] flags: 0xfffffc0000000(node=0|zone=1|lastcpupid=0x1fffff)
[ 3084.307793] raw: 000fffffc0000000 ffffea0001306608 ffff88810c1ff270 0000000000000000
[ 3084.308537] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[ 3084.309262] page dumped because: kasan: bad access detected
[ 3084.309968] Memory state around the buggy address:
[ 3084.310431] ffff888056213f00: 00 fc fc 00 00 00 00 00 fc fc 00 00 00 00 00 fc
[ 3084.311167] ffff888056213f80: fc 00 00 00 00 00 fc fc 00 00 00 00 00 fc fc fc
[ 3084.311852] >ffff888056214000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 3084.312548] ^
[ 3084.312854] ffff888056214080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 3084.313538] ffff888056214100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 3084.314200] ==================================================================
[ 3084.315053] ok 5 - kmalloc_pagealloc_uaf
[ 3084.316340] ==================================================================
[ 3084.317440] BUG: KASAN: double-free or invalid-free in kmalloc_pagealloc_invalid_free+0x191/0x250 [test_kasan]
[ 3084.318643] CPU: 0 PID: 119508 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-256.1991_766543265.el9.x86_64+debug #1
[ 3084.320179] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 3084.320841] Call Trace:
[ 3084.321126]
[ 3084.321402] dump_stack_lvl+0x57/0x81
[ 3084.321950] print_address_description.constprop.0+0x1f/0x1e0
[ 3084.322536] print_report.cold+0x5c/0x237
[ 3084.322936] ? kmalloc_pagealloc_invalid_free+0x191/0x250 [test_kasan]
[ 3084.323582] ? kmalloc_pagealloc_invalid_free+0x191/0x250 [test_kasan]
[ 3084.324240] kasan_report_invalid_free+0x99/0xc0
[ 3084.324710] ? kmalloc_pagealloc_invalid_free+0x191/0x250 [test_kasan]
[ 3084.325351] kfree+0x2ab/0x3c0
[ 3084.325674] kmalloc_pagealloc_invalid_free+0x191/0x250 [test_kasan]
[ 3084.326278] ? kmalloc_large_oob_right+0x2b0/0x2b0 [test_kasan]
[ 3084.326850] ? do_raw_spin_trylock+0xb5/0x180
[ 3084.327367] ? do_raw_spin_lock+0x270/0x270
[ 3084.327843] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 3084.328536] ? kunit_add_resource+0x197/0x280 [kunit]
[ 3084.329104] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3084.329675] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 3084.330242] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3084.330921] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 3084.331470] kthread+0x2a7/0x350
[ 3084.331844] ? kthread_complete_and_exit+0x20/0x20
[ 3084.332392] ret_from_fork+0x22/0x30
[ 3084.332785]
[ 3084.333162] The buggy address belongs to the physical page:
[ 3084.333663] page:00000000c64bd5e5 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x56214
[ 3084.334543] head:00000000c64bd5e5 order:2 compound_mapcount:0 compound_pincount:0
[ 3084.335324] flags: 0xfffffc0010000(head|node=0|zone=1|lastcpupid=0x1fffff)
[ 3084.336087] raw: 000fffffc0010000 0000000000000000 dead000000000122 0000000000000000
[ 3084.336847] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[ 3084.337560] page dumped because: kasan: bad access detected
[ 3084.338251] Memory state around the buggy address:
[ 3084.338710] ffff888056213f00: 00 fc fc 00 00 00 00 00 fc fc 00 00 00 00 00 fc
[ 3084.339505] ffff888056213f80: fc 00 00 00 00 00 fc fc 00 00 00 00 00 fc fc fc
[ 3084.340180] >ffff888056214000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 3084.340905] ^
[ 3084.341245] ffff888056214080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 3084.341927] ffff888056214100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 3084.342616] ==================================================================
[ 3084.343382] ok 6 - kmalloc_pagealloc_invalid_free
[ 3084.345346] ok 7 - pagealloc_oob_right # SKIP Test requires CONFIG_KASAN_GENERIC=n
[ 3084.346459] ==================================================================
[ 3084.347887] BUG: KASAN: use-after-free in pagealloc_uaf+0x2b5/0x2f0 [test_kasan]
[ 3084.348693] Read of size 1 at addr ffff8880571e0000 by task kunit_try_catch/119510
[ 3084.349698] CPU: 0 PID: 119510 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-256.1991_766543265.el9.x86_64+debug #1
[ 3084.351107] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 3084.351828] Call Trace:
[ 3084.352134]
[ 3084.352380] ? pagealloc_uaf+0x2b5/0x2f0 [test_kasan]
[ 3084.352925] dump_stack_lvl+0x57/0x81
[ 3084.353307] print_address_description.constprop.0+0x1f/0x1e0
[ 3084.354047] ? pagealloc_uaf+0x2b5/0x2f0 [test_kasan]
[ 3084.354779] print_report.cold+0x5c/0x237
[ 3084.355322] kasan_report+0xc9/0x100
[ 3084.355870] ? pagealloc_uaf+0x2b5/0x2f0 [test_kasan]
[ 3084.356506] pagealloc_uaf+0x2b5/0x2f0 [test_kasan]
[ 3084.357080] ? krealloc_more_oob+0x10/0x10 [test_kasan]
[ 3084.357662] ? do_raw_spin_trylock+0xb5/0x180
[ 3084.358210] ? do_raw_spin_lock+0x270/0x270
[ 3084.358709] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 3084.359339] ? kunit_add_resource+0x197/0x280 [kunit]
[ 3084.359976] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3084.360676] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 3084.361295] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3084.362045] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 3084.362569] kthread+0x2a7/0x350
[ 3084.362897] ? kthread_complete_and_exit+0x20/0x20
[ 3084.363384] ret_from_fork+0x22/0x30
[ 3084.363781]
[ 3084.364216] The buggy address belongs to the physical page:
[ 3084.364784] page:000000009338d066 refcount:0 mapcount:-128 mapping:0000000000000000 index:0x0 pfn:0x571e0
[ 3084.365729] flags: 0xfffffc0000000(node=0|zone=1|lastcpupid=0x1fffff)
[ 3084.366370] raw: 000fffffc0000000 ffffea0001856408 ffff88813ffd2aa0 0000000000000000
[ 3084.367217] raw: 0000000000000000 0000000000000004 00000000ffffff7f 0000000000000000
[ 3084.368026] page dumped because: kasan: bad access detected
[ 3084.368763] Memory state around the buggy address:
[ 3084.369241] ffff8880571dff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 3084.370005] ffff8880571dff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 3084.370802] >ffff8880571e0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 3084.371661] ^
[ 3084.372034] ffff8880571e0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 3084.372760] ffff8880571e0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 3084.373459] ==================================================================
[ 3084.374438] ok 8 - pagealloc_uaf
[ 3084.376374] ==================================================================
[ 3084.377570] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x28c/0x2b0 [test_kasan]
[ 3084.378519] Write of size 1 at addr ffff888060a89f00 by task kunit_try_catch/119511
[ 3084.379544] CPU: 0 PID: 119511 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-256.1991_766543265.el9.x86_64+debug #1
[ 3084.380909] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 3084.381472] Call Trace:
[ 3084.381877]
[ 3084.382118] ? kmalloc_large_oob_right+0x28c/0x2b0 [test_kasan]
[ 3084.382788] dump_stack_lvl+0x57/0x81
[ 3084.383173] print_address_description.constprop.0+0x1f/0x1e0
[ 3084.383843] ? kmalloc_large_oob_right+0x28c/0x2b0 [test_kasan]
[ 3084.384500] print_report.cold+0x5c/0x237
[ 3084.384953] kasan_report+0xc9/0x100
[ 3084.385412] ? kmalloc_large_oob_right+0x28c/0x2b0 [test_kasan]
[ 3084.386083] kmalloc_large_oob_right+0x28c/0x2b0 [test_kasan]
[ 3084.386711] ? kmalloc_oob_16+0x3b0/0x3b0 [test_kasan]
[ 3084.387246] ? do_raw_spin_trylock+0xb5/0x180
[ 3084.387713] ? do_raw_spin_lock+0x270/0x270
[ 3084.388154] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 3084.388728] ? kunit_add_resource+0x197/0x280 [kunit]
[ 3084.389317] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3084.389924] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 3084.390488] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3084.391113] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 3084.391673] kthread+0x2a7/0x350
[ 3084.392054] ? kthread_complete_and_exit+0x20/0x20
[ 3084.392533] ret_from_fork+0x22/0x30
[ 3084.392901]
[ 3084.393290] Allocated by task 119511:
[ 3084.393687] kasan_save_stack+0x1e/0x40
[ 3084.394083] __kasan_kmalloc+0x81/0xa0
[ 3084.394463] kmalloc_large_oob_right+0x98/0x2b0 [test_kasan]
[ 3084.395106] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3084.395610] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3084.396214] kthread+0x2a7/0x350
[ 3084.396561] ret_from_fork+0x22/0x30
[ 3084.397114] The buggy address belongs to the object at ffff888060a88000
which belongs to the cache kmalloc-8k of size 8192
[ 3084.398270] The buggy address is located 7936 bytes inside of
8192-byte region [ffff888060a88000, ffff888060a8a000)
[ 3084.399650] The buggy address belongs to the physical page:
[ 3084.400179] page:0000000085530eca refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x60a88
[ 3084.401104] head:0000000085530eca order:3 compound_mapcount:0 compound_pincount:0
[ 3084.401818] flags: 0xfffffc0010200(slab|head|node=0|zone=1|lastcpupid=0x1fffff)
[ 3084.402566] raw: 000fffffc0010200 ffffea0000181c00 dead000000000003 ffff888100042280
[ 3084.403408] raw: 0000000000000000 0000000080020002 00000001ffffffff 0000000000000000
[ 3084.404135] page dumped because: kasan: bad access detected
[ 3084.404921] Memory state around the buggy address:
[ 3084.405402] ffff888060a89e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 3084.406100] ffff888060a89e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 3084.406828] >ffff888060a89f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 3084.407545] ^
[ 3084.407937] ffff888060a89f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 3084.408688] ffff888060a8a000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 3084.409396] ==================================================================
[ 3084.410338] ok 9 - kmalloc_large_oob_right
[ 3084.412379] ==================================================================
[ 3084.413559] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c3/0x610 [test_kasan]
[ 3084.414389] Write of size 1 at addr ffff88800e5488eb by task kunit_try_catch/119512
[ 3084.415790] CPU: 0 PID: 119512 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-256.1991_766543265.el9.x86_64+debug #1
[ 3084.417475] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 3084.418129] Call Trace:
[ 3084.418377]
[ 3084.418625] ? krealloc_more_oob_helper+0x5c3/0x610 [test_kasan]
[ 3084.419230] dump_stack_lvl+0x57/0x81
[ 3084.419638] print_address_description.constprop.0+0x1f/0x1e0
[ 3084.420256] ? krealloc_more_oob_helper+0x5c3/0x610 [test_kasan]
[ 3084.420965] print_report.cold+0x5c/0x237
[ 3084.421458] kasan_report+0xc9/0x100
[ 3084.422003] ? krealloc_more_oob_helper+0x5c3/0x610 [test_kasan]
[ 3084.422663] krealloc_more_oob_helper+0x5c3/0x610 [test_kasan]
[ 3084.423255] ? krealloc_less_oob+0x10/0x10 [test_kasan]
[ 3084.423760] ? rcu_read_lock_sched_held+0x12/0x80
[ 3084.424223] ? rcu_read_lock_sched_held+0x12/0x80
[ 3084.424718] ? lock_acquire+0x4ea/0x620
[ 3084.425114] ? rcu_read_unlock+0x40/0x40
[ 3084.425502] ? rcu_read_unlock+0x40/0x40
[ 3084.425899] ? rcu_read_lock_sched_held+0x12/0x80
[ 3084.426359] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 3084.426902] ? do_raw_spin_lock+0x270/0x270
[ 3084.427315] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit]
[ 3084.427911] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 3084.428413] ? kunit_add_resource+0x197/0x280 [kunit]
[ 3084.429132] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3084.429691] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 3084.430285] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3084.430942] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 3084.431458] kthread+0x2a7/0x350
[ 3084.431776] ? kthread_complete_and_exit+0x20/0x20
[ 3084.432278] ret_from_fork+0x22/0x30
[ 3084.432699]
[ 3084.433137] Allocated by task 119512:
[ 3084.433541] kasan_save_stack+0x1e/0x40
[ 3084.433922] __kasan_krealloc+0xee/0x160
[ 3084.434341] krealloc+0x50/0xe0
[ 3084.434723] krealloc_more_oob_helper+0x1d5/0x610 [test_kasan]
[ 3084.435340] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3084.435896] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3084.436486] kthread+0x2a7/0x350
[ 3084.436838] ret_from_fork+0x22/0x30
[ 3084.437457] Last potentially related work creation:
[ 3084.438078] kasan_save_stack+0x1e/0x40
[ 3084.438470] __kasan_record_aux_stack+0x96/0xb0
[ 3084.438920] kvfree_call_rcu+0x7d/0x840
[ 3084.439295] dma_resv_list_free.part.0+0xd4/0x130
[ 3084.439817] dma_resv_fini+0x38/0x50
[ 3084.440194] drm_gem_object_release+0x73/0x100 [drm]
[ 3084.440828] qxl_ttm_bo_destroy+0x17f/0x200 [qxl]
[ 3084.441300] ttm_bo_release+0x68b/0xbc0 [ttm]
[ 3084.441910] ttm_bo_delayed_delete+0x312/0x550 [ttm]
[ 3084.442417] ttm_device_delayed_workqueue+0x18/0x70 [ttm]
[ 3084.443028] process_one_work+0x8e5/0x1520
[ 3084.443462] worker_thread+0x59e/0xf90
[ 3084.443891] kthread+0x2a7/0x350
[ 3084.444204] ret_from_fork+0x22/0x30
[ 3084.444770] Second to last potentially related work creation:
[ 3084.445326] kasan_save_stack+0x1e/0x40
[ 3084.445723] __kasan_record_aux_stack+0x96/0xb0
[ 3084.446186] kvfree_call_rcu+0x7d/0x840
[ 3084.446588] dma_resv_reserve_fences+0x595/0x680
[ 3084.447070] ttm_eu_reserve_buffers+0x42c/0x1070 [ttm]
[ 3084.447570] qxl_release_reserve_list+0xe5/0x320 [qxl]
[ 3084.448064] qxl_draw_dirty_fb+0x40e/0x1c70 [qxl]
[ 3084.448516] qxl_framebuffer_surface_dirty+0x307/0x610 [qxl]
[ 3084.449063] drm_fb_helper_damage_work+0x537/0x8c0 [drm_kms_helper]
[ 3084.449764] process_one_work+0x8e5/0x1520
[ 3084.450225] worker_thread+0x59e/0xf90
[ 3084.450652] kthread+0x2a7/0x350
[ 3084.451018] ret_from_fork+0x22/0x30
[ 3084.451565] The buggy address belongs to the object at ffff88800e548800
which belongs to the cache kmalloc-256 of size 256
[ 3084.452756] The buggy address is located 235 bytes inside of
256-byte region [ffff88800e548800, ffff88800e548900)
[ 3084.454041] The buggy address belongs to the physical page:
[ 3084.454741] page:00000000fd21cc05 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xe548
[ 3084.455922] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 3084.456781] raw: 000fffffc0000200 0000000000000000 dead000000000001 ffff888100041b40
[ 3084.457763] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000
[ 3084.458549] page dumped because: kasan: bad access detected
[ 3084.459285] Memory state around the buggy address:
[ 3084.459832] ffff88800e548780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 3084.460674] ffff88800e548800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 3084.461479] >ffff88800e548880: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[ 3084.462285] ^
[ 3084.463074] ffff88800e548900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 3084.463851] ffff88800e548980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 3084.464577] ==================================================================
[ 3084.465514] ==================================================================
[ 3084.466220] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5b6/0x610 [test_kasan]
[ 3084.467128] Write of size 1 at addr ffff88800e5488f0 by task kunit_try_catch/119512
[ 3084.468234] CPU: 0 PID: 119512 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-256.1991_766543265.el9.x86_64+debug #1
[ 3084.469747] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 3084.470403] Call Trace:
[ 3084.470698]
[ 3084.470956] ? krealloc_more_oob_helper+0x5b6/0x610 [test_kasan]
[ 3084.471661] dump_stack_lvl+0x57/0x81
[ 3084.472148] print_address_description.constprop.0+0x1f/0x1e0
[ 3084.472738] ? krealloc_more_oob_helper+0x5b6/0x610 [test_kasan]
[ 3084.473381] print_report.cold+0x5c/0x237
[ 3084.473830] kasan_report+0xc9/0x100
[ 3084.474188] ? krealloc_more_oob_helper+0x5b6/0x610 [test_kasan]
[ 3084.474798] krealloc_more_oob_helper+0x5b6/0x610 [test_kasan]
[ 3084.475419] ? krealloc_less_oob+0x10/0x10 [test_kasan]
[ 3084.475952] ? rcu_read_lock_sched_held+0x12/0x80
[ 3084.476408] ? rcu_read_lock_sched_held+0x12/0x80
[ 3084.476927] ? lock_acquire+0x4ea/0x620
[ 3084.477292] ? rcu_read_unlock+0x40/0x40
[ 3084.477681] ? rcu_read_unlock+0x40/0x40
[ 3084.478069] ? rcu_read_lock_sched_held+0x12/0x80
[ 3084.478549] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 3084.479121] ? do_raw_spin_lock+0x270/0x270
[ 3084.479537] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit]
[ 3084.480172] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 3084.480675] ? kunit_add_resource+0x197/0x280 [kunit]
[ 3084.481216] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3084.481804] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 3084.482313] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3084.483036] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 3084.483553] kthread+0x2a7/0x350
[ 3084.483878] ? kthread_complete_and_exit+0x20/0x20
[ 3084.484328] ret_from_fork+0x22/0x30
[ 3084.484717]
[ 3084.485127] Allocated by task 119512:
[ 3084.485582] kasan_save_stack+0x1e/0x40
[ 3084.485995] __kasan_krealloc+0xee/0x160
[ 3084.486426] krealloc+0x50/0xe0
[ 3084.486847] krealloc_more_oob_helper+0x1d5/0x610 [test_kasan]
[ 3084.487478] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3084.487983] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3084.488590] kthread+0x2a7/0x350
[ 3084.488941] ret_from_fork+0x22/0x30
[ 3084.489468] Last potentially related work creation:
[ 3084.489938] kasan_save_stack+0x1e/0x40
[ 3084.490309] __kasan_record_aux_stack+0x96/0xb0
[ 3084.490864] kvfree_call_rcu+0x7d/0x840
[ 3084.491259] dma_resv_list_free.part.0+0xd4/0x130
[ 3084.491738] dma_resv_fini+0x38/0x50
[ 3084.492129] drm_gem_object_release+0x73/0x100 [drm]
[ 3084.492664] qxl_ttm_bo_destroy+0x17f/0x200 [qxl]
[ 3084.493163] ttm_bo_release+0x68b/0xbc0 [ttm]
[ 3084.493623] ttm_bo_delayed_delete+0x312/0x550 [ttm]
[ 3084.494138] ttm_device_delayed_workqueue+0x18/0x70 [ttm]
[ 3084.494721] process_one_work+0x8e5/0x1520
[ 3084.495200] worker_thread+0x59e/0xf90
[ 3084.495571] kthread+0x2a7/0x350
[ 3084.495899] ret_from_fork+0x22/0x30
[ 3084.496474] Second to last potentially related work creation:
[ 3084.497028] kasan_save_stack+0x1e/0x40
[ 3084.497410] __kasan_record_aux_stack+0x96/0xb0
[ 3084.497954] kvfree_call_rcu+0x7d/0x840
[ 3084.498371] dma_resv_reserve_fences+0x595/0x680
[ 3084.498901] ttm_eu_reserve_buffers+0x42c/0x1070 [ttm]
[ 3084.499430] qxl_release_reserve_list+0xe5/0x320 [qxl]
[ 3084.499996] qxl_draw_dirty_fb+0x40e/0x1c70 [qxl]
[ 3084.500486] qxl_framebuffer_surface_dirty+0x307/0x610 [qxl]
[ 3084.501106] drm_fb_helper_damage_work+0x537/0x8c0 [drm_kms_helper]
[ 3084.501875] process_one_work+0x8e5/0x1520
[ 3084.502301] worker_thread+0x59e/0xf90
[ 3084.502710] kthread+0x2a7/0x350
[ 3084.503055] ret_from_fork+0x22/0x30
[ 3084.503573] The buggy address belongs to the object at ffff88800e548800
which belongs to the cache kmalloc-256 of size 256
[ 3084.504787] The buggy address is located 240 bytes inside of
256-byte region [ffff88800e548800, ffff88800e548900)
[ 3084.506088] The buggy address belongs to the physical page:
[ 3084.506680] page:00000000fd21cc05 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xe548
[ 3084.507589] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 3084.508244] raw: 000fffffc0000200 0000000000000000 dead000000000001 ffff888100041b40
[ 3084.508968] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000
[ 3084.509746] page dumped because: kasan: bad access detected
[ 3084.510483] Memory state around the buggy address:
[ 3084.510955] ffff88800e548780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 3084.511681] ffff88800e548800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 3084.512411] >ffff88800e548880: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
[ 3084.513106] ^
[ 3084.513785] ffff88800e548900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 3084.514642] ffff88800e548980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 3084.515633] ==================================================================
[ 3084.518515] ok 10 - krealloc_more_oob
[ 3084.545769] ==================================================================
[ 3084.547180] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan]
[ 3084.548129] Write of size 1 at addr ffff888109caa4c9 by task kunit_try_catch/119513
[ 3084.549086] CPU: 0 PID: 119513 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-256.1991_766543265.el9.x86_64+debug #1
[ 3084.550403] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 3084.551036] Call Trace:
[ 3084.551297]
[ 3084.551527] ? krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan]
[ 3084.552135] dump_stack_lvl+0x57/0x81
[ 3084.552752] print_address_description.constprop.0+0x1f/0x1e0
[ 3084.553442] ? krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan]
[ 3084.554351] print_report.cold+0x5c/0x237
[ 3084.554882] kasan_report+0xc9/0x100
[ 3084.555359] ? krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan]
[ 3084.556156] krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan]
[ 3084.556926] ? krealloc_uaf+0x450/0x450 [test_kasan]
[ 3084.557453] ? rcu_read_lock_sched_held+0x12/0x80
[ 3084.558049] ? rcu_read_lock_sched_held+0x12/0x80
[ 3084.558513] ? lock_acquire+0x4ea/0x620
[ 3084.558970] ? rcu_read_unlock+0x40/0x40
[ 3084.559355] ? rcu_read_unlock+0x40/0x40
[ 3084.559787] ? rcu_read_lock_sched_held+0x12/0x80
[ 3084.560418] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 3084.561075] ? do_raw_spin_lock+0x270/0x270
[ 3084.561672] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit]
[ 3084.562412] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 3084.563050] ? kunit_add_resource+0x197/0x280 [kunit]
[ 3084.563760] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3084.564352] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 3084.565020] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3084.565697] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 3084.566246] kthread+0x2a7/0x350
[ 3084.566616] ? kthread_complete_and_exit+0x20/0x20
[ 3084.567119] ret_from_fork+0x22/0x30
[ 3084.567540]
[ 3084.568007] Allocated by task 119513:
[ 3084.568432] kasan_save_stack+0x1e/0x40
[ 3084.568968] __kasan_krealloc+0xee/0x160
[ 3084.569344] krealloc+0x50/0xe0
[ 3084.569840] krealloc_less_oob_helper+0x1d9/0xa20 [test_kasan]
[ 3084.570537] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3084.571180] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3084.571956] kthread+0x2a7/0x350
[ 3084.572323] ret_from_fork+0x22/0x30
[ 3084.572949] Last potentially related work creation:
[ 3084.573424] kasan_save_stack+0x1e/0x40
[ 3084.573925] __kasan_record_aux_stack+0x96/0xb0
[ 3084.574363] kvfree_call_rcu+0x7d/0x840
[ 3084.574775] dma_resv_list_free.part.0+0xd4/0x130
[ 3084.575279] dma_resv_fini+0x38/0x50
[ 3084.575677] drm_gem_object_release+0x73/0x100 [drm]
[ 3084.576386] qxl_ttm_bo_destroy+0x17f/0x200 [qxl]
[ 3084.576956] ttm_bo_release+0x68b/0xbc0 [ttm]
[ 3084.577484] ttm_bo_delayed_delete+0x312/0x550 [ttm]
[ 3084.578045] ttm_device_delayed_workqueue+0x18/0x70 [ttm]
[ 3084.578591] process_one_work+0x8e5/0x1520
[ 3084.579041] worker_thread+0x59e/0xf90
[ 3084.579430] kthread+0x2a7/0x350
[ 3084.579773] ret_from_fork+0x22/0x30
[ 3084.580312] Second to last potentially related work creation:
[ 3084.580935] kasan_save_stack+0x1e/0x40
[ 3084.581302] __kasan_record_aux_stack+0x96/0xb0
[ 3084.581774] kvfree_call_rcu+0x7d/0x840
[ 3084.582175] dma_resv_reserve_fences+0x35d/0x680
[ 3084.582650] ttm_eu_reserve_buffers+0x42c/0x1070 [ttm]
[ 3084.583206] qxl_release_reserve_list+0xe5/0x320 [qxl]
[ 3084.583778] qxl_draw_dirty_fb+0x40e/0x1c70 [qxl]
[ 3084.584223] qxl_framebuffer_surface_dirty+0x307/0x610 [qxl]
[ 3084.584827] drm_fb_helper_damage_work+0x537/0x8c0 [drm_kms_helper]
[ 3084.585583] process_one_work+0x8e5/0x1520
[ 3084.586026] worker_thread+0x59e/0xf90
[ 3084.586381] kthread+0x2a7/0x350
[ 3084.586816] ret_from_fork+0x22/0x30
[ 3084.587427] The buggy address belongs to the object at ffff888109caa400
which belongs to the cache kmalloc-256 of size 256
[ 3084.588955] The buggy address is located 201 bytes inside of
256-byte region [ffff888109caa400, ffff888109caa500)
[ 3084.590349] The buggy address belongs to the physical page:
[ 3084.590970] page:0000000095eefb39 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109caa
[ 3084.592038] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff)
[ 3084.592852] raw: 0017ffffc0000200 dead000000000100 dead000000000122 ffff888100041b40
[ 3084.593693] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000
[ 3084.594428] page dumped because: kasan: bad access detected
[ 3084.595202] Memory state around the buggy address:
[ 3084.595674] ffff888109caa380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 3084.596334] ffff888109caa400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 3084.597061] >ffff888109caa480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[ 3084.597778] ^
[ 3084.598302] ffff888109caa500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 3084.599029] ffff888109caa580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 3084.599808] ==================================================================
[ 3084.601018] ==================================================================
[ 3084.601778] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan]
[ 3084.602739] Write of size 1 at addr ffff888109caa4d0 by task kunit_try_catch/119513
[ 3084.603707] CPU: 0 PID: 119513 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-256.1991_766543265.el9.x86_64+debug #1
[ 3084.605041] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 3084.605608] Call Trace:
[ 3084.605893]
[ 3084.606115] ? krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan]
[ 3084.606732] dump_stack_lvl+0x57/0x81
[ 3084.607114] print_address_description.constprop.0+0x1f/0x1e0
[ 3084.607657] ? krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan]
[ 3084.608226] print_report.cold+0x5c/0x237
[ 3084.608645] kasan_report+0xc9/0x100
[ 3084.609037] ? krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan]
[ 3084.609630] krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan]
[ 3084.610221] ? krealloc_uaf+0x450/0x450 [test_kasan]
[ 3084.610758] ? rcu_read_lock_sched_held+0x12/0x80
[ 3084.611246] ? rcu_read_lock_sched_held+0x12/0x80
[ 3084.611702] ? lock_acquire+0x4ea/0x620
[ 3084.612083] ? rcu_read_unlock+0x40/0x40
[ 3084.612453] ? rcu_read_unlock+0x40/0x40
[ 3084.612893] ? rcu_read_lock_sched_held+0x12/0x80
[ 3084.613342] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 3084.613926] ? do_raw_spin_lock+0x270/0x270
[ 3084.614342] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit]
[ 3084.615193] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 3084.615878] ? kunit_add_resource+0x197/0x280 [kunit]
[ 3084.616549] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3084.617146] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 3084.617826] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3084.618480] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 3084.619032] kthread+0x2a7/0x350
[ 3084.619418] ? kthread_complete_and_exit+0x20/0x20
[ 3084.620018] ret_from_fork+0x22/0x30
[ 3084.620400]
[ 3084.620795] Allocated by task 119513:
[ 3084.621191] kasan_save_stack+0x1e/0x40
[ 3084.621693] __kasan_krealloc+0xee/0x160
[ 3084.622193] krealloc+0x50/0xe0
[ 3084.622556] krealloc_less_oob_helper+0x1d9/0xa20 [test_kasan]
[ 3084.623152] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3084.623644] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3084.624283] kthread+0x2a7/0x350
[ 3084.624718] ret_from_fork+0x22/0x30
[ 3084.625350] Last potentially related work creation:
[ 3084.625920] kasan_save_stack+0x1e/0x40
[ 3084.626327] __kasan_record_aux_stack+0x96/0xb0
[ 3084.626853] kvfree_call_rcu+0x7d/0x840
[ 3084.627273] dma_resv_list_free.part.0+0xd4/0x130
[ 3084.627813] dma_resv_fini+0x38/0x50
[ 3084.628194] drm_gem_object_release+0x73/0x100 [drm]
[ 3084.628744] qxl_ttm_bo_destroy+0x17f/0x200 [qxl]
[ 3084.629236] ttm_bo_release+0x68b/0xbc0 [ttm]
[ 3084.629734] ttm_bo_delayed_delete+0x312/0x550 [ttm]
[ 3084.630265] ttm_device_delayed_workqueue+0x18/0x70 [ttm]
[ 3084.630830] process_one_work+0x8e5/0x1520
[ 3084.631257] worker_thread+0x59e/0xf90
[ 3084.631668] kthread+0x2a7/0x350
[ 3084.632128] ret_from_fork+0x22/0x30
[ 3084.632742] Second to last potentially related work creation:
[ 3084.633399] kasan_save_stack+0x1e/0x40
[ 3084.633881] __kasan_record_aux_stack+0x96/0xb0
[ 3084.634354] kvfree_call_rcu+0x7d/0x840
[ 3084.634780] dma_resv_reserve_fences+0x35d/0x680
[ 3084.635248] ttm_eu_reserve_buffers+0x42c/0x1070 [ttm]
[ 3084.635791] qxl_release_reserve_list+0xe5/0x320 [qxl]
[ 3084.636331] qxl_draw_dirty_fb+0x40e/0x1c70 [qxl]
[ 3084.636824] qxl_framebuffer_surface_dirty+0x307/0x610 [qxl]
[ 3084.637390] drm_fb_helper_damage_work+0x537/0x8c0 [drm_kms_helper]
[ 3084.638090] process_one_work+0x8e5/0x1520
[ 3084.638512] worker_thread+0x59e/0xf90
[ 3084.638914] kthread+0x2a7/0x350
[ 3084.639215] ret_from_fork+0x22/0x30
[ 3084.639824] The buggy address belongs to the object at ffff888109caa400
which belongs to the cache kmalloc-256 of size 256
[ 3084.641182] The buggy address is located 208 bytes inside of
256-byte region [ffff888109caa400, ffff888109caa500)
[ 3084.642494] The buggy address belongs to the physical page:
[ 3084.643021] page:0000000095eefb39 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109caa
[ 3084.644012] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff)
[ 3084.644693] raw: 0017ffffc0000200 dead000000000100 dead000000000122 ffff888100041b40
[ 3084.645438] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000
[ 3084.646113] page dumped because: kasan: bad access detected
[ 3084.646794] Memory state around the buggy address:
[ 3084.647257] ffff888109caa380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 3084.648065] ffff888109caa400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 3084.648738] >ffff888109caa480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[ 3084.649418] ^
[ 3084.650040] ffff888109caa500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 3084.650728] ffff888109caa580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 3084.651454] ==================================================================
[ 3084.652302] ==================================================================
[ 3084.653072] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan]
[ 3084.653903] Write of size 1 at addr ffff888109caa4da by task kunit_try_catch/119513
[ 3084.654869] CPU: 0 PID: 119513 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-256.1991_766543265.el9.x86_64+debug #1
[ 3084.656208] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 3084.656798] Call Trace:
[ 3084.657076]
[ 3084.657295] ? krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan]
[ 3084.657881] dump_stack_lvl+0x57/0x81
[ 3084.658243] print_address_description.constprop.0+0x1f/0x1e0
[ 3084.658851] ? krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan]
[ 3084.659440] print_report.cold+0x5c/0x237
[ 3084.659904] kasan_report+0xc9/0x100
[ 3084.660291] ? krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan]
[ 3084.660926] krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan]
[ 3084.661493] ? krealloc_uaf+0x450/0x450 [test_kasan]
[ 3084.662043] ? rcu_read_lock_sched_held+0x12/0x80
[ 3084.662497] ? rcu_read_lock_sched_held+0x12/0x80
[ 3084.663026] ? lock_acquire+0x4ea/0x620
[ 3084.663457] ? rcu_read_unlock+0x40/0x40
[ 3084.663995] ? rcu_read_unlock+0x40/0x40
[ 3084.664462] ? rcu_read_lock_sched_held+0x12/0x80
[ 3084.665021] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 3084.665629] ? do_raw_spin_lock+0x270/0x270
[ 3084.666103] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit]
[ 3084.666787] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 3084.667319] ? kunit_add_resource+0x197/0x280 [kunit]
[ 3084.667873] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3084.668348] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 3084.668850] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3084.669437] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 3084.669941] kthread+0x2a7/0x350
[ 3084.670263] ? kthread_complete_and_exit+0x20/0x20
[ 3084.670760] ret_from_fork+0x22/0x30
[ 3084.671214]
[ 3084.671753] Allocated by task 119513:
[ 3084.672229] kasan_save_stack+0x1e/0x40
[ 3084.672696] __kasan_krealloc+0xee/0x160
[ 3084.673079] krealloc+0x50/0xe0
[ 3084.673395] krealloc_less_oob_helper+0x1d9/0xa20 [test_kasan]
[ 3084.674018] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3084.674491] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3084.675136] kthread+0x2a7/0x350
[ 3084.675460] ret_from_fork+0x22/0x30
[ 3084.676046] Last potentially related work creation:
[ 3084.676527] kasan_save_stack+0x1e/0x40
[ 3084.676907] __kasan_record_aux_stack+0x96/0xb0
[ 3084.677350] kvfree_call_rcu+0x7d/0x840
[ 3084.677802] dma_resv_list_free.part.0+0xd4/0x130
[ 3084.678327] dma_resv_fini+0x38/0x50
[ 3084.678713] drm_gem_object_release+0x73/0x100 [drm]
[ 3084.679254] qxl_ttm_bo_destroy+0x17f/0x200 [qxl]
[ 3084.679771] ttm_bo_release+0x68b/0xbc0 [ttm]
[ 3084.680252] ttm_bo_delayed_delete+0x312/0x550 [ttm]
[ 3084.680750] ttm_device_delayed_workqueue+0x18/0x70 [ttm]
[ 3084.681280] process_one_work+0x8e5/0x1520
[ 3084.681859] worker_thread+0x59e/0xf90
[ 3084.682254] kthread+0x2a7/0x350
[ 3084.682605] ret_from_fork+0x22/0x30
[ 3084.683161] Second to last potentially related work creation:
[ 3084.683788] kasan_save_stack+0x1e/0x40
[ 3084.684190] __kasan_record_aux_stack+0x96/0xb0
[ 3084.684632] kvfree_call_rcu+0x7d/0x840
[ 3084.685003] dma_resv_reserve_fences+0x35d/0x680
[ 3084.685510] ttm_eu_reserve_buffers+0x42c/0x1070 [ttm]
[ 3084.686064] qxl_release_reserve_list+0xe5/0x320 [qxl]
[ 3084.686615] qxl_draw_dirty_fb+0x40e/0x1c70 [qxl]
[ 3084.687077] qxl_framebuffer_surface_dirty+0x307/0x610 [qxl]
[ 3084.687643] drm_fb_helper_damage_work+0x537/0x8c0 [drm_kms_helper]
[ 3084.688379] process_one_work+0x8e5/0x1520
[ 3084.688875] worker_thread+0x59e/0xf90
[ 3084.689308] kthread+0x2a7/0x350
[ 3084.689697] ret_from_fork+0x22/0x30
[ 3084.690297] The buggy address belongs to the object at ffff888109caa400
which belongs to the cache kmalloc-256 of size 256
[ 3084.691643] The buggy address is located 218 bytes inside of
256-byte region [ffff888109caa400, ffff888109caa500)
[ 3084.693035] The buggy address belongs to the physical page:
[ 3084.693569] page:0000000095eefb39 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109caa
[ 3084.694618] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff)
[ 3084.695327] raw: 0017ffffc0000200 dead000000000100 dead000000000122 ffff888100041b40
[ 3084.696104] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000
[ 3084.696901] page dumped because: kasan: bad access detected
[ 3084.697611] Memory state around the buggy address:
[ 3084.698073] ffff888109caa380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 3084.698803] ffff888109caa400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 3084.699494] >ffff888109caa480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[ 3084.700180] ^
[ 3084.700793] ffff888109caa500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 3084.701510] ffff888109caa580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 3084.702181] ==================================================================
[ 3084.702895] ==================================================================
[ 3084.703603] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan]
[ 3084.704423] Write of size 1 at addr ffff888109caa4ea by task kunit_try_catch/119513
[ 3084.705447] CPU: 0 PID: 119513 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-256.1991_766543265.el9.x86_64+debug #1
[ 3084.706747] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 3084.707293] Call Trace:
[ 3084.707566]
[ 3084.707809] ? krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan]
[ 3084.708438] dump_stack_lvl+0x57/0x81
[ 3084.708845] print_address_description.constprop.0+0x1f/0x1e0
[ 3084.709406] ? krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan]
[ 3084.710048] print_report.cold+0x5c/0x237
[ 3084.710450] kasan_report+0xc9/0x100
[ 3084.710822] ? krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan]
[ 3084.711399] krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan]
[ 3084.712119] ? krealloc_uaf+0x450/0x450 [test_kasan]
[ 3084.712639] ? rcu_read_lock_sched_held+0x12/0x80
[ 3084.713116] ? rcu_read_lock_sched_held+0x12/0x80
[ 3084.713575] ? lock_acquire+0x4ea/0x620
[ 3084.713961] ? rcu_read_unlock+0x40/0x40
[ 3084.714341] ? rcu_read_unlock+0x40/0x40
[ 3084.714793] ? rcu_read_lock_sched_held+0x12/0x80
[ 3084.715294] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 3084.715834] ? do_raw_spin_lock+0x270/0x270
[ 3084.716237] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit]
[ 3084.716878] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 3084.717425] ? kunit_add_resource+0x197/0x280 [kunit]
[ 3084.717944] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3084.718481] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 3084.719000] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3084.719675] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 3084.720275] kthread+0x2a7/0x350
[ 3084.720649] ? kthread_complete_and_exit+0x20/0x20
[ 3084.721154] ret_from_fork+0x22/0x30
[ 3084.721587]
[ 3084.722009] Allocated by task 119513:
[ 3084.722415] kasan_save_stack+0x1e/0x40
[ 3084.722864] __kasan_krealloc+0xee/0x160
[ 3084.723246] krealloc+0x50/0xe0
[ 3084.723568] krealloc_less_oob_helper+0x1d9/0xa20 [test_kasan]
[ 3084.724131] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3084.724628] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3084.725236] kthread+0x2a7/0x350
[ 3084.725553] ret_from_fork+0x22/0x30
[ 3084.726174] Last potentially related work creation:
[ 3084.726776] kasan_save_stack+0x1e/0x40
[ 3084.727222] __kasan_record_aux_stack+0x96/0xb0
[ 3084.727742] kvfree_call_rcu+0x7d/0x840
[ 3084.728136] dma_resv_list_free.part.0+0xd4/0x130
[ 3084.728619] dma_resv_fini+0x38/0x50
[ 3084.729013] drm_gem_object_release+0x73/0x100 [drm]
[ 3084.729539] qxl_ttm_bo_destroy+0x17f/0x200 [qxl]
[ 3084.730029] ttm_bo_release+0x68b/0xbc0 [ttm]
[ 3084.730467] ttm_bo_delayed_delete+0x312/0x550 [ttm]
[ 3084.731009] ttm_device_delayed_workqueue+0x18/0x70 [ttm]
[ 3084.731540] process_one_work+0x8e5/0x1520
[ 3084.731945] worker_thread+0x59e/0xf90
[ 3084.732307] kthread+0x2a7/0x350
[ 3084.732649] ret_from_fork+0x22/0x30
[ 3084.733201] Second to last potentially related work creation:
[ 3084.733914] kasan_save_stack+0x1e/0x40
[ 3084.734361] __kasan_record_aux_stack+0x96/0xb0
[ 3084.734934] kvfree_call_rcu+0x7d/0x840
[ 3084.735362] dma_resv_reserve_fences+0x35d/0x680
[ 3084.735827] ttm_eu_reserve_buffers+0x42c/0x1070 [ttm]
[ 3084.736397] qxl_release_reserve_list+0xe5/0x320 [qxl]
[ 3084.736963] qxl_draw_dirty_fb+0x40e/0x1c70 [qxl]
[ 3084.737431] qxl_framebuffer_surface_dirty+0x307/0x610 [qxl]
[ 3084.738091] drm_fb_helper_damage_work+0x537/0x8c0 [drm_kms_helper]
[ 3084.738738] process_one_work+0x8e5/0x1520
[ 3084.739177] worker_thread+0x59e/0xf90
[ 3084.739602] kthread+0x2a7/0x350
[ 3084.739970] ret_from_fork+0x22/0x30
[ 3084.740530] The buggy address belongs to the object at ffff888109caa400
which belongs to the cache kmalloc-256 of size 256
[ 3084.741937] The buggy address is located 234 bytes inside of
256-byte region [ffff888109caa400, ffff888109caa500)
[ 3084.743361] The buggy address belongs to the physical page:
[ 3084.743933] page:0000000095eefb39 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109caa
[ 3084.744937] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff)
[ 3084.745622] raw: 0017ffffc0000200 dead000000000100 dead000000000122 ffff888100041b40
[ 3084.746399] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000
[ 3084.747235] page dumped because: kasan: bad access detected
[ 3084.748000] Memory state around the buggy address:
[ 3084.748470] ffff888109caa380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 3084.749213] ffff888109caa400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 3084.749938] >ffff888109caa480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[ 3084.750669] ^
[ 3084.751329] ffff888109caa500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 3084.752078] ffff888109caa580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 3084.752795] ==================================================================
[ 3084.753525] ==================================================================
[ 3084.754228] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan]
[ 3084.755257] Write of size 1 at addr ffff888109caa4eb by task kunit_try_catch/119513
[ 3084.756555] CPU: 0 PID: 119513 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-256.1991_766543265.el9.x86_64+debug #1
[ 3084.758210] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 3084.758921] Call Trace:
[ 3084.759169]
[ 3084.759392] ? krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan]
[ 3084.760021] dump_stack_lvl+0x57/0x81
[ 3084.760396] print_address_description.constprop.0+0x1f/0x1e0
[ 3084.761009] ? krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan]
[ 3084.761620] print_report.cold+0x5c/0x237
[ 3084.762047] kasan_report+0xc9/0x100
[ 3084.762402] ? krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan]
[ 3084.762997] krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan]
[ 3084.763568] ? krealloc_uaf+0x450/0x450 [test_kasan]
[ 3084.764057] ? rcu_read_lock_sched_held+0x12/0x80
[ 3084.764612] ? rcu_read_lock_sched_held+0x12/0x80
[ 3084.765206] ? lock_acquire+0x4ea/0x620
[ 3084.765643] ? rcu_read_unlock+0x40/0x40
[ 3084.766058] ? rcu_read_unlock+0x40/0x40
[ 3084.766495] ? rcu_read_lock_sched_held+0x12/0x80
[ 3084.767033] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 3084.767699] ? do_raw_spin_lock+0x270/0x270
[ 3084.768195] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit]
[ 3084.768918] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 3084.769409] ? kunit_add_resource+0x197/0x280 [kunit]
[ 3084.769948] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3084.770440] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 3084.771014] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3084.771861] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 3084.772406] kthread+0x2a7/0x350
[ 3084.772865] ? kthread_complete_and_exit+0x20/0x20
[ 3084.773427] ret_from_fork+0x22/0x30
[ 3084.773824]
[ 3084.774225] Allocated by task 119513:
[ 3084.774586] kasan_save_stack+0x1e/0x40
[ 3084.774967] __kasan_krealloc+0xee/0x160
[ 3084.775344] krealloc+0x50/0xe0
[ 3084.775652] krealloc_less_oob_helper+0x1d9/0xa20 [test_kasan]
[ 3084.776242] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3084.776830] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3084.777428] kthread+0x2a7/0x350
[ 3084.777759] ret_from_fork+0x22/0x30
[ 3084.778264] Last potentially related work creation:
[ 3084.778763] kasan_save_stack+0x1e/0x40
[ 3084.779167] __kasan_record_aux_stack+0x96/0xb0
[ 3084.779654] kvfree_call_rcu+0x7d/0x840
[ 3084.780083] dma_resv_list_free.part.0+0xd4/0x130
[ 3084.780544] dma_resv_fini+0x38/0x50
[ 3084.780896] drm_gem_object_release+0x73/0x100 [drm]
[ 3084.781415] qxl_ttm_bo_destroy+0x17f/0x200 [qxl]
[ 3084.781921] ttm_bo_release+0x68b/0xbc0 [ttm]
[ 3084.782387] ttm_bo_delayed_delete+0x312/0x550 [ttm]
[ 3084.782935] ttm_device_delayed_workqueue+0x18/0x70 [ttm]
[ 3084.783453] process_one_work+0x8e5/0x1520
[ 3084.783918] worker_thread+0x59e/0xf90
[ 3084.784285] kthread+0x2a7/0x350
[ 3084.784615] ret_from_fork+0x22/0x30
[ 3084.785128] Second to last potentially related work creation:
[ 3084.785769] kasan_save_stack+0x1e/0x40
[ 3084.786162] __kasan_record_aux_stack+0x96/0xb0
[ 3084.786649] kvfree_call_rcu+0x7d/0x840
[ 3084.787068] dma_resv_reserve_fences+0x35d/0x680
[ 3084.787588] ttm_eu_reserve_buffers+0x42c/0x1070 [ttm]
[ 3084.788110] qxl_release_reserve_list+0xe5/0x320 [qxl]
[ 3084.788610] qxl_draw_dirty_fb+0x40e/0x1c70 [qxl]
[ 3084.789071] qxl_framebuffer_surface_dirty+0x307/0x610 [qxl]
[ 3084.789650] drm_fb_helper_damage_work+0x537/0x8c0 [drm_kms_helper]
[ 3084.790401] process_one_work+0x8e5/0x1520
[ 3084.790873] worker_thread+0x59e/0xf90
[ 3084.791319] kthread+0x2a7/0x350
[ 3084.791709] ret_from_fork+0x22/0x30
[ 3084.792313] The buggy address belongs to the object at ffff888109caa400
which belongs to the cache kmalloc-256 of size 256
[ 3084.793609] The buggy address is located 235 bytes inside of
256-byte region [ffff888109caa400, ffff888109caa500)
[ 3084.795025] The buggy address belongs to the physical page:
[ 3084.795675] page:0000000095eefb39 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109caa
[ 3084.796671] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff)
[ 3084.797328] raw: 0017ffffc0000200 dead000000000100 dead000000000122 ffff888100041b40
[ 3084.798161] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000
[ 3084.798941] page dumped because: kasan: bad access detected
[ 3084.799671] Memory state around the buggy address:
[ 3084.800165] ffff888109caa380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 3084.801555] ffff888109caa400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 3084.803424] >ffff888109caa480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[ 3084.805159] ^
[ 3084.806752] ffff888109caa500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 3084.808486] ffff888109caa580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 3084.810243] ==================================================================
[ 3084.813656] ok 11 - krealloc_less_oob
[ 3084.816862] ==================================================================
[ 3084.819461] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c3/0x610 [test_kasan]
[ 3084.821417] Write of size 1 at addr ffff8880562160eb by task kunit_try_catch/119514
[ 3084.823532] CPU: 0 PID: 119514 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-256.1991_766543265.el9.x86_64+debug #1
[ 3084.826378] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 3084.827600] Call Trace:
[ 3084.828139]
[ 3084.828642] ? krealloc_more_oob_helper+0x5c3/0x610 [test_kasan]
[ 3084.829930] dump_stack_lvl+0x57/0x81
[ 3084.830743] print_address_description.constprop.0+0x1f/0x1e0
[ 3084.832069] ? krealloc_more_oob_helper+0x5c3/0x610 [test_kasan]
[ 3084.833345] print_report.cold+0x5c/0x237
[ 3084.834292] kasan_report+0xc9/0x100
[ 3084.835064] ? krealloc_more_oob_helper+0x5c3/0x610 [test_kasan]
[ 3084.836131] krealloc_more_oob_helper+0x5c3/0x610 [test_kasan]
[ 3084.837199] ? krealloc_less_oob+0x10/0x10 [test_kasan]
[ 3084.838139] ? rcu_read_lock_sched_held+0x12/0x80
[ 3084.839005] ? rcu_read_lock_sched_held+0x12/0x80
[ 3084.839853] ? lock_acquire+0x4ea/0x620
[ 3084.840550] ? rcu_read_unlock+0x40/0x40
[ 3084.841258] ? rcu_read_unlock+0x40/0x40
[ 3084.841970] ? rcu_read_lock_sched_held+0x12/0x80
[ 3084.842820] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 3084.843822] ? do_raw_spin_lock+0x270/0x270
[ 3084.844596] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit]
[ 3084.845651] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 3084.846477] ? kunit_add_resource+0x197/0x280 [kunit]
[ 3084.847331] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3084.848157] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 3084.849008] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3084.850025] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 3084.850891] kthread+0x2a7/0x350
[ 3084.851452] ? kthread_complete_and_exit+0x20/0x20
[ 3084.852260] ret_from_fork+0x22/0x30
[ 3084.852893]
[ 3084.853572] The buggy address belongs to the physical page:
[ 3084.854484] page:00000000c64bd5e5 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x56214
[ 3084.856037] head:00000000c64bd5e5 order:2 compound_mapcount:0 compound_pincount:0
[ 3084.857186] flags: 0xfffffc0010000(head|node=0|zone=1|lastcpupid=0x1fffff)
[ 3084.858244] raw: 000fffffc0010000 0000000000000000 dead000000000122 0000000000000000
[ 3084.859425] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[ 3084.860612] page dumped because: kasan: bad access detected
[ 3084.861868] Memory state around the buggy address:
[ 3084.862623] ffff888056215f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 3084.863735] ffff888056216000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 3084.864847] >ffff888056216080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[ 3084.865966] ^
[ 3084.866928] ffff888056216100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[ 3084.867973] ffff888056216180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[ 3084.869023] ==================================================================
[ 3084.870313] ==================================================================
[ 3084.871392] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5b6/0x610 [test_kasan]
[ 3084.872662] Write of size 1 at addr ffff8880562160f0 by task kunit_try_catch/119514
[ 3084.874025] CPU: 0 PID: 119514 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-256.1991_766543265.el9.x86_64+debug #1
[ 3084.876003] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 3084.876808] Call Trace:
[ 3084.877172]
[ 3084.877492] ? krealloc_more_oob_helper+0x5b6/0x610 [test_kasan]
[ 3084.878347] dump_stack_lvl+0x57/0x81
[ 3084.878884] print_address_description.constprop.0+0x1f/0x1e0
[ 3084.879698] ? krealloc_more_oob_helper+0x5b6/0x610 [test_kasan]
[ 3084.880546] print_report.cold+0x5c/0x237
[ 3084.881119] kasan_report+0xc9/0x100
[ 3084.881643] ? krealloc_more_oob_helper+0x5b6/0x610 [test_kasan]
[ 3084.882486] krealloc_more_oob_helper+0x5b6/0x610 [test_kasan]
[ 3084.883315] ? krealloc_less_oob+0x10/0x10 [test_kasan]
[ 3084.884058] ? rcu_read_lock_sched_held+0x12/0x80
[ 3084.884733] ? rcu_read_lock_sched_held+0x12/0x80
[ 3084.885399] ? lock_acquire+0x4ea/0x620
[ 3084.885958] ? rcu_read_unlock+0x40/0x40
[ 3084.886488] ? rcu_read_unlock+0x40/0x40
[ 3084.887022] ? rcu_read_lock_sched_held+0x12/0x80
[ 3084.887662] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 3084.888402] ? do_raw_spin_lock+0x270/0x270
[ 3084.888974] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit]
[ 3084.889793] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 3084.890456] ? kunit_add_resource+0x197/0x280 [kunit]
[ 3084.891145] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3084.891904] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 3084.892591] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3084.893400] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 3084.894092] kthread+0x2a7/0x350
[ 3084.894554] ? kthread_complete_and_exit+0x20/0x20
[ 3084.895196] ret_from_fork+0x22/0x30
[ 3084.895704]
[ 3084.896173] The buggy address belongs to the physical page:
[ 3084.896645] page:00000000c64bd5e5 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x56214
[ 3084.897442] head:00000000c64bd5e5 order:2 compound_mapcount:0 compound_pincount:0
[ 3084.898107] flags: 0xfffffc0010000(head|node=0|zone=1|lastcpupid=0x1fffff)
[ 3084.898729] raw: 000fffffc0010000 0000000000000000 dead000000000122 0000000000000000
[ 3084.899367] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[ 3084.900009] page dumped because: kasan: bad access detected
[ 3084.900648] Memory state around the buggy address:
[ 3084.901087] ffff888056215f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 3084.901692] ffff888056216000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 3084.902289] >ffff888056216080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
[ 3084.902890] ^
[ 3084.903496] ffff888056216100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[ 3084.904118] ffff888056216180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[ 3084.904720] ==================================================================
[ 3084.905389] ok 12 - krealloc_pagealloc_more_oob
[ 3084.907359] ==================================================================
[ 3084.908403] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan]
[ 3084.909133] Write of size 1 at addr ffff8880562160c9 by task kunit_try_catch/119515
[ 3084.909918] CPU: 0 PID: 119515 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-256.1991_766543265.el9.x86_64+debug #1
[ 3084.911037] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 3084.911525] Call Trace:
[ 3084.911745]
[ 3084.911938] ? krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan]
[ 3084.912444] dump_stack_lvl+0x57/0x81
[ 3084.912771] print_address_description.constprop.0+0x1f/0x1e0
[ 3084.913257] ? krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan]
[ 3084.913768] print_report.cold+0x5c/0x237
[ 3084.914114] kasan_report+0xc9/0x100
[ 3084.914426] ? krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan]
[ 3084.914938] krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan]
[ 3084.915434] ? krealloc_uaf+0x450/0x450 [test_kasan]
[ 3084.915899] ? rcu_read_lock_sched_held+0x12/0x80
[ 3084.916322] ? rcu_read_lock_sched_held+0x12/0x80
[ 3084.916730] ? lock_acquire+0x4ea/0x620
[ 3084.917061] ? rcu_read_unlock+0x40/0x40
[ 3084.917399] ? rcu_read_unlock+0x40/0x40
[ 3084.917741] ? rcu_read_lock_sched_held+0x12/0x80
[ 3084.918162] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 3084.918641] ? do_raw_spin_lock+0x270/0x270
[ 3084.919010] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit]
[ 3084.919530] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 3084.919952] ? kunit_add_resource+0x197/0x280 [kunit]
[ 3084.920388] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3084.920815] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 3084.921249] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3084.921873] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 3084.922312] kthread+0x2a7/0x350
[ 3084.922606] ? kthread_complete_and_exit+0x20/0x20
[ 3084.923014] ret_from_fork+0x22/0x30
[ 3084.923331]
[ 3084.923683] The buggy address belongs to the physical page:
[ 3084.924149] page:00000000c64bd5e5 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x56214
[ 3084.924936] head:00000000c64bd5e5 order:2 compound_mapcount:0 compound_pincount:0
[ 3084.925565] flags: 0xfffffc0010000(head|node=0|zone=1|lastcpupid=0x1fffff)
[ 3084.926139] raw: 000fffffc0010000 0000000000000000 dead000000000122 0000000000000000
[ 3084.926787] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[ 3084.927429] page dumped because: kasan: bad access detected
[ 3084.928045] Memory state around the buggy address:
[ 3084.928453] ffff888056215f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 3084.929075] ffff888056216000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 3084.929703] >ffff888056216080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[ 3084.930302] ^
[ 3084.930803] ffff888056216100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[ 3084.931429] ffff888056216180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[ 3084.932032] ==================================================================
[ 3084.932712] ==================================================================
[ 3084.933329] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan]
[ 3084.934056] Write of size 1 at addr ffff8880562160d0 by task kunit_try_catch/119515
[ 3084.934852] CPU: 0 PID: 119515 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-256.1991_766543265.el9.x86_64+debug #1
[ 3084.935975] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 3084.936458] Call Trace:
[ 3084.936688]
[ 3084.936884] ? krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan]
[ 3084.937389] dump_stack_lvl+0x57/0x81
[ 3084.937717] print_address_description.constprop.0+0x1f/0x1e0
[ 3084.938237] ? krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan]
[ 3084.938769] print_report.cold+0x5c/0x237
[ 3084.939118] kasan_report+0xc9/0x100
[ 3084.939431] ? krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan]
[ 3084.939948] krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan]
[ 3084.940447] ? krealloc_uaf+0x450/0x450 [test_kasan]
[ 3084.940879] ? rcu_read_lock_sched_held+0x12/0x80
[ 3084.941281] ? rcu_read_lock_sched_held+0x12/0x80
[ 3084.941695] ? lock_acquire+0x4ea/0x620
[ 3084.942029] ? rcu_read_unlock+0x40/0x40
[ 3084.942366] ? rcu_read_unlock+0x40/0x40
[ 3084.942709] ? rcu_read_lock_sched_held+0x12/0x80
[ 3084.943113] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 3084.943589] ? do_raw_spin_lock+0x270/0x270
[ 3084.943950] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit]
[ 3084.944466] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 3084.944897] ? kunit_add_resource+0x197/0x280 [kunit]
[ 3084.945331] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3084.945788] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 3084.946248] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3084.946770] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 3084.947210] kthread+0x2a7/0x350
[ 3084.947494] ? kthread_complete_and_exit+0x20/0x20
[ 3084.947911] ret_from_fork+0x22/0x30
[ 3084.948230]
[ 3084.948584] The buggy address belongs to the physical page:
[ 3084.949051] page:00000000c64bd5e5 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x56214
[ 3084.949827] head:00000000c64bd5e5 order:2 compound_mapcount:0 compound_pincount:0
[ 3084.950447] flags: 0xfffffc0010000(head|node=0|zone=1|lastcpupid=0x1fffff)
[ 3084.951028] raw: 000fffffc0010000 0000000000000000 dead000000000122 0000000000000000
[ 3084.951816] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[ 3084.952452] page dumped because: kasan: bad access detected
[ 3084.953069] Memory state around the buggy address:
[ 3084.953474] ffff888056215f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 3084.954078] ffff888056216000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 3084.954751] >ffff888056216080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[ 3084.955372] ^
[ 3084.955869] ffff888056216100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[ 3084.956471] ffff888056216180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[ 3084.957073] ==================================================================
[ 3084.957699] ==================================================================
[ 3084.958311] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan]
[ 3084.959039] Write of size 1 at addr ffff8880562160da by task kunit_try_catch/119515
[ 3084.959841] CPU: 0 PID: 119515 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-256.1991_766543265.el9.x86_64+debug #1
[ 3084.961029] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 3084.961518] Call Trace:
[ 3084.961738]
[ 3084.961931] ? krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan]
[ 3084.962440] dump_stack_lvl+0x57/0x81
[ 3084.962766] print_address_description.constprop.0+0x1f/0x1e0
[ 3084.963256] ? krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan]
[ 3084.963772] print_report.cold+0x5c/0x237
[ 3084.964130] kasan_report+0xc9/0x100
[ 3084.964444] ? krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan]
[ 3084.964967] krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan]
[ 3084.965465] ? krealloc_uaf+0x450/0x450 [test_kasan]
[ 3084.965898] ? rcu_read_lock_sched_held+0x12/0x80
[ 3084.966303] ? rcu_read_lock_sched_held+0x12/0x80
[ 3084.966712] ? lock_acquire+0x4ea/0x620
[ 3084.967044] ? rcu_read_unlock+0x40/0x40
[ 3084.967385] ? rcu_read_unlock+0x40/0x40
[ 3084.967732] ? rcu_read_lock_sched_held+0x12/0x80
[ 3084.968137] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 3084.968625] ? do_raw_spin_lock+0x270/0x270
[ 3084.968987] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit]
[ 3084.969511] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 3084.969933] ? kunit_add_resource+0x197/0x280 [kunit]
[ 3084.970988] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3084.972107] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 3084.973273] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3084.974653] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 3084.975864] kthread+0x2a7/0x350
[ 3084.976645] ? kthread_complete_and_exit+0x20/0x20
[ 3084.977720] ret_from_fork+0x22/0x30
[ 3084.978535]
[ 3084.979375] The buggy address belongs to the physical page:
[ 3084.980509] page:00000000c64bd5e5 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x56214
[ 3084.982476] head:00000000c64bd5e5 order:2 compound_mapcount:0 compound_pincount:0
[ 3084.984022] flags: 0xfffffc0010000(head|node=0|zone=1|lastcpupid=0x1fffff)
[ 3084.985410] raw: 000fffffc0010000 0000000000000000 dead000000000122 0000000000000000
[ 3084.986909] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[ 3084.988426] page dumped because: kasan: bad access detected
[ 3084.989836] Memory state around the buggy address:
[ 3084.990734] ffff888056215f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 3084.992092] ffff888056216000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 3084.993486] >ffff888056216080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[ 3084.994865] ^
[ 3084.995986] ffff888056216100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[ 3084.997346] ffff888056216180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[ 3084.998708] ==================================================================
[ 3085.000346] ==================================================================
[ 3085.001641] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan]
[ 3085.003207] Write of size 1 at addr ffff8880562160ea by task kunit_try_catch/119515
[ 3085.004886] CPU: 0 PID: 119515 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-256.1991_766543265.el9.x86_64+debug #1
[ 3085.007304] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 3085.008332] Call Trace:
[ 3085.008784]
[ 3085.009166] ? krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan]
[ 3085.010205] dump_stack_lvl+0x57/0x81
[ 3085.010850] print_address_description.constprop.0+0x1f/0x1e0
[ 3085.012226] ? krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan]
[ 3085.013165] print_report.cold+0x5c/0x237
[ 3085.013826] kasan_report+0xc9/0x100
[ 3085.014386] ? krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan]
[ 3085.015331] krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan]
[ 3085.016258] ? krealloc_uaf+0x450/0x450 [test_kasan]
[ 3085.017046] ? rcu_read_lock_sched_held+0x12/0x80
[ 3085.017797] ? rcu_read_lock_sched_held+0x12/0x80
[ 3085.018536] ? lock_acquire+0x4ea/0x620
[ 3085.019114] ? rcu_read_unlock+0x40/0x40
[ 3085.019568] ? rcu_read_unlock+0x40/0x40
[ 3085.020052] ? rcu_read_lock_sched_held+0x12/0x80
[ 3085.020587] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 3085.021199] ? do_raw_spin_lock+0x270/0x270
[ 3085.021683] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit]
[ 3085.022405] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 3085.022947] ? kunit_add_resource+0x197/0x280 [kunit]
[ 3085.023476] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3085.024052] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 3085.024596] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3085.025237] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 3085.025791] kthread+0x2a7/0x350
[ 3085.026149] ? kthread_complete_and_exit+0x20/0x20
[ 3085.026678] ret_from_fork+0x22/0x30
[ 3085.027082]
[ 3085.027523] The buggy address belongs to the physical page:
[ 3085.028102] page:00000000c64bd5e5 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x56214
[ 3085.029071] head:00000000c64bd5e5 order:2 compound_mapcount:0 compound_pincount:0
[ 3085.029862] flags: 0xfffffc0010000(head|node=0|zone=1|lastcpupid=0x1fffff)
[ 3085.030594] raw: 000fffffc0010000 0000000000000000 dead000000000122 0000000000000000
[ 3085.031421] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[ 3085.032269] page dumped because: kasan: bad access detected
[ 3085.033093] Memory state around the buggy address:
[ 3085.033593] ffff888056215f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 3085.034304] ffff888056216000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 3085.035064] >ffff888056216080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[ 3085.035824] ^
[ 3085.036491] ffff888056216100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[ 3085.037271] ffff888056216180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[ 3085.038127] ==================================================================
[ 3085.039020] ==================================================================
[ 3085.039864] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan]
[ 3085.040897] Write of size 1 at addr ffff8880562160eb by task kunit_try_catch/119515
[ 3085.041953] CPU: 0 PID: 119515 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-256.1991_766543265.el9.x86_64+debug #1
[ 3085.043341] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 3085.043893] Call Trace:
[ 3085.044145]
[ 3085.044390] ? krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan]
[ 3085.045081] dump_stack_lvl+0x57/0x81
[ 3085.045435] print_address_description.constprop.0+0x1f/0x1e0
[ 3085.045990] ? krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan]
[ 3085.046667] print_report.cold+0x5c/0x237
[ 3085.047139] kasan_report+0xc9/0x100
[ 3085.047515] ? krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan]
[ 3085.048108] krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan]
[ 3085.048707] ? krealloc_uaf+0x450/0x450 [test_kasan]
[ 3085.049214] ? rcu_read_lock_sched_held+0x12/0x80
[ 3085.049693] ? rcu_read_lock_sched_held+0x12/0x80
[ 3085.050186] ? lock_acquire+0x4ea/0x620
[ 3085.050582] ? rcu_read_unlock+0x40/0x40
[ 3085.051018] ? rcu_read_unlock+0x40/0x40
[ 3085.051404] ? rcu_read_lock_sched_held+0x12/0x80
[ 3085.051938] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 3085.052562] ? do_raw_spin_lock+0x270/0x270
[ 3085.053049] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit]
[ 3085.053620] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 3085.054095] ? kunit_add_resource+0x197/0x280 [kunit]
[ 3085.054583] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3085.055316] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 3085.056061] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3085.056912] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 3085.057623] kthread+0x2a7/0x350
[ 3085.058027] ? kthread_complete_and_exit+0x20/0x20
[ 3085.058631] ret_from_fork+0x22/0x30
[ 3085.059061]
[ 3085.059524] The buggy address belongs to the physical page:
[ 3085.060119] page:00000000c64bd5e5 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x56214
[ 3085.061121] head:00000000c64bd5e5 order:2 compound_mapcount:0 compound_pincount:0
[ 3085.061908] flags: 0xfffffc0010000(head|node=0|zone=1|lastcpupid=0x1fffff)
[ 3085.062664] raw: 000fffffc0010000 0000000000000000 dead000000000122 0000000000000000
[ 3085.063448] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[ 3085.064247] page dumped because: kasan: bad access detected
[ 3085.065097] Memory state around the buggy address:
[ 3085.065601] ffff888056215f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 3085.066315] ffff888056216000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 3085.067102] >ffff888056216080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[ 3085.067962] ^
[ 3085.068701] ffff888056216100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[ 3085.069581] ffff888056216180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[ 3085.070446] ==================================================================
[ 3085.071753] ok 13 - krealloc_pagealloc_less_oob
[ 3085.073368] ==================================================================
[ 3085.074723] BUG: KASAN: use-after-free in krealloc_uaf+0x1c7/0x450 [test_kasan]
[ 3085.075541] Read of size 1 at addr ffff888106fa6200 by task kunit_try_catch/119516
[ 3085.076563] CPU: 0 PID: 119516 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-256.1991_766543265.el9.x86_64+debug #1
[ 3085.078059] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 3085.078701] Call Trace:
[ 3085.078984]
[ 3085.079217] ? krealloc_uaf+0x1c7/0x450 [test_kasan]
[ 3085.079770] dump_stack_lvl+0x57/0x81
[ 3085.080223] print_address_description.constprop.0+0x1f/0x1e0
[ 3085.080871] ? krealloc_uaf+0x1c7/0x450 [test_kasan]
[ 3085.081389] print_report.cold+0x5c/0x237
[ 3085.081868] kasan_report+0xc9/0x100
[ 3085.082269] ? krealloc_uaf+0x1c7/0x450 [test_kasan]
[ 3085.082811] ? krealloc_uaf+0x1c7/0x450 [test_kasan]
[ 3085.083334] __kasan_check_byte+0x36/0x50
[ 3085.083763] krealloc+0x2e/0xe0
[ 3085.084120] krealloc_uaf+0x1c7/0x450 [test_kasan]
[ 3085.084644] ? kmalloc_memmove_negative_size+0x290/0x290 [test_kasan]
[ 3085.085312] ? rcu_read_lock_sched_held+0x12/0x80
[ 3085.085847] ? rcu_read_lock_sched_held+0x12/0x80
[ 3085.086325] ? lock_acquire+0x4ea/0x620
[ 3085.086754] ? rcu_read_unlock+0x40/0x40
[ 3085.087170] ? rcu_read_unlock+0x40/0x40
[ 3085.087577] ? rcu_read_lock_sched_held+0x12/0x80
[ 3085.088089] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 3085.088685] ? do_raw_spin_lock+0x270/0x270
[ 3085.089143] ? trace_hardirqs_on+0x2d/0x160
[ 3085.089630] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 3085.090152] ? kunit_add_resource+0x197/0x280 [kunit]
[ 3085.090700] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3085.091213] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 3085.091766] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3085.092427] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 3085.093011] kthread+0x2a7/0x350
[ 3085.093389] ? kthread_complete_and_exit+0x20/0x20
[ 3085.093945] ret_from_fork+0x22/0x30
[ 3085.094328]
[ 3085.094938] Allocated by task 119516:
[ 3085.095357] kasan_save_stack+0x1e/0x40
[ 3085.095832] __kasan_kmalloc+0x81/0xa0
[ 3085.096255] krealloc_uaf+0xaa/0x450 [test_kasan]
[ 3085.096808] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3085.097423] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3085.098208] kthread+0x2a7/0x350
[ 3085.098574] ret_from_fork+0x22/0x30
[ 3085.099185] Freed by task 119516:
[ 3085.099591] kasan_save_stack+0x1e/0x40
[ 3085.100057] kasan_set_track+0x21/0x30
[ 3085.100562] kasan_set_free_info+0x20/0x40
[ 3085.101059] __kasan_slab_free+0x108/0x170
[ 3085.101576] slab_free_freelist_hook+0x11d/0x1d0
[ 3085.102247] kfree+0xe2/0x3c0
[ 3085.102592] krealloc_uaf+0x147/0x450 [test_kasan]
[ 3085.103115] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3085.103634] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3085.104269] kthread+0x2a7/0x350
[ 3085.104648] ret_from_fork+0x22/0x30
[ 3085.105219] Last potentially related work creation:
[ 3085.105711] kasan_save_stack+0x1e/0x40
[ 3085.106112] __kasan_record_aux_stack+0x96/0xb0
[ 3085.106628] kvfree_call_rcu+0x7d/0x840
[ 3085.107082] dma_resv_list_free.part.0+0xd4/0x130
[ 3085.107639] dma_resv_fini+0x38/0x50
[ 3085.108029] drm_gem_object_release+0x73/0x100 [drm]
[ 3085.108586] qxl_ttm_bo_destroy+0x17f/0x200 [qxl]
[ 3085.109094] ttm_bo_release+0x68b/0xbc0 [ttm]
[ 3085.109580] ttm_bo_delayed_delete+0x312/0x550 [ttm]
[ 3085.110123] ttm_device_delayed_workqueue+0x18/0x70 [ttm]
[ 3085.110697] process_one_work+0x8e5/0x1520
[ 3085.111136] worker_thread+0x59e/0xf90
[ 3085.111552] kthread+0x2a7/0x350
[ 3085.111938] ret_from_fork+0x22/0x30
[ 3085.112522] Second to last potentially related work creation:
[ 3085.113153] kasan_save_stack+0x1e/0x40
[ 3085.113593] __kasan_record_aux_stack+0x96/0xb0
[ 3085.114077] kvfree_call_rcu+0x7d/0x840
[ 3085.114467] dma_resv_list_free.part.0+0xd4/0x130
[ 3085.114961] dma_resv_fini+0x38/0x50
[ 3085.115330] drm_gem_object_release+0x73/0x100 [drm]
[ 3085.115902] qxl_ttm_bo_destroy+0x17f/0x200 [qxl]
[ 3085.116371] ttm_bo_release+0x68b/0xbc0 [ttm]
[ 3085.116857] ttm_bo_delayed_delete+0x312/0x550 [ttm]
[ 3085.117376] ttm_device_delayed_workqueue+0x18/0x70 [ttm]
[ 3085.117923] process_one_work+0x8e5/0x1520
[ 3085.118341] worker_thread+0x59e/0xf90
[ 3085.118739] kthread+0x2a7/0x350
[ 3085.119070] ret_from_fork+0x22/0x30
[ 3085.119660] The buggy address belongs to the object at ffff888106fa6200
which belongs to the cache kmalloc-256 of size 256
[ 3085.120928] The buggy address is located 0 bytes inside of
256-byte region [ffff888106fa6200, ffff888106fa6300)
[ 3085.122239] The buggy address belongs to the physical page:
[ 3085.122826] page:00000000d2d6dd69 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106fa6
[ 3085.123826] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff)
[ 3085.124561] raw: 0017ffffc0000200 ffffea00002bfa80 dead000000000007 ffff888100041b40
[ 3085.125344] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000
[ 3085.126158] page dumped because: kasan: bad access detected
[ 3085.126927] Memory state around the buggy address:
[ 3085.127418] ffff888106fa6100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 3085.128245] ffff888106fa6180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 3085.128999] >ffff888106fa6200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 3085.129802] ^
[ 3085.130177] ffff888106fa6280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 3085.130999] ffff888106fa6300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 3085.131943] ==================================================================
[ 3085.133479] ==================================================================
[ 3085.134505] BUG: KASAN: use-after-free in krealloc_uaf+0x42e/0x450 [test_kasan]
[ 3085.135454] Read of size 1 at addr ffff888106fa6200 by task kunit_try_catch/119516
[ 3085.136466] CPU: 0 PID: 119516 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-256.1991_766543265.el9.x86_64+debug #1
[ 3085.137843] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 3085.138426] Call Trace:
[ 3085.138724]
[ 3085.138978] ? krealloc_uaf+0x42e/0x450 [test_kasan]
[ 3085.139495] dump_stack_lvl+0x57/0x81
[ 3085.140032] print_address_description.constprop.0+0x1f/0x1e0
[ 3085.140693] ? krealloc_uaf+0x42e/0x450 [test_kasan]
[ 3085.141329] print_report.cold+0x5c/0x237
[ 3085.141905] kasan_report+0xc9/0x100
[ 3085.142344] ? krealloc_uaf+0x42e/0x450 [test_kasan]
[ 3085.142890] krealloc_uaf+0x42e/0x450 [test_kasan]
[ 3085.143419] ? kmalloc_memmove_negative_size+0x290/0x290 [test_kasan]
[ 3085.144117] ? rcu_read_lock_sched_held+0x12/0x80
[ 3085.144660] ? rcu_read_lock_sched_held+0x12/0x80
[ 3085.145192] ? lock_acquire+0x4ea/0x620
[ 3085.145624] ? rcu_read_unlock+0x40/0x40
[ 3085.146049] ? rcu_read_unlock+0x40/0x40
[ 3085.146460] ? rcu_read_lock_sched_held+0x12/0x80
[ 3085.146962] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 3085.147538] ? do_raw_spin_lock+0x270/0x270
[ 3085.147976] ? kunit_ptr_not_err_assert_format+0x210/0x210 [kunit]
[ 3085.148794] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 3085.149364] ? kunit_add_resource+0x197/0x280 [kunit]
[ 3085.149942] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3085.150455] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 3085.150985] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3085.151606] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 3085.152135] kthread+0x2a7/0x350
[ 3085.152480] ? kthread_complete_and_exit+0x20/0x20
[ 3085.152990] ret_from_fork+0x22/0x30
[ 3085.153382]
[ 3085.153860] Allocated by task 119516:
[ 3085.154444] kasan_save_stack+0x1e/0x40
[ 3085.154954] __kasan_kmalloc+0x81/0xa0
[ 3085.155602] krealloc_uaf+0xaa/0x450 [test_kasan]
[ 3085.156275] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3085.156992] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3085.157725] kthread+0x2a7/0x350
[ 3085.158122] ret_from_fork+0x22/0x30
[ 3085.158732] Freed by task 119516:
[ 3085.159109] kasan_save_stack+0x1e/0x40
[ 3085.159564] kasan_set_track+0x21/0x30
[ 3085.160038] kasan_set_free_info+0x20/0x40
[ 3085.160474] __kasan_slab_free+0x108/0x170
[ 3085.160959] slab_free_freelist_hook+0x11d/0x1d0
[ 3085.161470] kfree+0xe2/0x3c0
[ 3085.161922] krealloc_uaf+0x147/0x450 [test_kasan]
[ 3085.162468] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3085.163004] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3085.163691] kthread+0x2a7/0x350
[ 3085.164099] ret_from_fork+0x22/0x30
[ 3085.164714] Last potentially related work creation:
[ 3085.165234] kasan_save_stack+0x1e/0x40
[ 3085.165632] __kasan_record_aux_stack+0x96/0xb0
[ 3085.166096] kvfree_call_rcu+0x7d/0x840
[ 3085.166506] dma_resv_list_free.part.0+0xd4/0x130
[ 3085.166988] dma_resv_fini+0x38/0x50
[ 3085.167372] drm_gem_object_release+0x73/0x100 [drm]
[ 3085.168014] qxl_ttm_bo_destroy+0x17f/0x200 [qxl]
[ 3085.168511] ttm_bo_release+0x68b/0xbc0 [ttm]
[ 3085.168965] ttm_bo_delayed_delete+0x312/0x550 [ttm]
[ 3085.169483] ttm_device_delayed_workqueue+0x18/0x70 [ttm]
[ 3085.170097] process_one_work+0x8e5/0x1520
[ 3085.170552] worker_thread+0x59e/0xf90
[ 3085.171027] kthread+0x2a7/0x350
[ 3085.171403] ret_from_fork+0x22/0x30
[ 3085.172199] Second to last potentially related work creation:
[ 3085.172877] kasan_save_stack+0x1e/0x40
[ 3085.173297] __kasan_record_aux_stack+0x96/0xb0
[ 3085.173782] kvfree_call_rcu+0x7d/0x840
[ 3085.174257] dma_resv_list_free.part.0+0xd4/0x130
[ 3085.174781] dma_resv_fini+0x38/0x50
[ 3085.175173] drm_gem_object_release+0x73/0x100 [drm]
[ 3085.175784] qxl_ttm_bo_destroy+0x17f/0x200 [qxl]
[ 3085.176312] ttm_bo_release+0x68b/0xbc0 [ttm]
[ 3085.176828] ttm_bo_delayed_delete+0x312/0x550 [ttm]
[ 3085.177339] ttm_device_delayed_workqueue+0x18/0x70 [ttm]
[ 3085.177899] process_one_work+0x8e5/0x1520
[ 3085.178318] worker_thread+0x59e/0xf90
[ 3085.178722] kthread+0x2a7/0x350
[ 3085.179111] ret_from_fork+0x22/0x30
[ 3085.179775] The buggy address belongs to the object at ffff888106fa6200
which belongs to the cache kmalloc-256 of size 256
[ 3085.181132] The buggy address is located 0 bytes inside of
256-byte region [ffff888106fa6200, ffff888106fa6300)
[ 3085.182496] The buggy address belongs to the physical page:
[ 3085.183051] page:00000000d2d6dd69 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106fa6
[ 3085.184003] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff)
[ 3085.184863] raw: 0017ffffc0000200 ffffea00002bfa80 dead000000000007 ffff888100041b40
[ 3085.185737] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000
[ 3085.186549] page dumped because: kasan: bad access detected
[ 3085.187378] Memory state around the buggy address:
[ 3085.188009] ffff888106fa6100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 3085.188778] ffff888106fa6180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 3085.189541] >ffff888106fa6200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 3085.190292] ^
[ 3085.190651] ffff888106fa6280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 3085.191366] ffff888106fa6300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 3085.192344] ==================================================================
[ 3085.193540] ok 14 - krealloc_uaf
[ 3085.195337] ==================================================================
[ 3085.196646] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x399/0x3b0 [test_kasan]
[ 3085.197591] Write of size 16 at addr ffff888054dab440 by task kunit_try_catch/119517
[ 3085.198686] CPU: 0 PID: 119517 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-256.1991_766543265.el9.x86_64+debug #1
[ 3085.200252] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 3085.200841] Call Trace:
[ 3085.201130]
[ 3085.201381] ? kmalloc_oob_16+0x399/0x3b0 [test_kasan]
[ 3085.201978] dump_stack_lvl+0x57/0x81
[ 3085.202472] print_address_description.constprop.0+0x1f/0x1e0
[ 3085.203169] ? kmalloc_oob_16+0x399/0x3b0 [test_kasan]
[ 3085.203794] print_report.cold+0x5c/0x237
[ 3085.204250] kasan_report+0xc9/0x100
[ 3085.204661] ? kmalloc_oob_16+0x399/0x3b0 [test_kasan]
[ 3085.205243] kmalloc_oob_16+0x399/0x3b0 [test_kasan]
[ 3085.205785] ? kmalloc_uaf_16+0x3b0/0x3b0 [test_kasan]
[ 3085.206359] ? do_raw_spin_trylock+0xb5/0x180
[ 3085.206812] ? do_raw_spin_lock+0x270/0x270
[ 3085.207276] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 3085.207910] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 3085.208443] ? kunit_add_resource+0x197/0x280 [kunit]
[ 3085.209026] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3085.209480] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 3085.210015] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3085.210655] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 3085.211190] kthread+0x2a7/0x350
[ 3085.211567] ? kthread_complete_and_exit+0x20/0x20
[ 3085.212082] ret_from_fork+0x22/0x30
[ 3085.212469]
[ 3085.212943] Allocated by task 119517:
[ 3085.213318] kasan_save_stack+0x1e/0x40
[ 3085.213713] __kasan_kmalloc+0x81/0xa0
[ 3085.214100] kmalloc_oob_16+0xa4/0x3b0 [test_kasan]
[ 3085.214775] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3085.215468] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3085.216297] kthread+0x2a7/0x350
[ 3085.216791] ret_from_fork+0x22/0x30
[ 3085.217577] The buggy address belongs to the object at ffff888054dab440
which belongs to the cache kmalloc-16 of size 16
[ 3085.219075] The buggy address is located 0 bytes inside of
16-byte region [ffff888054dab440, ffff888054dab450)
[ 3085.220578] The buggy address belongs to the physical page:
[ 3085.221161] page:000000003e53b5cf refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x54dab
[ 3085.222359] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 3085.223094] raw: 000fffffc0000200 dead000000000100 dead000000000122 ffff8881000413c0
[ 3085.223935] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000
[ 3085.224796] page dumped because: kasan: bad access detected
[ 3085.225579] Memory state around the buggy address:
[ 3085.226065] ffff888054dab300: 00 00 fc fc fb fb fc fc 00 00 fc fc fb fb fc fc
[ 3085.226788] ffff888054dab380: fb fb fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 3085.227484] >ffff888054dab400: 00 00 fc fc fb fb fc fc 00 05 fc fc 00 00 fc fc
[ 3085.228252] ^
[ 3085.228894] ffff888054dab480: fb fb fc fc fb fb fc fc fb fb fc fc 00 00 fc fc
[ 3085.229646] ffff888054dab500: 00 00 fc fc fb fb fc fc fa fb fc fc fb fb fc fc
[ 3085.230440] ==================================================================
[ 3085.231655] ok 15 - kmalloc_oob_16
[ 3085.233415] ==================================================================
[ 3085.234890] BUG: KASAN: use-after-free in kmalloc_uaf_16+0x38a/0x3b0 [test_kasan]
[ 3085.235757] Read of size 16 at addr ffff888054dabd40 by task kunit_try_catch/119518
[ 3085.236785] CPU: 0 PID: 119518 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-256.1991_766543265.el9.x86_64+debug #1
[ 3085.238182] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 3085.238816] Call Trace:
[ 3085.239143]
[ 3085.239377] ? kmalloc_uaf_16+0x38a/0x3b0 [test_kasan]
[ 3085.239955] dump_stack_lvl+0x57/0x81
[ 3085.240345] print_address_description.constprop.0+0x1f/0x1e0
[ 3085.241041] ? kmalloc_uaf_16+0x38a/0x3b0 [test_kasan]
[ 3085.241642] print_report.cold+0x5c/0x237
[ 3085.242087] kasan_report+0xc9/0x100
[ 3085.242562] ? kmalloc_uaf_16+0x38a/0x3b0 [test_kasan]
[ 3085.243137] kmalloc_uaf_16+0x38a/0x3b0 [test_kasan]
[ 3085.243869] ? kmalloc_uaf+0x2b0/0x2b0 [test_kasan]
[ 3085.244460] ? do_raw_spin_trylock+0xb5/0x180
[ 3085.245074] ? do_raw_spin_lock+0x270/0x270
[ 3085.245529] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 3085.246103] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 3085.246617] ? kunit_add_resource+0x197/0x280 [kunit]
[ 3085.247170] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3085.247726] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 3085.248317] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3085.248924] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 3085.249448] kthread+0x2a7/0x350
[ 3085.249947] ? kthread_complete_and_exit+0x20/0x20
[ 3085.250526] ret_from_fork+0x22/0x30
[ 3085.250952]
[ 3085.251346] Allocated by task 119518:
[ 3085.251840] kasan_save_stack+0x1e/0x40
[ 3085.252233] __kasan_kmalloc+0x81/0xa0
[ 3085.252828] kmalloc_uaf_16+0x15d/0x3b0 [test_kasan]
[ 3085.253619] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3085.254231] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3085.255210] kthread+0x2a7/0x350
[ 3085.255687] ret_from_fork+0x22/0x30
[ 3085.256376] Freed by task 119518:
[ 3085.256801] kasan_save_stack+0x1e/0x40
[ 3085.257304] kasan_set_track+0x21/0x30
[ 3085.257823] kasan_set_free_info+0x20/0x40
[ 3085.258259] __kasan_slab_free+0x108/0x170
[ 3085.258673] slab_free_freelist_hook+0x11d/0x1d0
[ 3085.259111] kfree+0xe2/0x3c0
[ 3085.259428] kmalloc_uaf_16+0x1e8/0x3b0 [test_kasan]
[ 3085.260007] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3085.260566] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3085.261227] kthread+0x2a7/0x350
[ 3085.261592] ret_from_fork+0x22/0x30
[ 3085.262186] The buggy address belongs to the object at ffff888054dabd40
which belongs to the cache kmalloc-16 of size 16
[ 3085.263404] The buggy address is located 0 bytes inside of
16-byte region [ffff888054dabd40, ffff888054dabd50)
[ 3085.264791] The buggy address belongs to the physical page:
[ 3085.265371] page:000000003e53b5cf refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x54dab
[ 3085.266398] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 3085.267179] raw: 000fffffc0000200 dead000000000100 dead000000000122 ffff8881000413c0
[ 3085.267948] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000
[ 3085.268674] page dumped because: kasan: bad access detected
[ 3085.269363] Memory state around the buggy address:
[ 3085.269817] ffff888054dabc00: 00 00 fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[ 3085.270487] ffff888054dabc80: 00 00 fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[ 3085.271171] >ffff888054dabd00: fb fb fc fc 00 00 fc fc fa fb fc fc fb fb fc fc
[ 3085.271929] ^
[ 3085.272566] ffff888054dabd80: 00 00 fc fc 00 00 fc fc fb fb fc fc fb fb fc fc
[ 3085.273403] ffff888054dabe00: 00 00 fc fc fb fb fc fc fa fb fc fc 00 00 fc fc
[ 3085.274211] ==================================================================
[ 3085.275357] ok 16 - kmalloc_uaf_16
[ 3085.278416] ==================================================================
[ 3085.279567] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x1b3/0x280 [test_kasan]
[ 3085.280447] Write of size 128 at addr ffff8881063e4d00 by task kunit_try_catch/119519
[ 3085.281567] CPU: 0 PID: 119519 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-256.1991_766543265.el9.x86_64+debug #1
[ 3085.283014] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 3085.283569] Call Trace:
[ 3085.283817]
[ 3085.284039] ? kmalloc_oob_in_memset+0x1b3/0x280 [test_kasan]
[ 3085.284630] dump_stack_lvl+0x57/0x81
[ 3085.285022] print_address_description.constprop.0+0x1f/0x1e0
[ 3085.285582] ? kmalloc_oob_in_memset+0x1b3/0x280 [test_kasan]
[ 3085.286112] print_report.cold+0x5c/0x237
[ 3085.286472] kasan_report+0xc9/0x100
[ 3085.286824] ? kmalloc_oob_in_memset+0x1b3/0x280 [test_kasan]
[ 3085.287380] kasan_check_range+0xfd/0x1e0
[ 3085.287807] memset+0x20/0x50
[ 3085.288153] kmalloc_oob_in_memset+0x1b3/0x280 [test_kasan]
[ 3085.288741] ? kmalloc_oob_memset_2+0x290/0x290 [test_kasan]
[ 3085.289311] ? do_raw_spin_trylock+0xb5/0x180
[ 3085.289782] ? do_raw_spin_lock+0x270/0x270
[ 3085.290224] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 3085.290762] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 3085.291325] ? kunit_add_resource+0x197/0x280 [kunit]
[ 3085.291927] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3085.292428] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 3085.292973] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3085.293594] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 3085.294123] kthread+0x2a7/0x350
[ 3085.294448] ? kthread_complete_and_exit+0x20/0x20
[ 3085.295037] ret_from_fork+0x22/0x30
[ 3085.295396]
[ 3085.295875] Allocated by task 119519:
[ 3085.296248] kasan_save_stack+0x1e/0x40
[ 3085.296661] __kasan_kmalloc+0x81/0xa0
[ 3085.297084] kmalloc_oob_in_memset+0x9c/0x280 [test_kasan]
[ 3085.297654] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3085.298214] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3085.298900] kthread+0x2a7/0x350
[ 3085.299268] ret_from_fork+0x22/0x30
[ 3085.299892] Last potentially related work creation:
[ 3085.300449] kasan_save_stack+0x1e/0x40
[ 3085.300925] __kasan_record_aux_stack+0x96/0xb0
[ 3085.301419] kvfree_call_rcu+0x7d/0x840
[ 3085.301801] dma_resv_reserve_fences+0x35d/0x680
[ 3085.302250] ttm_eu_reserve_buffers+0x42c/0x1070 [ttm]
[ 3085.302749] qxl_release_reserve_list+0xe5/0x320 [qxl]
[ 3085.303238] qxl_draw_dirty_fb+0x40e/0x1c70 [qxl]
[ 3085.303804] qxl_framebuffer_surface_dirty+0x307/0x610 [qxl]
[ 3085.304465] drm_fb_helper_damage_work+0x537/0x8c0 [drm_kms_helper]
[ 3085.305266] process_one_work+0x8e5/0x1520
[ 3085.305712] worker_thread+0x59e/0xf90
[ 3085.306078] kthread+0x2a7/0x350
[ 3085.306403] ret_from_fork+0x22/0x30
[ 3085.306924] Second to last potentially related work creation:
[ 3085.307604] kasan_save_stack+0x1e/0x40
[ 3085.308063] __kasan_record_aux_stack+0x96/0xb0
[ 3085.308547] insert_work+0x47/0x310
[ 3085.308927] __queue_work+0x4dd/0xd60
[ 3085.309297] rcu_work_rcufn+0x42/0x70
[ 3085.309763] rcu_do_batch+0x3c5/0xdc0
[ 3085.310120] rcu_core+0x3de/0x5a0
[ 3085.310431] __do_softirq+0x2d3/0x9a8
[ 3085.310955] The buggy address belongs to the object at ffff8881063e4d00
which belongs to the cache kmalloc-128 of size 128
[ 3085.313760] The buggy address is located 0 bytes inside of
128-byte region [ffff8881063e4d00, ffff8881063e4d80)
[ 3085.316907] The buggy address belongs to the physical page:
[ 3085.318191] page:000000002432817f refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1063e4
[ 3085.320301] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff)
[ 3085.321753] raw: 0017ffffc0000200 ffffea000414be80 dead000000000004 ffff8881000418c0
[ 3085.323235] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[ 3085.324727] page dumped because: kasan: bad access detected
[ 3085.326129] Memory state around the buggy address:
[ 3085.327070] ffff8881063e4c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 3085.328461] ffff8881063e4c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 3085.329857] >ffff8881063e4d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[ 3085.331244] ^
[ 3085.332560] ffff8881063e4d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 3085.333855] ffff8881063e4e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 3085.335157] ==================================================================
[ 3085.336966] ok 17 - kmalloc_oob_in_memset
[ 3085.340420] ==================================================================
[ 3085.342650] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x1b6/0x290 [test_kasan]
[ 3085.344058] Write of size 2 at addr ffff8881063e4677 by task kunit_try_catch/119520
[ 3085.345667] CPU: 0 PID: 119520 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-256.1991_766543265.el9.x86_64+debug #1
[ 3085.347921] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 3085.348899] Call Trace:
[ 3085.349338]
[ 3085.349745] ? kmalloc_oob_memset_2+0x1b6/0x290 [test_kasan]
[ 3085.350717] dump_stack_lvl+0x57/0x81
[ 3085.351350] print_address_description.constprop.0+0x1f/0x1e0
[ 3085.352357] ? kmalloc_oob_memset_2+0x1b6/0x290 [test_kasan]
[ 3085.353284] print_report.cold+0x5c/0x237
[ 3085.353950] kasan_report+0xc9/0x100
[ 3085.354548] ? kmalloc_oob_memset_2+0x1b6/0x290 [test_kasan]
[ 3085.355544] kasan_check_range+0xfd/0x1e0
[ 3085.356235] memset+0x20/0x50
[ 3085.356713] kmalloc_oob_memset_2+0x1b6/0x290 [test_kasan]
[ 3085.357543] ? kmalloc_oob_memset_4+0x290/0x290 [test_kasan]
[ 3085.358396] ? do_raw_spin_trylock+0xb5/0x180
[ 3085.359058] ? do_raw_spin_lock+0x270/0x270
[ 3085.359691] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 3085.360516] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 3085.361247] ? kunit_add_resource+0x197/0x280 [kunit]
[ 3085.362004] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3085.362699] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 3085.363411] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3085.364267] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 3085.364997] kthread+0x2a7/0x350
[ 3085.365467] ? kthread_complete_and_exit+0x20/0x20
[ 3085.366163] ret_from_fork+0x22/0x30
[ 3085.366693]
[ 3085.367262] Allocated by task 119520:
[ 3085.367792] kasan_save_stack+0x1e/0x40
[ 3085.368340] __kasan_kmalloc+0x81/0xa0
[ 3085.368887] kmalloc_oob_memset_2+0x9c/0x290 [test_kasan]
[ 3085.369647] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3085.370335] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3085.371190] kthread+0x2a7/0x350
[ 3085.371797] ret_from_fork+0x22/0x30
[ 3085.372532] Last potentially related work creation:
[ 3085.373205] kasan_save_stack+0x1e/0x40
[ 3085.373742] __kasan_record_aux_stack+0x96/0xb0
[ 3085.374351] kvfree_call_rcu+0x7d/0x840
[ 3085.374875] drop_sysctl_table+0x338/0x460
[ 3085.375445] unregister_sysctl_table+0x9c/0x180
[ 3085.376066] sysctl_route_net_exit+0x58/0x80
[ 3085.376675] ops_exit_list+0x9c/0x170
[ 3085.377197] cleanup_net+0x42b/0x9a0
[ 3085.377695] process_one_work+0x8e5/0x1520
[ 3085.378248] worker_thread+0x59e/0xf90
[ 3085.378764] kthread+0x2a7/0x350
[ 3085.379209] ret_from_fork+0x22/0x30
[ 3085.379933] The buggy address belongs to the object at ffff8881063e4600
which belongs to the cache kmalloc-128 of size 128
[ 3085.381558] The buggy address is located 119 bytes inside of
128-byte region [ffff8881063e4600, ffff8881063e4680)
[ 3085.382821] The buggy address belongs to the physical page:
[ 3085.383286] page:000000002432817f refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1063e4
[ 3085.384065] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff)
[ 3085.384653] raw: 0017ffffc0000200 ffffea000414be80 dead000000000004 ffff8881000418c0
[ 3085.385294] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[ 3085.385940] page dumped because: kasan: bad access detected
[ 3085.386565] Memory state around the buggy address:
[ 3085.386980] ffff8881063e4500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 3085.387585] ffff8881063e4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 3085.388186] >ffff8881063e4600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[ 3085.388790] ^
[ 3085.389384] ffff8881063e4680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 3085.389989] ffff8881063e4700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 3085.390594] ==================================================================
[ 3085.391561] ok 18 - kmalloc_oob_memset_2
[ 3085.393395] ==================================================================
[ 3085.394393] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x1b6/0x290 [test_kasan]
[ 3085.395099] Write of size 4 at addr ffff8881063e4a75 by task kunit_try_catch/119521
[ 3085.395925] CPU: 0 PID: 119521 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-256.1991_766543265.el9.x86_64+debug #1
[ 3085.397073] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 3085.397574] Call Trace:
[ 3085.397794]
[ 3085.397988] ? kmalloc_oob_memset_4+0x1b6/0x290 [test_kasan]
[ 3085.398473] dump_stack_lvl+0x57/0x81
[ 3085.398802] print_address_description.constprop.0+0x1f/0x1e0
[ 3085.399292] ? kmalloc_oob_memset_4+0x1b6/0x290 [test_kasan]
[ 3085.399782] print_report.cold+0x5c/0x237
[ 3085.400131] kasan_report+0xc9/0x100
[ 3085.400446] ? kmalloc_oob_memset_4+0x1b6/0x290 [test_kasan]
[ 3085.400935] kasan_check_range+0xfd/0x1e0
[ 3085.401282] memset+0x20/0x50
[ 3085.401558] kmalloc_oob_memset_4+0x1b6/0x290 [test_kasan]
[ 3085.402118] ? kmalloc_oob_memset_8+0x290/0x290 [test_kasan]
[ 3085.402607] ? do_raw_spin_trylock+0xb5/0x180
[ 3085.402983] ? do_raw_spin_lock+0x270/0x270
[ 3085.403342] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 3085.403820] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 3085.404243] ? kunit_add_resource+0x197/0x280 [kunit]
[ 3085.404695] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3085.405114] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 3085.405563] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3085.406078] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 3085.406522] kthread+0x2a7/0x350
[ 3085.406807] ? kthread_complete_and_exit+0x20/0x20
[ 3085.407217] ret_from_fork+0x22/0x30
[ 3085.407539]
[ 3085.407884] Allocated by task 119521:
[ 3085.408199] kasan_save_stack+0x1e/0x40
[ 3085.408536] __kasan_kmalloc+0x81/0xa0
[ 3085.408859] kmalloc_oob_memset_4+0x9c/0x290 [test_kasan]
[ 3085.409321] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3085.409744] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3085.410257] kthread+0x2a7/0x350
[ 3085.410565] ret_from_fork+0x22/0x30
[ 3085.411061] Last potentially related work creation:
[ 3085.411484] kasan_save_stack+0x1e/0x40
[ 3085.411825] __kasan_record_aux_stack+0x96/0xb0
[ 3085.412212] kvfree_call_rcu+0x7d/0x840
[ 3085.412547] drop_sysctl_table+0x338/0x460
[ 3085.412897] unregister_sysctl_table+0x9c/0x180
[ 3085.413283] unix_sysctl_unregister+0x58/0x80
[ 3085.413676] unix_net_exit+0xe/0x50
[ 3085.413988] ops_exit_list+0x9c/0x170
[ 3085.414306] cleanup_net+0x42b/0x9a0
[ 3085.414725] process_one_work+0x8e5/0x1520
[ 3085.415127] worker_thread+0x59e/0xf90
[ 3085.415477] kthread+0x2a7/0x350
[ 3085.420013] ret_from_fork+0x22/0x30
[ 3085.420476] The buggy address belongs to the object at ffff8881063e4a00
which belongs to the cache kmalloc-128 of size 128
[ 3085.421503] The buggy address is located 117 bytes inside of
128-byte region [ffff8881063e4a00, ffff8881063e4a80)
[ 3085.422611] The buggy address belongs to the physical page:
[ 3085.423081] page:000000002432817f refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1063e4
[ 3085.423860] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff)
[ 3085.424438] raw: 0017ffffc0000200 ffffea000414be80 dead000000000004 ffff8881000418c0
[ 3085.425084] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[ 3085.425757] page dumped because: kasan: bad access detected
[ 3085.426396] Memory state around the buggy address:
[ 3085.426806] ffff8881063e4900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 3085.427402] ffff8881063e4980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 3085.428004] >ffff8881063e4a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[ 3085.428604] ^
[ 3085.429195] ffff8881063e4a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 3085.429797] ffff8881063e4b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 3085.430393] ==================================================================
[ 3085.431355] ok 19 - kmalloc_oob_memset_4
[ 3085.433347] ==================================================================
[ 3085.434345] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x1b6/0x290 [test_kasan]
[ 3085.435045] Write of size 8 at addr ffff8881063e4b71 by task kunit_try_catch/119522
[ 3085.435833] CPU: 0 PID: 119522 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-256.1991_766543265.el9.x86_64+debug #1
[ 3085.436972] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 3085.437460] Call Trace:
[ 3085.437698]
[ 3085.437893] ? kmalloc_oob_memset_8+0x1b6/0x290 [test_kasan]
[ 3085.438376] dump_stack_lvl+0x57/0x81
[ 3085.438704] print_address_description.constprop.0+0x1f/0x1e0
[ 3085.439194] ? kmalloc_oob_memset_8+0x1b6/0x290 [test_kasan]
[ 3085.439684] print_report.cold+0x5c/0x237
[ 3085.440032] kasan_report+0xc9/0x100
[ 3085.440346] ? kmalloc_oob_memset_8+0x1b6/0x290 [test_kasan]
[ 3085.440875] kasan_check_range+0xfd/0x1e0
[ 3085.441248] memset+0x20/0x50
[ 3085.441522] kmalloc_oob_memset_8+0x1b6/0x290 [test_kasan]
[ 3085.441995] ? kmalloc_oob_memset_16+0x290/0x290 [test_kasan]
[ 3085.442490] ? do_raw_spin_trylock+0xb5/0x180
[ 3085.442878] ? do_raw_spin_lock+0x270/0x270
[ 3085.443242] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 3085.443723] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 3085.444149] ? kunit_add_resource+0x197/0x280 [kunit]
[ 3085.444592] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3085.445012] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 3085.445448] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3085.445971] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 3085.446411] kthread+0x2a7/0x350
[ 3085.446702] ? kthread_complete_and_exit+0x20/0x20
[ 3085.447113] ret_from_fork+0x22/0x30
[ 3085.447433]
[ 3085.447786] Allocated by task 119522:
[ 3085.448102] kasan_save_stack+0x1e/0x40
[ 3085.448436] __kasan_kmalloc+0x81/0xa0
[ 3085.448766] kmalloc_oob_memset_8+0x9c/0x290 [test_kasan]
[ 3085.449225] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3085.449648] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3085.450165] kthread+0x2a7/0x350
[ 3085.450450] ret_from_fork+0x22/0x30
[ 3085.450912] Last potentially related work creation:
[ 3085.451324] kasan_save_stack+0x1e/0x40
[ 3085.451662] __kasan_record_aux_stack+0x96/0xb0
[ 3085.452052] insert_work+0x47/0x310
[ 3085.452358] __queue_work+0x4dd/0xd60
[ 3085.452690] rcu_work_rcufn+0x42/0x70
[ 3085.453019] rcu_do_batch+0x3c5/0xdc0
[ 3085.453338] rcu_core+0x3de/0x5a0
[ 3085.453660] __do_softirq+0x2d3/0x9a8
[ 3085.454281] Second to last potentially related work creation:
[ 3085.454810] kasan_save_stack+0x1e/0x40
[ 3085.455150] __kasan_record_aux_stack+0x96/0xb0
[ 3085.455564] call_rcu+0xee/0x890
[ 3085.455868] queue_rcu_work+0x5a/0x70
[ 3085.456210] writeback_sb_inodes+0x373/0xd00
[ 3085.456598] wb_writeback+0x25a/0xa10
[ 3085.456918] wb_do_writeback+0x1dd/0x8a0
[ 3085.457256] wb_workfn+0x12c/0x670
[ 3085.457564] process_one_work+0x8e5/0x1520
[ 3085.457917] worker_thread+0x59e/0xf90
[ 3085.458241] kthread+0x2a7/0x350
[ 3085.458529] ret_from_fork+0x22/0x30
[ 3085.458989] The buggy address belongs to the object at ffff8881063e4b00
which belongs to the cache kmalloc-128 of size 128
[ 3085.460019] The buggy address is located 113 bytes inside of
128-byte region [ffff8881063e4b00, ffff8881063e4b80)
[ 3085.461136] The buggy address belongs to the physical page:
[ 3085.461701] page:000000002432817f refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1063e4
[ 3085.462490] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff)
[ 3085.463078] raw: 0017ffffc0000200 ffffea000414be80 dead000000000004 ffff8881000418c0
[ 3085.463723] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[ 3085.464361] page dumped because: kasan: bad access detected
[ 3085.464980] Memory state around the buggy address:
[ 3085.465386] ffff8881063e4a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 3085.465989] ffff8881063e4a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 3085.466593] >ffff8881063e4b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[ 3085.467193] ^
[ 3085.467803] ffff8881063e4b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 3085.468406] ffff8881063e4c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 3085.469022] ==================================================================
[ 3085.469898] ok 20 - kmalloc_oob_memset_8
[ 3085.471357] ==================================================================
[ 3085.472392] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x1b6/0x290 [test_kasan]
[ 3085.473110] Write of size 16 at addr ffff8881063e4769 by task kunit_try_catch/119523
[ 3085.473911] CPU: 0 PID: 119523 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-256.1991_766543265.el9.x86_64+debug #1
[ 3085.475047] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 3085.475542] Call Trace:
[ 3085.475764]
[ 3085.475959] ? kmalloc_oob_memset_16+0x1b6/0x290 [test_kasan]
[ 3085.476449] dump_stack_lvl+0x57/0x81
[ 3085.476779] print_address_description.constprop.0+0x1f/0x1e0
[ 3085.477271] ? kmalloc_oob_memset_16+0x1b6/0x290 [test_kasan]
[ 3085.477770] print_report.cold+0x5c/0x237
[ 3085.478121] kasan_report+0xc9/0x100
[ 3085.478437] ? kmalloc_oob_memset_16+0x1b6/0x290 [test_kasan]
[ 3085.478940] kasan_check_range+0xfd/0x1e0
[ 3085.479284] memset+0x20/0x50
[ 3085.479557] kmalloc_oob_memset_16+0x1b6/0x290 [test_kasan]
[ 3085.480029] ? kmalloc_uaf_memset+0x280/0x280 [test_kasan]
[ 3085.480490] ? do_raw_spin_trylock+0xb5/0x180
[ 3085.480874] ? do_raw_spin_lock+0x270/0x270
[ 3085.481235] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 3085.481712] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 3085.482135] ? kunit_add_resource+0x197/0x280 [kunit]
[ 3085.482573] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3085.482992] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 3085.483422] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3085.483940] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 3085.484377] kthread+0x2a7/0x350
[ 3085.484676] ? kthread_complete_and_exit+0x20/0x20
[ 3085.485085] ret_from_fork+0x22/0x30
[ 3085.485402]
[ 3085.485786] Allocated by task 119523:
[ 3085.486129] kasan_save_stack+0x1e/0x40
[ 3085.486459] __kasan_kmalloc+0x81/0xa0
[ 3085.486788] kmalloc_oob_memset_16+0x9c/0x290 [test_kasan]
[ 3085.487255] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3085.487681] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3085.488198] kthread+0x2a7/0x350
[ 3085.488483] ret_from_fork+0x22/0x30
[ 3085.488947] Last potentially related work creation:
[ 3085.489360] kasan_save_stack+0x1e/0x40
[ 3085.489699] __kasan_record_aux_stack+0x96/0xb0
[ 3085.490088] kvfree_call_rcu+0x7d/0x840
[ 3085.490421] drop_sysctl_table+0x338/0x460
[ 3085.490778] unregister_sysctl_table+0x9c/0x180
[ 3085.491170] xfrm4_net_exit+0x5d/0x90
[ 3085.491502] ops_exit_list+0x9c/0x170
[ 3085.491947] cleanup_net+0x42b/0x9a0
[ 3085.492260] process_one_work+0x8e5/0x1520
[ 3085.492640] worker_thread+0x59e/0xf90
[ 3085.492988] kthread+0x2a7/0x350
[ 3085.493272] ret_from_fork+0x22/0x30
[ 3085.493735] Second to last potentially related work creation:
[ 3085.494217] kasan_save_stack+0x1e/0x40
[ 3085.494551] __kasan_record_aux_stack+0x96/0xb0
[ 3085.494940] insert_work+0x47/0x310
[ 3085.495242] __queue_work+0x4dd/0xd60
[ 3085.495564] rcu_work_rcufn+0x42/0x70
[ 3085.495887] rcu_do_batch+0x3c5/0xdc0
[ 3085.496205] rcu_core+0x3de/0x5a0
[ 3085.496500] __do_softirq+0x2d3/0x9a8
[ 3085.496966] The buggy address belongs to the object at ffff8881063e4700
which belongs to the cache kmalloc-128 of size 128
[ 3085.497990] The buggy address is located 105 bytes inside of
128-byte region [ffff8881063e4700, ffff8881063e4780)
[ 3085.499104] The buggy address belongs to the physical page:
[ 3085.499576] page:000000002432817f refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1063e4
[ 3085.500360] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff)
[ 3085.501001] raw: 0017ffffc0000200 ffffea000414be80 dead000000000004 ffff8881000418c0
[ 3085.501646] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[ 3085.502285] page dumped because: kasan: bad access detected
[ 3085.502901] Memory state around the buggy address:
[ 3085.503314] ffff8881063e4600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 3085.503918] ffff8881063e4680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 3085.504527] >ffff8881063e4700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[ 3085.505129] ^
[ 3085.505733] ffff8881063e4780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 3085.506339] ffff8881063e4800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 3085.506949] ==================================================================
[ 3085.507656] ok 21 - kmalloc_oob_memset_16
[ 3085.509343] ==================================================================
[ 3085.510355] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0x1c4/0x290 [test_kasan]
[ 3085.511091] Read of size 18446744073709551614 at addr ffff888101449004 by task kunit_try_catch/119524
[ 3085.512010] CPU: 0 PID: 119524 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-256.1991_766543265.el9.x86_64+debug #1
[ 3085.513140] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 3085.513634] Call Trace:
[ 3085.513859]
[ 3085.514054] ? kmalloc_memmove_negative_size+0x1c4/0x290 [test_kasan]
[ 3085.514715] dump_stack_lvl+0x57/0x81
[ 3085.515081] print_address_description.constprop.0+0x1f/0x1e0
[ 3085.515642] ? kmalloc_memmove_negative_size+0x1c4/0x290 [test_kasan]
[ 3085.516222] print_report.cold+0x5c/0x237
[ 3085.516577] kasan_report+0xc9/0x100
[ 3085.516892] ? kmalloc_memmove_negative_size+0x1c4/0x290 [test_kasan]
[ 3085.517434] kasan_check_range+0xfd/0x1e0
[ 3085.517789] memmove+0x20/0x60
[ 3085.518063] kmalloc_memmove_negative_size+0x1c4/0x290 [test_kasan]
[ 3085.518598] ? kmalloc_memmove_invalid_size+0x2a0/0x2a0 [test_kasan]
[ 3085.519137] ? do_raw_spin_trylock+0xb5/0x180
[ 3085.519519] ? do_raw_spin_lock+0x270/0x270
[ 3085.519884] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 3085.520358] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 3085.520794] ? kunit_add_resource+0x197/0x280 [kunit]
[ 3085.521232] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3085.521769] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 3085.522203] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3085.522726] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 3085.523166] kthread+0x2a7/0x350
[ 3085.523454] ? kthread_complete_and_exit+0x20/0x20
[ 3085.523872] ret_from_fork+0x22/0x30
[ 3085.524190]
[ 3085.524542] Allocated by task 119524:
[ 3085.524859] kasan_save_stack+0x1e/0x40
[ 3085.525191] __kasan_kmalloc+0x81/0xa0
[ 3085.525523] kmalloc_memmove_negative_size+0x9c/0x290 [test_kasan]
[ 3085.526046] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3085.526466] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3085.526991] kthread+0x2a7/0x350
[ 3085.527277] ret_from_fork+0x22/0x30
[ 3085.527817] The buggy address belongs to the object at ffff888101449000
which belongs to the cache kmalloc-64 of size 64
[ 3085.528842] The buggy address is located 4 bytes inside of
64-byte region [ffff888101449000, ffff888101449040)
[ 3085.529933] The buggy address belongs to the physical page:
[ 3085.530400] page:00000000ced168e2 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101449
[ 3085.531234] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff)
[ 3085.531819] raw: 0017ffffc0000200 ffffea000424f000 dead000000000002 ffff888100041640
[ 3085.532462] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000
[ 3085.533106] page dumped because: kasan: bad access detected
[ 3085.533725] Memory state around the buggy address:
[ 3085.534133] ffff888101448f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 3085.534745] ffff888101448f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 3085.535347] >ffff888101449000: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[ 3085.535956] ^
[ 3085.536241] ffff888101449080: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[ 3085.536853] ffff888101449100: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 3085.537464] ==================================================================
[ 3085.538615] ok 22 - kmalloc_memmove_negative_size
[ 3085.540371] ==================================================================
[ 3085.541437] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x1cf/0x2a0 [test_kasan]
[ 3085.542194] Read of size 64 at addr ffff888101449f04 by task kunit_try_catch/119525
[ 3085.542986] CPU: 0 PID: 119525 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-256.1991_766543265.el9.x86_64+debug #1
[ 3085.544119] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 3085.544609] Call Trace:
[ 3085.544828]
[ 3085.545022] ? kmalloc_memmove_invalid_size+0x1cf/0x2a0 [test_kasan]
[ 3085.545594] dump_stack_lvl+0x57/0x81
[ 3085.545935] print_address_description.constprop.0+0x1f/0x1e0
[ 3085.546443] ? kmalloc_memmove_invalid_size+0x1cf/0x2a0 [test_kasan]
[ 3085.546988] print_report.cold+0x5c/0x237
[ 3085.547336] kasan_report+0xc9/0x100
[ 3085.547657] ? kmalloc_memmove_invalid_size+0x1cf/0x2a0 [test_kasan]
[ 3085.548202] kasan_check_range+0xfd/0x1e0
[ 3085.548555] memmove+0x20/0x60
[ 3085.548830] kmalloc_memmove_invalid_size+0x1cf/0x2a0 [test_kasan]
[ 3085.549355] ? kmalloc_oob_in_memset+0x280/0x280 [test_kasan]
[ 3085.549855] ? do_raw_spin_trylock+0xb5/0x180
[ 3085.550236] ? do_raw_spin_lock+0x270/0x270
[ 3085.550605] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 3085.551079] ? kunit_add_resource+0x197/0x280 [kunit]
[ 3085.551520] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3085.552034] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 3085.552465] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3085.552991] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 3085.553433] kthread+0x2a7/0x350
[ 3085.553726] ? kthread_complete_and_exit+0x20/0x20
[ 3085.554135] ret_from_fork+0x22/0x30
[ 3085.554452]
[ 3085.554817] Allocated by task 119525:
[ 3085.555134] kasan_save_stack+0x1e/0x40
[ 3085.555468] __kasan_kmalloc+0x81/0xa0
[ 3085.555798] kmalloc_memmove_invalid_size+0xac/0x2a0 [test_kasan]
[ 3085.556314] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3085.556739] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3085.557255] kthread+0x2a7/0x350
[ 3085.557546] ret_from_fork+0x22/0x30
[ 3085.558006] The buggy address belongs to the object at ffff888101449f00
which belongs to the cache kmalloc-64 of size 64
[ 3085.559020] The buggy address is located 4 bytes inside of
64-byte region [ffff888101449f00, ffff888101449f40)
[ 3085.560116] The buggy address belongs to the physical page:
[ 3085.560611] page:00000000ced168e2 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101449
[ 3085.561424] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff)
[ 3085.562013] raw: 0017ffffc0000200 ffffea000424f000 dead000000000002 ffff888100041640
[ 3085.562660] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000
[ 3085.563304] page dumped because: kasan: bad access detected
[ 3085.563923] Memory state around the buggy address:
[ 3085.564331] ffff888101449e00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[ 3085.564940] ffff888101449e80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[ 3085.565548] >ffff888101449f00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[ 3085.566150] ^
[ 3085.566612] ffff888101449f80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 3085.567217] ffff88810144a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 3085.567826] ==================================================================
[ 3085.568484] ok 23 - kmalloc_memmove_invalid_size
[ 3085.569438] ==================================================================
[ 3085.570489] BUG: KASAN: use-after-free in kmalloc_uaf+0x286/0x2b0 [test_kasan]
[ 3085.571107] Read of size 1 at addr ffff888054dab0e8 by task kunit_try_catch/119526
[ 3085.571888] CPU: 0 PID: 119526 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-256.1991_766543265.el9.x86_64+debug #1
[ 3085.573028] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 3085.573521] Call Trace:
[ 3085.573743]
[ 3085.573938] ? kmalloc_uaf+0x286/0x2b0 [test_kasan]
[ 3085.574360] dump_stack_lvl+0x57/0x81
[ 3085.574687] print_address_description.constprop.0+0x1f/0x1e0
[ 3085.575177] ? kmalloc_uaf+0x286/0x2b0 [test_kasan]
[ 3085.575682] print_report.cold+0x5c/0x237
[ 3085.576064] kasan_report+0xc9/0x100
[ 3085.576377] ? kmalloc_uaf+0x286/0x2b0 [test_kasan]
[ 3085.576811] kmalloc_uaf+0x286/0x2b0 [test_kasan]
[ 3085.577218] ? kmalloc_uaf2+0x430/0x430 [test_kasan]
[ 3085.577652] ? do_raw_spin_trylock+0xb5/0x180
[ 3085.578034] ? do_raw_spin_lock+0x270/0x270
[ 3085.578398] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 3085.578881] ? kunit_add_resource+0x197/0x280 [kunit]
[ 3085.579316] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3085.579743] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 3085.580176] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3085.580697] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 3085.581135] kthread+0x2a7/0x350
[ 3085.581420] ? kthread_complete_and_exit+0x20/0x20
[ 3085.581936] ret_from_fork+0x22/0x30
[ 3085.582255]
[ 3085.582606] Allocated by task 119526:
[ 3085.582924] kasan_save_stack+0x1e/0x40
[ 3085.583257] __kasan_kmalloc+0x81/0xa0
[ 3085.583595] kmalloc_uaf+0x98/0x2b0 [test_kasan]
[ 3085.583994] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3085.584411] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3085.584931] kthread+0x2a7/0x350
[ 3085.585217] ret_from_fork+0x22/0x30
[ 3085.585678] Freed by task 119526:
[ 3085.585969] kasan_save_stack+0x1e/0x40
[ 3085.586301] kasan_set_track+0x21/0x30
[ 3085.586638] kasan_set_free_info+0x20/0x40
[ 3085.586990] __kasan_slab_free+0x108/0x170
[ 3085.587341] slab_free_freelist_hook+0x11d/0x1d0
[ 3085.587746] kfree+0xe2/0x3c0
[ 3085.588012] kmalloc_uaf+0x12b/0x2b0 [test_kasan]
[ 3085.588417] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3085.588837] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3085.589354] kthread+0x2a7/0x350
[ 3085.589644] ret_from_fork+0x22/0x30
[ 3085.590103] The buggy address belongs to the object at ffff888054dab0e0
which belongs to the cache kmalloc-16 of size 16
[ 3085.591177] The buggy address is located 8 bytes inside of
16-byte region [ffff888054dab0e0, ffff888054dab0f0)
[ 3085.592267] The buggy address belongs to the physical page:
[ 3085.592738] page:000000003e53b5cf refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x54dab
[ 3085.593510] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 3085.594087] raw: 000fffffc0000200 dead000000000100 dead000000000122 ffff8881000413c0
[ 3085.594739] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000
[ 3085.595382] page dumped because: kasan: bad access detected
[ 3085.595999] Memory state around the buggy address:
[ 3085.596406] ffff888054daaf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 3085.597013] ffff888054dab000: fb fb fc fc fa fb fc fc fb fb fc fc 00 00 fc fc
[ 3085.597622] >ffff888054dab080: 00 00 fc fc fb fb fc fc fa fb fc fc fa fb fc fc
[ 3085.598224] ^
[ 3085.598782] ffff888054dab100: fa fb fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc
[ 3085.599386] ffff888054dab180: fb fb fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 3085.599998] ==================================================================
[ 3085.600690] ok 24 - kmalloc_uaf
[ 3085.602391] ==================================================================
[ 3085.603329] BUG: KASAN: use-after-free in kmalloc_uaf_memset+0x1b4/0x280 [test_kasan]
[ 3085.603988] Write of size 33 at addr ffff8881093c0c00 by task kunit_try_catch/119527
[ 3085.604784] CPU: 0 PID: 119527 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-256.1991_766543265.el9.x86_64+debug #1
[ 3085.605970] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 3085.606471] Call Trace:
[ 3085.606698]
[ 3085.606893] ? kmalloc_uaf_memset+0x1b4/0x280 [test_kasan]
[ 3085.607362] dump_stack_lvl+0x57/0x81
[ 3085.607694] print_address_description.constprop.0+0x1f/0x1e0
[ 3085.608186] ? kmalloc_uaf_memset+0x1b4/0x280 [test_kasan]
[ 3085.608659] print_report.cold+0x5c/0x237
[ 3085.609009] kasan_report+0xc9/0x100
[ 3085.609324] ? kmalloc_uaf_memset+0xc1/0x280 [test_kasan]
[ 3085.609788] ? kmalloc_uaf_memset+0x1b4/0x280 [test_kasan]
[ 3085.610255] kasan_check_range+0xfd/0x1e0
[ 3085.610609] memset+0x20/0x50
[ 3085.610888] kmalloc_uaf_memset+0x1b4/0x280 [test_kasan]
[ 3085.611341] ? kmem_cache_accounted+0x170/0x170 [test_kasan]
[ 3085.611944] ? do_raw_spin_trylock+0xb5/0x180
[ 3085.612324] ? do_raw_spin_lock+0x270/0x270
[ 3085.612691] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 3085.613165] ? kunit_add_resource+0x197/0x280 [kunit]
[ 3085.613604] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3085.614026] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 3085.614459] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3085.615127] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 3085.615592] kthread+0x2a7/0x350
[ 3085.615878] ? kthread_complete_and_exit+0x20/0x20
[ 3085.616290] ret_from_fork+0x22/0x30
[ 3085.616616]
[ 3085.616963] Allocated by task 119527:
[ 3085.617279] kasan_save_stack+0x1e/0x40
[ 3085.617625] __kasan_kmalloc+0x81/0xa0
[ 3085.617949] kmalloc_uaf_memset+0x9a/0x280 [test_kasan]
[ 3085.618396] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3085.618822] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3085.619337] kthread+0x2a7/0x350
[ 3085.619633] ret_from_fork+0x22/0x30
[ 3085.620095] Freed by task 119527:
[ 3085.620385] kasan_save_stack+0x1e/0x40
[ 3085.620753] kasan_set_track+0x21/0x30
[ 3085.621106] kasan_set_free_info+0x20/0x40
[ 3085.621455] __kasan_slab_free+0x108/0x170
[ 3085.621810] slab_free_freelist_hook+0x11d/0x1d0
[ 3085.622207] kfree+0xe2/0x3c0
[ 3085.622471] kmalloc_uaf_memset+0x137/0x280 [test_kasan]
[ 3085.622927] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3085.623372] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3085.623976] kthread+0x2a7/0x350
[ 3085.624259] ret_from_fork+0x22/0x30
[ 3085.624719] Last potentially related work creation:
[ 3085.625129] kasan_save_stack+0x1e/0x40
[ 3085.625457] __kasan_record_aux_stack+0x96/0xb0
[ 3085.625854] kvfree_call_rcu+0x7d/0x840
[ 3085.626183] dma_resv_fini+0x38/0x50
[ 3085.626500] drm_gem_object_release+0x73/0x100 [drm]
[ 3085.626982] qxl_ttm_bo_destroy+0x17f/0x200 [qxl]
[ 3085.627390] ttm_bo_release+0x68b/0xbc0 [ttm]
[ 3085.627789] ttm_bo_delayed_delete+0x312/0x550 [ttm]
[ 3085.628222] ttm_device_delayed_workqueue+0x18/0x70 [ttm]
[ 3085.628688] process_one_work+0x8e5/0x1520
[ 3085.629039] worker_thread+0x59e/0xf90
[ 3085.629364] kthread+0x2a7/0x350
[ 3085.629654] ret_from_fork+0x22/0x30
[ 3085.630112] Second to last potentially related work creation:
[ 3085.630604] kasan_save_stack+0x1e/0x40
[ 3085.630936] __kasan_record_aux_stack+0x96/0xb0
[ 3085.631326] kvfree_call_rcu+0x7d/0x840
[ 3085.631664] dma_resv_reserve_fences+0x35d/0x680
[ 3085.632062] ttm_eu_reserve_buffers+0x42c/0x1070 [ttm]
[ 3085.632509] qxl_release_reserve_list+0xe5/0x320 [qxl]
[ 3085.632948] qxl_draw_dirty_fb+0x40e/0x1c70 [qxl]
[ 3085.633385] qxl_framebuffer_surface_dirty+0x307/0x610 [qxl]
[ 3085.633897] drm_fb_helper_damage_work+0x537/0x8c0 [drm_kms_helper]
[ 3085.634446] process_one_work+0x8e5/0x1520
[ 3085.634804] worker_thread+0x59e/0xf90
[ 3085.635129] kthread+0x2a7/0x350
[ 3085.635414] ret_from_fork+0x22/0x30
[ 3085.635917] The buggy address belongs to the object at ffff8881093c0c00
which belongs to the cache kmalloc-64 of size 64
[ 3085.636948] The buggy address is located 0 bytes inside of
64-byte region [ffff8881093c0c00, ffff8881093c0c40)
[ 3085.638039] The buggy address belongs to the physical page:
[ 3085.638513] page:000000003f9a5985 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1093c0
[ 3085.639298] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff)
[ 3085.639892] raw: 0017ffffc0000200 0000000000000000 dead000000000001 ffff888100041640
[ 3085.640545] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000
[ 3085.641189] page dumped because: kasan: bad access detected
[ 3085.642071] Memory state around the buggy address:
[ 3085.642591] ffff8881093c0b00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[ 3085.643334] ffff8881093c0b80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 3085.644079] >ffff8881093c0c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 3085.644880] ^
[ 3085.645229] ffff8881093c0c80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 3085.645983] ffff8881093c0d00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 3085.646721] ==================================================================
[ 3085.647886] ok 25 - kmalloc_uaf_memset
[ 3085.649405] ==================================================================
[ 3085.650877] BUG: KASAN: use-after-free in kmalloc_uaf2+0x402/0x430 [test_kasan]
[ 3085.651738] Read of size 1 at addr ffff8881093c03a8 by task kunit_try_catch/119528
[ 3085.652789] CPU: 0 PID: 119528 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-256.1991_766543265.el9.x86_64+debug #1
[ 3085.654434] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 3085.655308] Call Trace:
[ 3085.655740]
[ 3085.656112] ? kmalloc_uaf2+0x402/0x430 [test_kasan]
[ 3085.656910] dump_stack_lvl+0x57/0x81
[ 3085.657432] print_address_description.constprop.0+0x1f/0x1e0
[ 3085.658123] ? kmalloc_uaf2+0x402/0x430 [test_kasan]
[ 3085.658684] print_report.cold+0x5c/0x237
[ 3085.659158] kasan_report+0xc9/0x100
[ 3085.659620] ? kmalloc_uaf2+0x402/0x430 [test_kasan]
[ 3085.660199] kmalloc_uaf2+0x402/0x430 [test_kasan]
[ 3085.660840] ? kfree_via_page+0x290/0x290 [test_kasan]
[ 3085.661406] ? rcu_read_lock_sched_held+0x12/0x80
[ 3085.661904] ? lock_acquire+0x4ea/0x620
[ 3085.662317] ? rcu_read_unlock+0x40/0x40
[ 3085.662735] ? rcu_read_unlock+0x40/0x40
[ 3085.663157] ? rcu_read_lock_sched_held+0x12/0x80
[ 3085.663680] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 3085.664477] ? do_raw_spin_lock+0x270/0x270
[ 3085.665161] ? trace_hardirqs_on+0x2d/0x160
[ 3085.665779] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 3085.666460] ? kunit_add_resource+0x197/0x280 [kunit]
[ 3085.667100] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3085.667803] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 3085.668395] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3085.669025] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 3085.669557] kthread+0x2a7/0x350
[ 3085.669930] ? kthread_complete_and_exit+0x20/0x20
[ 3085.670444] ret_from_fork+0x22/0x30
[ 3085.670895]
[ 3085.671312] Allocated by task 119528:
[ 3085.671888] kasan_save_stack+0x1e/0x40
[ 3085.672327] __kasan_kmalloc+0x81/0xa0
[ 3085.672726] kmalloc_uaf2+0xad/0x430 [test_kasan]
[ 3085.673232] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3085.673791] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3085.674526] kthread+0x2a7/0x350
[ 3085.674915] ret_from_fork+0x22/0x30
[ 3085.675501] Freed by task 119528:
[ 3085.675923] kasan_save_stack+0x1e/0x40
[ 3085.676367] kasan_set_track+0x21/0x30
[ 3085.676891] kasan_set_free_info+0x20/0x40
[ 3085.677328] __kasan_slab_free+0x108/0x170
[ 3085.677771] slab_free_freelist_hook+0x11d/0x1d0
[ 3085.678356] kfree+0xe2/0x3c0
[ 3085.678737] kmalloc_uaf2+0x144/0x430 [test_kasan]
[ 3085.679285] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3085.679857] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3085.680622] kthread+0x2a7/0x350
[ 3085.681042] ret_from_fork+0x22/0x30
[ 3085.681801] Last potentially related work creation:
[ 3085.682398] kasan_save_stack+0x1e/0x40
[ 3085.682826] __kasan_record_aux_stack+0x96/0xb0
[ 3085.683304] kvfree_call_rcu+0x7d/0x840
[ 3085.683724] dma_resv_reserve_fences+0x35d/0x680
[ 3085.684213] ttm_eu_reserve_buffers+0x42c/0x1070 [ttm]
[ 3085.684766] qxl_release_reserve_list+0xe5/0x320 [qxl]
[ 3085.685321] qxl_draw_dirty_fb+0x40e/0x1c70 [qxl]
[ 3085.685824] qxl_framebuffer_surface_dirty+0x307/0x610 [qxl]
[ 3085.686417] drm_fb_helper_damage_work+0x537/0x8c0 [drm_kms_helper]
[ 3085.687182] process_one_work+0x8e5/0x1520
[ 3085.687670] worker_thread+0x59e/0xf90
[ 3085.688134] kthread+0x2a7/0x350
[ 3085.688482] ret_from_fork+0x22/0x30
[ 3085.689041] Second to last potentially related work creation:
[ 3085.689644] kasan_save_stack+0x1e/0x40
[ 3085.690047] __kasan_record_aux_stack+0x96/0xb0
[ 3085.690522] kvfree_call_rcu+0x7d/0x840
[ 3085.690957] dma_resv_reserve_fences+0x35d/0x680
[ 3085.691470] ttm_eu_reserve_buffers+0x42c/0x1070 [ttm]
[ 3085.692020] qxl_release_reserve_list+0xe5/0x320 [qxl]
[ 3085.692625] qxl_draw_dirty_fb+0x40e/0x1c70 [qxl]
[ 3085.693117] qxl_framebuffer_surface_dirty+0x307/0x610 [qxl]
[ 3085.693730] drm_fb_helper_damage_work+0x537/0x8c0 [drm_kms_helper]
[ 3085.694392] process_one_work+0x8e5/0x1520
[ 3085.694920] worker_thread+0x59e/0xf90
[ 3085.695345] kthread+0x2a7/0x350
[ 3085.695708] ret_from_fork+0x22/0x30
[ 3085.696334] The buggy address belongs to the object at ffff8881093c0380
which belongs to the cache kmalloc-64 of size 64
[ 3085.697640] The buggy address is located 40 bytes inside of
64-byte region [ffff8881093c0380, ffff8881093c03c0)
[ 3085.699043] The buggy address belongs to the physical page:
[ 3085.699658] page:000000003f9a5985 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1093c0
[ 3085.700649] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff)
[ 3085.701342] raw: 0017ffffc0000200 0000000000000000 dead000000000001 ffff888100041640
[ 3085.702295] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000
[ 3085.703090] page dumped because: kasan: bad access detected
[ 3085.703912] Memory state around the buggy address:
[ 3085.704579] ffff8881093c0280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 3085.705443] ffff8881093c0300: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 3085.706321] >ffff8881093c0380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 3085.707155] ^
[ 3085.707638] ffff8881093c0400: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[ 3085.708372] ffff8881093c0480: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 3085.709122] ==================================================================
[ 3085.710477] ok 26 - kmalloc_uaf2
[ 3085.713461] ok 27 - kfree_via_page
[ 3085.718546] ok 28 - kfree_via_phys
[ 3085.722159] ==================================================================
[ 3085.723353] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x2d4/0x2e0 [test_kasan]
[ 3085.724199] Read of size 1 at addr ffff8880524f2f38 by task kunit_try_catch/119531
[ 3085.725314] CPU: 0 PID: 119531 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-256.1991_766543265.el9.x86_64+debug #1
[ 3085.726805] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 3085.727404] Call Trace:
[ 3085.727738]
[ 3085.728026] ? kmem_cache_oob+0x2d4/0x2e0 [test_kasan]
[ 3085.728585] dump_stack_lvl+0x57/0x81
[ 3085.728989] print_address_description.constprop.0+0x1f/0x1e0
[ 3085.729605] ? kmem_cache_oob+0x2d4/0x2e0 [test_kasan]
[ 3085.730179] print_report.cold+0x5c/0x237
[ 3085.730680] kasan_report+0xc9/0x100
[ 3085.731166] ? kmem_cache_oob+0x2d4/0x2e0 [test_kasan]
[ 3085.731869] kmem_cache_oob+0x2d4/0x2e0 [test_kasan]
[ 3085.732408] ? kmem_cache_double_free+0x280/0x280 [test_kasan]
[ 3085.733051] ? do_raw_spin_trylock+0xb5/0x180
[ 3085.737177] ? do_raw_spin_lock+0x270/0x270
[ 3085.737652] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 3085.738238] ? kunit_add_resource+0x197/0x280 [kunit]
[ 3085.738759] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3085.739269] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 3085.739827] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3085.740468] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 3085.741002] kthread+0x2a7/0x350
[ 3085.741417] ? kthread_complete_and_exit+0x20/0x20
[ 3085.742098] ret_from_fork+0x22/0x30
[ 3085.742535]
[ 3085.742967] Allocated by task 119531:
[ 3085.743365] kasan_save_stack+0x1e/0x40
[ 3085.743822] __kasan_slab_alloc+0x66/0x80
[ 3085.744272] kmem_cache_alloc+0x161/0x310
[ 3085.744734] kmem_cache_oob+0x121/0x2e0 [test_kasan]
[ 3085.745278] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3085.745804] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3085.746448] kthread+0x2a7/0x350
[ 3085.746774] ret_from_fork+0x22/0x30
[ 3085.747291] The buggy address belongs to the object at ffff8880524f2e70
which belongs to the cache test_cache of size 200
[ 3085.748471] The buggy address is located 0 bytes to the right of
200-byte region [ffff8880524f2e70, ffff8880524f2f38)
[ 3085.749999] The buggy address belongs to the physical page:
[ 3085.750638] page:0000000095ec5237 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x524f2
[ 3085.751669] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 3085.752459] raw: 000fffffc0000200 0000000000000000 dead000000000122 ffff88800c861000
[ 3085.753249] raw: 0000000000000000 00000000800f000f 00000001ffffffff 0000000000000000
[ 3085.754056] page dumped because: kasan: bad access detected
[ 3085.754815] Memory state around the buggy address:
[ 3085.755326] ffff8880524f2e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc 00 00
[ 3085.756089] ffff8880524f2e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 3085.756841] >ffff8880524f2f00: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc
[ 3085.757622] ^
[ 3085.758257] ffff8880524f2f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 3085.759013] ffff8880524f3000: 00 00 00 00 00 fc fc 00 00 00 00 00 fc fc 00 00
[ 3085.759765] ==================================================================
[ 3085.955167] ok 29 - kmem_cache_oob
[ 3086.484608] ok 30 - kmem_cache_accounted
[ 3086.490642] ok 31 - kmem_cache_bulk
[ 3086.497320] ==================================================================
[ 3086.498451] BUG: KASAN: global-out-of-bounds in kasan_global_oob_right+0x1df/0x1f0 [test_kasan]
[ 3086.499320] Read of size 1 at addr ffffffffc177d90d by task kunit_try_catch/119534
[ 3086.500371] CPU: 0 PID: 119534 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-256.1991_766543265.el9.x86_64+debug #1
[ 3086.501742] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 3086.502306] Call Trace:
[ 3086.502559]
[ 3086.502778] ? kasan_global_oob_right+0x1df/0x1f0 [test_kasan]
[ 3086.503340] dump_stack_lvl+0x57/0x81
[ 3086.503707] print_address_description.constprop.0+0x1f/0x1e0
[ 3086.504261] ? kasan_global_oob_right+0x1df/0x1f0 [test_kasan]
[ 3086.504897] print_report.cold+0x5c/0x237
[ 3086.505312] kasan_report+0xc9/0x100
[ 3086.505697] ? kasan_global_oob_right+0x1df/0x1f0 [test_kasan]
[ 3086.506291] kasan_global_oob_right+0x1df/0x1f0 [test_kasan]
[ 3086.506839] ? kasan_stack_oob+0x200/0x200 [test_kasan]
[ 3086.507335] ? do_raw_spin_trylock+0xb5/0x180
[ 3086.507827] ? do_raw_spin_lock+0x270/0x270
[ 3086.508303] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 3086.508959] ? kunit_add_resource+0x197/0x280 [kunit]
[ 3086.509508] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3086.510069] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 3086.510567] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3086.511158] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 3086.511764] kthread+0x2a7/0x350
[ 3086.512117] ? kthread_complete_and_exit+0x20/0x20
[ 3086.512604] ret_from_fork+0x22/0x30
[ 3086.512998]
[ 3086.513668] The buggy address belongs to the variable:
[ 3086.514347] global_array+0xd/0xfffffffffffe5700 [test_kasan]
[ 3086.515539] Memory state around the buggy address:
[ 3086.516167] ffffffffc177d800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 3086.517045] ffffffffc177d880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 3086.518003] >ffffffffc177d900: 00 02 f9 f9 f9 f9 f9 f9 01 f9 f9 f9 f9 f9 f9 f9
[ 3086.518851] ^
[ 3086.519212] ffffffffc177d980: 02 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 f9 f9
[ 3086.520053] ffffffffc177da00: f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9
[ 3086.520770] ==================================================================
[ 3086.522064] ok 32 - kasan_global_oob_right
[ 3086.524320] ok 33 - kasan_global_oob_left # SKIP Test requires CONFIG_CC_IS_CLANG=y
[ 3086.527336] ==================================================================
[ 3086.528822] BUG: KASAN: stack-out-of-bounds in kasan_stack_oob+0x1eb/0x200 [test_kasan]
[ 3086.529644] Read of size 1 at addr ffffc90001cefe7a by task kunit_try_catch/119536
[ 3086.530575] CPU: 0 PID: 119536 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-256.1991_766543265.el9.x86_64+debug #1
[ 3086.531932] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 3086.532532] Call Trace:
[ 3086.532838]
[ 3086.533058] ? kasan_stack_oob+0x1eb/0x200 [test_kasan]
[ 3086.533560] dump_stack_lvl+0x57/0x81
[ 3086.533918] print_address_description.constprop.0+0x1f/0x1e0
[ 3086.534460] ? kasan_stack_oob+0x1eb/0x200 [test_kasan]
[ 3086.535022] print_report.cold+0x5c/0x237
[ 3086.535406] kasan_report+0xc9/0x100
[ 3086.535802] ? kasan_stack_oob+0x1eb/0x200 [test_kasan]
[ 3086.536331] kasan_stack_oob+0x1eb/0x200 [test_kasan]
[ 3086.536861] ? match_all_mem_tag+0x20/0x20 [test_kasan]
[ 3086.537370] ? rcu_read_unlock+0x40/0x40
[ 3086.537793] ? rcu_read_lock_sched_held+0x12/0x80
[ 3086.538291] ? do_raw_spin_trylock+0xb5/0x180
[ 3086.538754] ? do_raw_spin_lock+0x270/0x270
[ 3086.539169] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 3086.539746] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 3086.540291] ? kunit_add_resource+0x197/0x280 [kunit]
[ 3086.540857] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3086.541433] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 3086.542078] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3086.542668] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 3086.543165] kthread+0x2a7/0x350
[ 3086.543508] ? kthread_complete_and_exit+0x20/0x20
[ 3086.544004] ret_from_fork+0x22/0x30
[ 3086.544358]
[ 3086.544843] The buggy address belongs to stack of task kunit_try_catch/119536
[ 3086.545512] and is located at offset 266 in frame:
[ 3086.545972] kasan_stack_oob+0x0/0x200 [test_kasan]
[ 3086.546609] This frame has 4 objects:
[ 3086.546989] [48, 56) 'array'
[ 3086.546993] [80, 128) '__assertion'
[ 3086.547319] [160, 224) '__assertion'
[ 3086.547711] [256, 266) 'stack_array'
[ 3086.548628] The buggy address belongs to the virtual mapping at
[ffffc90001ce8000, ffffc90001cf1000) created by:
dup_task_struct+0x5e/0x5a0
[ 3086.550316] The buggy address belongs to the physical page:
[ 3086.550848] page:000000006ea0e1ce refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x51fc1
[ 3086.551740] flags: 0xfffffc0000000(node=0|zone=1|lastcpupid=0x1fffff)
[ 3086.552392] raw: 000fffffc0000000 0000000000000000 dead000000000122 0000000000000000
[ 3086.553166] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[ 3086.554228] page dumped because: kasan: bad access detected
[ 3086.555246] Memory state around the buggy address:
[ 3086.555916] ffffc90001cefd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1
[ 3086.556875] ffffc90001cefd80: f1 f1 f1 f1 00 f2 f2 f2 00 00 00 00 00 00 f2 f2
[ 3086.557679] >ffffc90001cefe00: f2 f2 00 00 00 00 00 00 00 00 f2 f2 f2 f2 00 02
[ 3086.558374] ^
[ 3086.559125] ffffc90001cefe80: f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 3086.559887] ffffc90001ceff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 3086.560584] ==================================================================
[ 3086.563559] ok 34 - kasan_stack_oob
[ 3086.566078] ==================================================================
[ 3086.567111] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_left+0x27d/0x2a0 [test_kasan]
[ 3086.568060] Read of size 1 at addr ffffc90001ccfd1f by task kunit_try_catch/119537
[ 3086.569003] CPU: 0 PID: 119537 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-256.1991_766543265.el9.x86_64+debug #1
[ 3086.570373] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 3086.571010] Call Trace:
[ 3086.571272]
[ 3086.571546] ? kasan_alloca_oob_left+0x27d/0x2a0 [test_kasan]
[ 3086.572294] dump_stack_lvl+0x57/0x81
[ 3086.572713] print_address_description.constprop.0+0x1f/0x1e0
[ 3086.573251] ? kasan_alloca_oob_left+0x27d/0x2a0 [test_kasan]
[ 3086.573812] print_report.cold+0x5c/0x237
[ 3086.574195] kasan_report+0xc9/0x100
[ 3086.574578] ? kasan_alloca_oob_left+0x27d/0x2a0 [test_kasan]
[ 3086.575164] kasan_alloca_oob_left+0x27d/0x2a0 [test_kasan]
[ 3086.575755] ? rcu_read_lock_sched_held+0x12/0x80
[ 3086.576207] ? rcu_read_lock_sched_held+0x12/0x80
[ 3086.576708] ? lock_acquire+0x4ea/0x620
[ 3086.577116] ? kasan_alloca_oob_right+0x290/0x290 [test_kasan]
[ 3086.577665] ? rcu_read_lock_sched_held+0x12/0x80
[ 3086.578121] ? do_raw_spin_trylock+0xb5/0x180
[ 3086.578562] ? do_raw_spin_lock+0x270/0x270
[ 3086.578974] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 3086.579532] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 3086.580060] ? kunit_add_resource+0x197/0x280 [kunit]
[ 3086.580575] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3086.581081] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 3086.581622] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3086.582271] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 3086.582772] kthread+0x2a7/0x350
[ 3086.583095] ? kthread_complete_and_exit+0x20/0x20
[ 3086.583573] ret_from_fork+0x22/0x30
[ 3086.583933]
[ 3086.584334] The buggy address belongs to stack of task kunit_try_catch/119537
[ 3086.585231] The buggy address belongs to the virtual mapping at
[ffffc90001cc8000, ffffc90001cd1000) created by:
dup_task_struct+0x5e/0x5a0
[ 3086.586944] The buggy address belongs to the physical page:
[ 3086.587487] page:00000000f6e080c5 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x51ac1
[ 3086.588360] flags: 0xfffffc0000000(node=0|zone=1|lastcpupid=0x1fffff)
[ 3086.589033] raw: 000fffffc0000000 0000000000000000 dead000000000122 0000000000000000
[ 3086.589830] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[ 3086.590555] page dumped because: kasan: bad access detected
[ 3086.591283] Memory state around the buggy address:
[ 3086.591784] ffffc90001ccfc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 3086.592628] ffffc90001ccfc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 3086.593415] >ffffc90001ccfd00: ca ca ca ca 00 02 cb cb cb cb cb cb 00 00 00 00
[ 3086.594276] ^
[ 3086.594817] ffffc90001ccfd80: f1 f1 f1 f1 04 f2 00 f2 f2 f2 00 00 00 00 00 00
[ 3086.595669] ffffc90001ccfe00: f2 f2 f2 f2 00 00 00 00 00 00 00 00 f3 f3 f3 f3
[ 3086.596657] ==================================================================
[ 3086.598003] ok 35 - kasan_alloca_oob_left
[ 3086.600312] ==================================================================
[ 3086.601933] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_right+0x275/0x290 [test_kasan]
[ 3086.602885] Read of size 1 at addr ffffc90001567d2a by task kunit_try_catch/119538
[ 3086.603845] CPU: 0 PID: 119538 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-256.1991_766543265.el9.x86_64+debug #1
[ 3086.605180] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 3086.605769] Call Trace:
[ 3086.606036]
[ 3086.606268] ? kasan_alloca_oob_right+0x275/0x290 [test_kasan]
[ 3086.606840] dump_stack_lvl+0x57/0x81
[ 3086.607204] print_address_description.constprop.0+0x1f/0x1e0
[ 3086.607771] ? kasan_alloca_oob_right+0x275/0x290 [test_kasan]
[ 3086.608328] print_report.cold+0x5c/0x237
[ 3086.608734] kasan_report+0xc9/0x100
[ 3086.609100] ? kasan_alloca_oob_right+0x275/0x290 [test_kasan]
[ 3086.609732] kasan_alloca_oob_right+0x275/0x290 [test_kasan]
[ 3086.610334] ? rcu_read_lock_sched_held+0x12/0x80
[ 3086.610864] ? rcu_read_lock_sched_held+0x12/0x80
[ 3086.611322] ? lock_acquire+0x4ea/0x620
[ 3086.611747] ? ksize_unpoisons_memory+0x300/0x300 [test_kasan]
[ 3086.612339] ? rcu_read_lock_sched_held+0x12/0x80
[ 3086.612854] ? do_raw_spin_trylock+0xb5/0x180
[ 3086.613286] ? do_raw_spin_lock+0x270/0x270
[ 3086.613745] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 3086.614295] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 3086.615093] ? kunit_add_resource+0x197/0x280 [kunit]
[ 3086.615852] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3086.616469] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 3086.617122] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3086.617934] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 3086.618518] kthread+0x2a7/0x350
[ 3086.618896] ? kthread_complete_and_exit+0x20/0x20
[ 3086.619444] ret_from_fork+0x22/0x30
[ 3086.619853]
[ 3086.620289] The buggy address belongs to stack of task kunit_try_catch/119538
[ 3086.621195] The buggy address belongs to the virtual mapping at
[ffffc90001560000, ffffc90001569000) created by:
dup_task_struct+0x5e/0x5a0
[ 3086.622866] The buggy address belongs to the physical page:
[ 3086.623466] page:00000000f7c20e69 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101c8
[ 3086.624457] flags: 0xfffffc0000000(node=0|zone=1|lastcpupid=0x1fffff)
[ 3086.625262] raw: 000fffffc0000000 0000000000000000 dead000000000122 0000000000000000
[ 3086.626116] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[ 3086.626868] page dumped because: kasan: bad access detected
[ 3086.627701] Memory state around the buggy address:
[ 3086.628215] ffffc90001567c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 3086.628936] ffffc90001567c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 3086.629653] >ffffc90001567d00: ca ca ca ca 00 02 cb cb cb cb cb cb 00 00 00 00
[ 3086.630405] ^
[ 3086.631362] ffffc90001567d80: f1 f1 f1 f1 04 f2 00 f2 f2 f2 00 00 00 00 00 00
[ 3086.632369] ffffc90001567e00: f2 f2 f2 f2 00 00 00 00 00 00 00 00 f3 f3 f3 f3
[ 3086.633097] ==================================================================
[ 3086.634211] ok 36 - kasan_alloca_oob_right
[ 3086.636380] ==================================================================
[ 3086.637578] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x2cf/0x300 [test_kasan]
[ 3086.638416] Read of size 1 at addr ffff88810607e080 by task kunit_try_catch/119539
[ 3086.639299] CPU: 0 PID: 119539 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-256.1991_766543265.el9.x86_64+debug #1
[ 3086.640736] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 3086.641325] Call Trace:
[ 3086.641618]
[ 3086.641890] ? ksize_unpoisons_memory+0x2cf/0x300 [test_kasan]
[ 3086.642469] dump_stack_lvl+0x57/0x81
[ 3086.642857] print_address_description.constprop.0+0x1f/0x1e0
[ 3086.643551] ? ksize_unpoisons_memory+0x2cf/0x300 [test_kasan]
[ 3086.644124] print_report.cold+0x5c/0x237
[ 3086.644556] kasan_report+0xc9/0x100
[ 3086.644967] ? ksize_unpoisons_memory+0x2cf/0x300 [test_kasan]
[ 3086.645554] ksize_unpoisons_memory+0x2cf/0x300 [test_kasan]
[ 3086.646151] ? ksize_uaf+0x4a0/0x4a0 [test_kasan]
[ 3086.646613] ? do_raw_spin_trylock+0xb5/0x180
[ 3086.647030] ? do_raw_spin_lock+0x270/0x270
[ 3086.647442] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 3086.647998] ? kunit_add_resource+0x197/0x280 [kunit]
[ 3086.648576] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3086.649119] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 3086.649646] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3086.650228] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 3086.650792] kthread+0x2a7/0x350
[ 3086.651156] ? kthread_complete_and_exit+0x20/0x20
[ 3086.651621] ret_from_fork+0x22/0x30
[ 3086.651979]
[ 3086.652389] Allocated by task 119539:
[ 3086.652784] kasan_save_stack+0x1e/0x40
[ 3086.653187] __kasan_kmalloc+0x81/0xa0
[ 3086.653589] ksize_unpoisons_memory+0x9a/0x300 [test_kasan]
[ 3086.654151] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3086.654656] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3086.655311] kthread+0x2a7/0x350
[ 3086.655737] ret_from_fork+0x22/0x30
[ 3086.656362] The buggy address belongs to the object at ffff88810607e000
which belongs to the cache kmalloc-128 of size 128
[ 3086.657800] The buggy address is located 0 bytes to the right of
128-byte region [ffff88810607e000, ffff88810607e080)
[ 3086.659242] The buggy address belongs to the physical page:
[ 3086.659891] page:0000000012784b42 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10607e
[ 3086.660851] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff)
[ 3086.661531] raw: 0017ffffc0000200 ffffea000149a940 dead000000000003 ffff8881000418c0
[ 3086.662373] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[ 3086.663172] page dumped because: kasan: bad access detected
[ 3086.664075] Memory state around the buggy address:
[ 3086.664647] ffff88810607df80: fc fc fc fc 00 fc fc fc fc 00 fc fc fc fc fc fc
[ 3086.665442] ffff88810607e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 3086.666247] >ffff88810607e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 3086.667003] ^
[ 3086.667318] ffff88810607e100: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc
[ 3086.668004] ffff88810607e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 3086.668731] ==================================================================
[ 3086.669803] ok 37 - ksize_unpoisons_memory
[ 3086.671320] ==================================================================
[ 3086.672662] BUG: KASAN: use-after-free in ksize_uaf+0x1ad/0x4a0 [test_kasan]
[ 3086.673410] Read of size 1 at addr ffff8880526a5500 by task kunit_try_catch/119540
[ 3086.674338] CPU: 0 PID: 119540 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-256.1991_766543265.el9.x86_64+debug #1
[ 3086.675661] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 3086.676263] Call Trace:
[ 3086.676537]
[ 3086.676772] ? ksize_uaf+0x1ad/0x4a0 [test_kasan]
[ 3086.677256] dump_stack_lvl+0x57/0x81
[ 3086.677626] print_address_description.constprop.0+0x1f/0x1e0
[ 3086.678183] ? ksize_uaf+0x1ad/0x4a0 [test_kasan]
[ 3086.678652] print_report.cold+0x5c/0x237
[ 3086.679053] kasan_report+0xc9/0x100
[ 3086.679408] ? ksize_uaf+0x1ad/0x4a0 [test_kasan]
[ 3086.679935] ? ksize_uaf+0x1ad/0x4a0 [test_kasan]
[ 3086.680395] __kasan_check_byte+0x36/0x50
[ 3086.680836] ksize+0x1b/0x50
[ 3086.681156] ksize_uaf+0x1ad/0x4a0 [test_kasan]
[ 3086.681608] ? kmem_cache_oob+0x2e0/0x2e0 [test_kasan]
[ 3086.682099] ? do_raw_spin_trylock+0xb5/0x180
[ 3086.682529] ? do_raw_spin_lock+0x270/0x270
[ 3086.682946] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 3086.683483] ? kunit_add_resource+0x197/0x280 [kunit]
[ 3086.683976] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3086.684656] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 3086.685268] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3086.685923] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 3086.686410] kthread+0x2a7/0x350
[ 3086.686783] ? kthread_complete_and_exit+0x20/0x20
[ 3086.687270] ret_from_fork+0x22/0x30
[ 3086.687677]
[ 3086.688133] Allocated by task 119540:
[ 3086.688487] kasan_save_stack+0x1e/0x40
[ 3086.688861] __kasan_kmalloc+0x81/0xa0
[ 3086.689236] ksize_uaf+0x9a/0x4a0 [test_kasan]
[ 3086.689742] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3086.690269] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3086.690960] kthread+0x2a7/0x350
[ 3086.691285] ret_from_fork+0x22/0x30
[ 3086.691994] Freed by task 119540:
[ 3086.692326] kasan_save_stack+0x1e/0x40
[ 3086.692713] kasan_set_track+0x21/0x30
[ 3086.693079] kasan_set_free_info+0x20/0x40
[ 3086.693510] __kasan_slab_free+0x108/0x170
[ 3086.694043] slab_free_freelist_hook+0x11d/0x1d0
[ 3086.694623] kfree+0xe2/0x3c0
[ 3086.694989] ksize_uaf+0x137/0x4a0 [test_kasan]
[ 3086.695572] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3086.696124] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3086.696831] kthread+0x2a7/0x350
[ 3086.697238] ret_from_fork+0x22/0x30
[ 3086.697904] Last potentially related work creation:
[ 3086.698435] kasan_save_stack+0x1e/0x40
[ 3086.698869] __kasan_record_aux_stack+0x96/0xb0
[ 3086.699355] kvfree_call_rcu+0x7d/0x840
[ 3086.699827] dma_resv_fini+0x38/0x50
[ 3086.700228] drm_gem_object_release+0x73/0x100 [drm]
[ 3086.700786] qxl_ttm_bo_destroy+0x17f/0x200 [qxl]
[ 3086.701275] ttm_bo_release+0x68b/0xbc0 [ttm]
[ 3086.701783] ttm_bo_delayed_delete+0x312/0x550 [ttm]
[ 3086.702307] ttm_device_delayed_workqueue+0x18/0x70 [ttm]
[ 3086.702879] process_one_work+0x8e5/0x1520
[ 3086.703358] worker_thread+0x59e/0xf90
[ 3086.703776] kthread+0x2a7/0x350
[ 3086.704169] ret_from_fork+0x22/0x30
[ 3086.704744] The buggy address belongs to the object at ffff8880526a5500
which belongs to the cache kmalloc-128 of size 128
[ 3086.705952] The buggy address is located 0 bytes inside of
128-byte region [ffff8880526a5500, ffff8880526a5580)
[ 3086.707244] The buggy address belongs to the physical page:
[ 3086.707776] page:0000000058e93a66 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x526a5
[ 3086.708641] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 3086.709281] raw: 000fffffc0000200 ffffea000426adc0 dead000000000002 ffff8881000418c0
[ 3086.710068] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[ 3086.710854] page dumped because: kasan: bad access detected
[ 3086.711552] Memory state around the buggy address:
[ 3086.712008] ffff8880526a5400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 3086.712681] ffff8880526a5480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 3086.713359] >ffff8880526a5500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 3086.714070] ^
[ 3086.714353] ffff8880526a5580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 3086.715078] ffff8880526a5600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 3086.716292] ==================================================================
[ 3086.718197] ==================================================================
[ 3086.719892] BUG: KASAN: use-after-free in ksize_uaf+0x47d/0x4a0 [test_kasan]
[ 3086.721510] Read of size 1 at addr ffff8880526a5500 by task kunit_try_catch/119540
[ 3086.723704] CPU: 0 PID: 119540 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-256.1991_766543265.el9.x86_64+debug #1
[ 3086.726726] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 3086.727907] Call Trace:
[ 3086.728414]
[ 3086.728850] ? ksize_uaf+0x47d/0x4a0 [test_kasan]
[ 3086.729759] dump_stack_lvl+0x57/0x81
[ 3086.730473] print_address_description.constprop.0+0x1f/0x1e0
[ 3086.731577] ? ksize_uaf+0x47d/0x4a0 [test_kasan]
[ 3086.732500] print_report.cold+0x5c/0x237
[ 3086.733274] kasan_report+0xc9/0x100
[ 3086.733982] ? ksize_uaf+0x47d/0x4a0 [test_kasan]
[ 3086.734893] ksize_uaf+0x47d/0x4a0 [test_kasan]
[ 3086.735772] ? kmem_cache_oob+0x2e0/0x2e0 [test_kasan]
[ 3086.736755] ? do_raw_spin_trylock+0xb5/0x180
[ 3086.737612] ? do_raw_spin_lock+0x270/0x270
[ 3086.738412] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 3086.739407] ? kunit_add_resource+0x197/0x280 [kunit]
[ 3086.740315] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3086.741203] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 3086.742110] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3086.743186] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 3086.744102] kthread+0x2a7/0x350
[ 3086.744712] ? kthread_complete_and_exit+0x20/0x20
[ 3086.745573] ret_from_fork+0x22/0x30
[ 3086.746233]
[ 3086.746958] Allocated by task 119540:
[ 3086.747641] kasan_save_stack+0x1e/0x40
[ 3086.748307] __kasan_kmalloc+0x81/0xa0
[ 3086.748962] ksize_uaf+0x9a/0x4a0 [test_kasan]
[ 3086.749715] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3086.750546] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3086.751557] kthread+0x2a7/0x350
[ 3086.752222] ret_from_fork+0x22/0x30
[ 3086.753131] Freed by task 119540:
[ 3086.753701] kasan_save_stack+0x1e/0x40
[ 3086.754426] kasan_set_track+0x21/0x30
[ 3086.755070] kasan_set_free_info+0x20/0x40
[ 3086.755767] __kasan_slab_free+0x108/0x170
[ 3086.756446] slab_free_freelist_hook+0x11d/0x1d0
[ 3086.757223] kfree+0xe2/0x3c0
[ 3086.757748] ksize_uaf+0x137/0x4a0 [test_kasan]
[ 3086.758520] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3086.759329] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3086.760277] kthread+0x2a7/0x350
[ 3086.760818] ret_from_fork+0x22/0x30
[ 3086.761660] Last potentially related work creation:
[ 3086.762417] kasan_save_stack+0x1e/0x40
[ 3086.763030] __kasan_record_aux_stack+0x96/0xb0
[ 3086.763757] kvfree_call_rcu+0x7d/0x840
[ 3086.764362] dma_resv_fini+0x38/0x50
[ 3086.764941] drm_gem_object_release+0x73/0x100 [drm]
[ 3086.765792] qxl_ttm_bo_destroy+0x17f/0x200 [qxl]
[ 3086.766544] ttm_bo_release+0x68b/0xbc0 [ttm]
[ 3086.767242] ttm_bo_delayed_delete+0x312/0x550 [ttm]
[ 3086.768036] ttm_device_delayed_workqueue+0x18/0x70 [ttm]
[ 3086.768903] process_one_work+0x8e5/0x1520
[ 3086.769520] worker_thread+0x59e/0xf90
[ 3086.770082] kthread+0x2a7/0x350
[ 3086.770579] ret_from_fork+0x22/0x30
[ 3086.771372] The buggy address belongs to the object at ffff8880526a5500
which belongs to the cache kmalloc-128 of size 128
[ 3086.773145] The buggy address is located 0 bytes inside of
128-byte region [ffff8880526a5500, ffff8880526a5580)
[ 3086.775058] The buggy address belongs to the physical page:
[ 3086.775874] page:0000000058e93a66 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x526a5
[ 3086.777212] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 3086.778226] raw: 000fffffc0000200 ffffea000426adc0 dead000000000002 ffff8881000418c0
[ 3086.779322] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[ 3086.780388] page dumped because: kasan: bad access detected
[ 3086.781399] Memory state around the buggy address:
[ 3086.782122] ffff8880526a5400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 3086.782856] ffff8880526a5480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 3086.783570] >ffff8880526a5500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 3086.784284] ^
[ 3086.784642] ffff8880526a5580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 3086.785361] ffff8880526a5600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 3086.786069] ==================================================================
[ 3086.786921] ==================================================================
[ 3086.787729] BUG: KASAN: use-after-free in ksize_uaf+0x470/0x4a0 [test_kasan]
[ 3086.788431] Read of size 1 at addr ffff8880526a5578 by task kunit_try_catch/119540
[ 3086.789365] CPU: 0 PID: 119540 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-256.1991_766543265.el9.x86_64+debug #1
[ 3086.790711] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 3086.791235] Call Trace:
[ 3086.791468]
[ 3086.791720] ? ksize_uaf+0x470/0x4a0 [test_kasan]
[ 3086.792294] dump_stack_lvl+0x57/0x81
[ 3086.792678] print_address_description.constprop.0+0x1f/0x1e0
[ 3086.793259] ? ksize_uaf+0x470/0x4a0 [test_kasan]
[ 3086.793743] print_report.cold+0x5c/0x237
[ 3086.794151] kasan_report+0xc9/0x100
[ 3086.794609] ? ksize_uaf+0x470/0x4a0 [test_kasan]
[ 3086.795230] ksize_uaf+0x470/0x4a0 [test_kasan]
[ 3086.795772] ? kmem_cache_oob+0x2e0/0x2e0 [test_kasan]
[ 3086.796410] ? do_raw_spin_trylock+0xb5/0x180
[ 3086.796967] ? do_raw_spin_lock+0x270/0x270
[ 3086.797423] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 3086.798173] ? kunit_add_resource+0x197/0x280 [kunit]
[ 3086.798786] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3086.799413] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 3086.800048] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3086.800827] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 3086.801393] kthread+0x2a7/0x350
[ 3086.801746] ? kthread_complete_and_exit+0x20/0x20
[ 3086.802232] ret_from_fork+0x22/0x30
[ 3086.802617]
[ 3086.803059] Allocated by task 119540:
[ 3086.803470] kasan_save_stack+0x1e/0x40
[ 3086.803876] __kasan_kmalloc+0x81/0xa0
[ 3086.804271] ksize_uaf+0x9a/0x4a0 [test_kasan]
[ 3086.804855] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3086.805432] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3086.806146] kthread+0x2a7/0x350
[ 3086.806494] ret_from_fork+0x22/0x30
[ 3086.807037] Freed by task 119540:
[ 3086.807385] kasan_save_stack+0x1e/0x40
[ 3086.807838] kasan_set_track+0x21/0x30
[ 3086.808276] kasan_set_free_info+0x20/0x40
[ 3086.808720] __kasan_slab_free+0x108/0x170
[ 3086.809136] slab_free_freelist_hook+0x11d/0x1d0
[ 3086.809658] kfree+0xe2/0x3c0
[ 3086.810012] ksize_uaf+0x137/0x4a0 [test_kasan]
[ 3086.810483] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3086.810987] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3086.811732] kthread+0x2a7/0x350
[ 3086.812107] ret_from_fork+0x22/0x30
[ 3086.812670] Last potentially related work creation:
[ 3086.813171] kasan_save_stack+0x1e/0x40
[ 3086.813583] __kasan_record_aux_stack+0x96/0xb0
[ 3086.814052] kvfree_call_rcu+0x7d/0x840
[ 3086.814448] dma_resv_fini+0x38/0x50
[ 3086.814839] drm_gem_object_release+0x73/0x100 [drm]
[ 3086.815382] qxl_ttm_bo_destroy+0x17f/0x200 [qxl]
[ 3086.815880] ttm_bo_release+0x68b/0xbc0 [ttm]
[ 3086.816338] ttm_bo_delayed_delete+0x312/0x550 [ttm]
[ 3086.816864] ttm_device_delayed_workqueue+0x18/0x70 [ttm]
[ 3086.817422] process_one_work+0x8e5/0x1520
[ 3086.817853] worker_thread+0x59e/0xf90
[ 3086.818252] kthread+0x2a7/0x350
[ 3086.818615] ret_from_fork+0x22/0x30
[ 3086.819178] The buggy address belongs to the object at ffff8880526a5500
which belongs to the cache kmalloc-128 of size 128
[ 3086.820509] The buggy address is located 120 bytes inside of
128-byte region [ffff8880526a5500, ffff8880526a5580)
[ 3086.822183] The buggy address belongs to the physical page:
[ 3086.822885] page:0000000058e93a66 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x526a5
[ 3086.823834] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 3086.824536] raw: 000fffffc0000200 ffffea000426adc0 dead000000000002 ffff8881000418c0
[ 3086.825318] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[ 3086.826105] page dumped because: kasan: bad access detected
[ 3086.826888] Memory state around the buggy address:
[ 3086.827436] ffff8880526a5400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 3086.828300] ffff8880526a5480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 3086.829137] >ffff8880526a5500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 3086.829898] ^
[ 3086.831075] ffff8880526a5580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 3086.832071] ffff8880526a5600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 3086.833007] ==================================================================
[ 3086.835527] ok 38 - ksize_uaf
[ 3086.838542] ==================================================================
[ 3086.839666] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x152/0x400
[ 3086.840635] CPU: 0 PID: 119541 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-256.1991_766543265.el9.x86_64+debug #1
[ 3086.842220] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 3086.842832] Call Trace:
[ 3086.843099]
[ 3086.843329] dump_stack_lvl+0x57/0x81
[ 3086.843724] print_address_description.constprop.0+0x1f/0x1e0
[ 3086.844331] print_report.cold+0x5c/0x237
[ 3086.844769] ? kmem_cache_free+0x152/0x400
[ 3086.845194] ? kmem_cache_free+0x152/0x400
[ 3086.845634] kasan_report_invalid_free+0x99/0xc0
[ 3086.846119] ? kmem_cache_free+0x152/0x400
[ 3086.846560] ? kmem_cache_free+0x152/0x400
[ 3086.846982] __kasan_slab_free+0x152/0x170
[ 3086.847433] slab_free_freelist_hook+0x11d/0x1d0
[ 3086.847942] ? kmem_cache_double_free+0x1bd/0x280 [test_kasan]
[ 3086.848559] kmem_cache_free+0x152/0x400
[ 3086.848973] kmem_cache_double_free+0x1bd/0x280 [test_kasan]
[ 3086.849607] ? kmem_cache_invalid_free+0x280/0x280 [test_kasan]
[ 3086.850243] ? do_raw_spin_trylock+0xb5/0x180
[ 3086.850772] ? do_raw_spin_lock+0x270/0x270
[ 3086.851334] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 3086.852012] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 3086.852527] ? kunit_add_resource+0x197/0x280 [kunit]
[ 3086.853063] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3086.853585] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 3086.854122] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3086.854760] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 3086.855310] kthread+0x2a7/0x350
[ 3086.855666] ? kthread_complete_and_exit+0x20/0x20
[ 3086.856169] ret_from_fork+0x22/0x30
[ 3086.856607]
[ 3086.857025] Allocated by task 119541:
[ 3086.857410] kasan_save_stack+0x1e/0x40
[ 3086.857815] __kasan_slab_alloc+0x66/0x80
[ 3086.858231] kmem_cache_alloc+0x161/0x310
[ 3086.859410] kmem_cache_double_free+0x123/0x280 [test_kasan]
[ 3086.859995] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3086.860508] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3086.861130] kthread+0x2a7/0x350
[ 3086.861577] ret_from_fork+0x22/0x30
[ 3086.862187] Freed by task 119541:
[ 3086.862548] kasan_save_stack+0x1e/0x40
[ 3086.862920] kasan_set_track+0x21/0x30
[ 3086.863280] kasan_set_free_info+0x20/0x40
[ 3086.863683] __kasan_slab_free+0x108/0x170
[ 3086.864080] slab_free_freelist_hook+0x11d/0x1d0
[ 3086.864550] kmem_cache_free+0x152/0x400
[ 3086.864991] kmem_cache_double_free+0x144/0x280 [test_kasan]
[ 3086.865603] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3086.866117] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3086.866830] kthread+0x2a7/0x350
[ 3086.867203] ret_from_fork+0x22/0x30
[ 3086.867818] The buggy address belongs to the object at ffff88800c826528
which belongs to the cache test_cache of size 200
[ 3086.869207] The buggy address is located 0 bytes inside of
200-byte region [ffff88800c826528, ffff88800c8265f0)
[ 3086.870694] The buggy address belongs to the physical page:
[ 3086.871210] page:0000000034b36620 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xc826
[ 3086.872237] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 3086.872939] raw: 000fffffc0000200 0000000000000000 dead000000000122 ffff88800c861140
[ 3086.873700] raw: 0000000000000000 00000000800f000f 00000001ffffffff 0000000000000000
[ 3086.874443] page dumped because: kasan: bad access detected
[ 3086.875132] Memory state around the buggy address:
[ 3086.875716] ffff88800c826400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 3086.876503] ffff88800c826480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 3086.877269] >ffff88800c826500: fc fc fc fc fc fa fb fb fb fb fb fb fb fb fb fb
[ 3086.878058] ^
[ 3086.878578] ffff88800c826580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
[ 3086.879319] ffff88800c826600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 3086.880116] ==================================================================
[ 3086.943537] ok 39 - kmem_cache_double_free
[ 3086.945698] ==================================================================
[ 3086.946900] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x152/0x400
[ 3086.947850] CPU: 0 PID: 119542 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-256.1991_766543265.el9.x86_64+debug #1
[ 3086.949252] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 3086.949818] Call Trace:
[ 3086.950072]
[ 3086.950284] dump_stack_lvl+0x57/0x81
[ 3086.950691] print_address_description.constprop.0+0x1f/0x1e0
[ 3086.951283] print_report.cold+0x5c/0x237
[ 3086.951670] ? kmem_cache_free+0x152/0x400
[ 3086.952109] ? kmem_cache_free+0x152/0x400
[ 3086.952569] kasan_report_invalid_free+0x99/0xc0
[ 3086.953042] ? kmem_cache_free+0x152/0x400
[ 3086.953431] ? kmem_cache_free+0x152/0x400
[ 3086.953835] __kasan_slab_free+0x152/0x170
[ 3086.954232] slab_free_freelist_hook+0x11d/0x1d0
[ 3086.954730] ? kmem_cache_invalid_free+0x1b6/0x280 [test_kasan]
[ 3086.955339] kmem_cache_free+0x152/0x400
[ 3086.955722] kmem_cache_invalid_free+0x1b6/0x280 [test_kasan]
[ 3086.956278] ? kmem_cache_double_destroy+0x250/0x250 [test_kasan]
[ 3086.956906] ? do_raw_spin_trylock+0xb5/0x180
[ 3086.957336] ? do_raw_spin_lock+0x270/0x270
[ 3086.957787] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 3086.958366] ? _raw_spin_unlock_irqrestore+0x42/0x70
[ 3086.958908] ? kunit_add_resource+0x197/0x280 [kunit]
[ 3086.959389] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3086.959913] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 3086.960401] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3086.961042] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 3086.961603] kthread+0x2a7/0x350
[ 3086.961968] ? kthread_complete_and_exit+0x20/0x20
[ 3086.962456] ret_from_fork+0x22/0x30
[ 3086.962820]
[ 3086.963315] Allocated by task 119542:
[ 3086.963954] kasan_save_stack+0x1e/0x40
[ 3086.964362] __kasan_slab_alloc+0x66/0x80
[ 3086.964784] kmem_cache_alloc+0x161/0x310
[ 3086.965145] kmem_cache_invalid_free+0x126/0x280 [test_kasan]
[ 3086.965700] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3086.966149] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3086.966739] kthread+0x2a7/0x350
[ 3086.967071] ret_from_fork+0x22/0x30
[ 3086.967628] The buggy address belongs to the object at ffff88805530c840
which belongs to the cache test_cache of size 200
[ 3086.969064] The buggy address is located 1 bytes inside of
200-byte region [ffff88805530c840, ffff88805530c908)
[ 3086.970636] The buggy address belongs to the physical page:
[ 3086.971254] page:00000000f1fae485 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5530c
[ 3086.972251] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 3086.972964] raw: 000fffffc0000200 0000000000000000 dead000000000122 ffff88800c861dc0
[ 3086.973714] raw: 0000000000000000 00000000800f000f 00000001ffffffff 0000000000000000
[ 3086.974456] page dumped because: kasan: bad access detected
[ 3086.975150] Memory state around the buggy address:
[ 3086.975608] ffff88805530c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 3086.976294] ffff88805530c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 3086.977146] >ffff88805530c800: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[ 3086.977939] ^
[ 3086.978483] ffff88805530c880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 3086.979250] ffff88805530c900: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 3086.979928] ==================================================================
[ 3087.027338] ok 40 - kmem_cache_invalid_free
[ 3087.030206] ==================================================================
[ 3087.031578] BUG: KASAN: use-after-free in kmem_cache_double_destroy+0x1a0/0x250 [test_kasan]
[ 3087.032431] Read of size 1 at addr ffff88800c861280 by task kunit_try_catch/119543
[ 3087.033328] CPU: 0 PID: 119543 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-256.1991_766543265.el9.x86_64+debug #1
[ 3087.034615] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 3087.035187] Call Trace:
[ 3087.035442]
[ 3087.035666] ? kmem_cache_double_destroy+0x1a0/0x250 [test_kasan]
[ 3087.036243] dump_stack_lvl+0x57/0x81
[ 3087.036610] print_address_description.constprop.0+0x1f/0x1e0
[ 3087.037160] ? kmem_cache_double_destroy+0x1a0/0x250 [test_kasan]
[ 3087.037756] print_report.cold+0x5c/0x237
[ 3087.038145] kasan_report+0xc9/0x100
[ 3087.038528] ? kmem_cache_free+0x110/0x400
[ 3087.038963] ? kmem_cache_double_destroy+0x1a0/0x250 [test_kasan]
[ 3087.039545] ? kmem_cache_double_destroy+0x1a0/0x250 [test_kasan]
[ 3087.040134] __kasan_check_byte+0x36/0x50
[ 3087.040514] kmem_cache_destroy+0x21/0x170
[ 3087.040922] kmem_cache_double_destroy+0x1a0/0x250 [test_kasan]
[ 3087.041501] ? kmalloc_oob_right+0x510/0x510 [test_kasan]
[ 3087.042011] ? do_raw_spin_trylock+0xb5/0x180
[ 3087.042440] ? do_raw_spin_lock+0x270/0x270
[ 3087.042906] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 3087.043516] ? kunit_add_resource+0x197/0x280 [kunit]
[ 3087.044035] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3087.044594] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 3087.045140] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3087.045720] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 3087.046206] kthread+0x2a7/0x350
[ 3087.046535] ? kthread_complete_and_exit+0x20/0x20
[ 3087.046993] ret_from_fork+0x22/0x30
[ 3087.047347]
[ 3087.047815] Allocated by task 119543:
[ 3087.048234] kasan_save_stack+0x1e/0x40
[ 3087.048611] __kasan_slab_alloc+0x66/0x80
[ 3087.048991] kmem_cache_alloc+0x161/0x310
[ 3087.049375] kmem_cache_create_usercopy+0x1b9/0x310
[ 3087.049880] kmem_cache_create+0x12/0x20
[ 3087.050280] kmem_cache_double_destroy+0x8d/0x250 [test_kasan]
[ 3087.050897] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3087.051414] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3087.052181] kthread+0x2a7/0x350
[ 3087.052512] ret_from_fork+0x22/0x30
[ 3087.053031] Freed by task 119543:
[ 3087.053362] kasan_save_stack+0x1e/0x40
[ 3087.053747] kasan_set_track+0x21/0x30
[ 3087.054112] kasan_set_free_info+0x20/0x40
[ 3087.054505] __kasan_slab_free+0x108/0x170
[ 3087.054904] slab_free_freelist_hook+0x11d/0x1d0
[ 3087.055346] kmem_cache_free+0x152/0x400
[ 3087.055770] kobject_cleanup+0x104/0x390
[ 3087.056222] kmem_cache_double_destroy+0x12a/0x250 [test_kasan]
[ 3087.056813] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3087.057290] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3087.057871] kthread+0x2a7/0x350
[ 3087.058193] ret_from_fork+0x22/0x30
[ 3087.058740] The buggy address belongs to the object at ffff88800c861280
which belongs to the cache kmem_cache of size 240
[ 3087.060124] The buggy address is located 0 bytes inside of
240-byte region [ffff88800c861280, ffff88800c861370)
[ 3087.061403] The buggy address belongs to the physical page:
[ 3087.061998] page:0000000042f2635f refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xc861
[ 3087.062892] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 3087.063559] raw: 000fffffc0000200 0000000000000000 dead000000000122 ffff888100041000
[ 3087.064376] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[ 3087.065306] page dumped because: kasan: bad access detected
[ 3087.066032] Memory state around the buggy address:
[ 3087.066517] ffff88800c861180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 3087.067218] ffff88800c861200: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc
[ 3087.067959] >ffff88800c861280: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 3087.068638] ^
[ 3087.068958] ffff88800c861300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
[ 3087.069722] ffff88800c861380: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[ 3087.070519] ==================================================================
[ 3087.073335] ok 41 - kmem_cache_double_destroy
[ 3087.075348] ok 42 - kasan_memchr # SKIP Test requires CONFIG_AMD_MEM_ENCRYPT=n
[ 3087.077406] ok 43 - kasan_memcmp # SKIP Test requires CONFIG_AMD_MEM_ENCRYPT=n
[ 3087.080300] ok 44 - kasan_strings # SKIP Test requires CONFIG_AMD_MEM_ENCRYPT=n
[ 3087.083313] ==================================================================
[ 3087.084724] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0xff/0x850 [test_kasan]
[ 3087.085631] Write of size 8 at addr ffff888007867d08 by task kunit_try_catch/119547
[ 3087.086503] CPU: 0 PID: 119547 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-256.1991_766543265.el9.x86_64+debug #1
[ 3087.092445] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 3087.093029] Call Trace:
[ 3087.093308]
[ 3087.093588] ? kasan_bitops_modify.constprop.0+0xff/0x850 [test_kasan]
[ 3087.094252] dump_stack_lvl+0x57/0x81
[ 3087.094648] print_address_description.constprop.0+0x1f/0x1e0
[ 3087.095228] ? kasan_bitops_modify.constprop.0+0xff/0x850 [test_kasan]
[ 3087.095851] print_report.cold+0x5c/0x237
[ 3087.096252] kasan_report+0xc9/0x100
[ 3087.096618] ? kasan_bitops_modify.constprop.0+0xff/0x850 [test_kasan]
[ 3087.097237] kasan_check_range+0xfd/0x1e0
[ 3087.097686] kasan_bitops_modify.constprop.0+0xff/0x850 [test_kasan]
[ 3087.098347] ? kasan_test_init+0x50/0x50 [test_kasan]
[ 3087.098854] ? kunit_kfree+0x200/0x200 [kunit]
[ 3087.099332] ? rcu_read_lock_sched_held+0x12/0x80
[ 3087.099833] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 3087.100438] ? rcu_read_lock_held+0x30/0x50
[ 3087.100992] ? trace_kmalloc+0x3c/0x100
[ 3087.101446] ? kmem_cache_alloc_trace+0x1af/0x320
[ 3087.102089] kasan_bitops_generic+0xfa/0x164 [test_kasan]
[ 3087.102700] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan]
[ 3087.103434] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit]
[ 3087.104018] ? kunit_add_resource+0x197/0x280 [kunit]
[ 3087.104638] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3087.105182] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 3087.105827] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3087.106491] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 3087.107020] kthread+0x2a7/0x350
[ 3087.107343] ? kthread_complete_and_exit+0x20/0x20
[ 3087.107864] ret_from_fork+0x22/0x30
[ 3087.108262]
[ 3087.108664] Allocated by task 119547:
[ 3087.109024] kasan_save_stack+0x1e/0x40
[ 3087.109498] __kasan_kmalloc+0x81/0xa0
[ 3087.109992] kasan_bitops_generic+0x86/0x164 [test_kasan]
[ 3087.110575] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3087.111038] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3087.111791] kthread+0x2a7/0x350
[ 3087.112139] ret_from_fork+0x22/0x30
[ 3087.112726] The buggy address belongs to the object at ffff888007867d00
which belongs to the cache kmalloc-16 of size 16
[ 3087.113943] The buggy address is located 8 bytes inside of
16-byte region [ffff888007867d00, ffff888007867d10)
[ 3087.115764] The buggy address belongs to the physical page:
[ 3087.116810] page:00000000ef9d5931 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7867
[ 3087.118930] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 3087.120486] raw: 000fffffc0000200 dead000000000100 dead000000000122 ffff8881000413c0
[ 3087.122232] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000
[ 3087.123960] page dumped because: kasan: bad access detected
[ 3087.125628] Memory state around the buggy address:
[ 3087.126648] ffff888007867c00: fb fb fc fc 00 00 fc fc 00 00 fc fc fb fb fc fc
[ 3087.128003] ffff888007867c80: 00 00 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 3087.129342] >ffff888007867d00: 00 01 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 3087.130710] ^
[ 3087.131384] ffff888007867d80: 00 00 fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc
[ 3087.132738] ffff888007867e00: 00 00 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 3087.134084] ==================================================================
[ 3087.136132] ==================================================================
[ 3087.137451] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x1a4/0x850 [test_kasan]
[ 3087.139061] Write of size 8 at addr ffff888007867d08 by task kunit_try_catch/119547
[ 3087.140692] CPU: 0 PID: 119547 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-256.1991_766543265.el9.x86_64+debug #1
[ 3087.143166] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 3087.144178] Call Trace:
[ 3087.144640]
[ 3087.145040] ? kasan_bitops_modify.constprop.0+0x1a4/0x850 [test_kasan]
[ 3087.146195] dump_stack_lvl+0x57/0x81
[ 3087.146868] print_address_description.constprop.0+0x1f/0x1e0
[ 3087.147891] ? kasan_bitops_modify.constprop.0+0x1a4/0x850 [test_kasan]
[ 3087.148976] print_report.cold+0x5c/0x237
[ 3087.149658] kasan_report+0xc9/0x100
[ 3087.150267] ? kasan_bitops_modify.constprop.0+0x1a4/0x850 [test_kasan]
[ 3087.151355] kasan_check_range+0xfd/0x1e0
[ 3087.152036] kasan_bitops_modify.constprop.0+0x1a4/0x850 [test_kasan]
[ 3087.153100] ? kasan_test_init+0x50/0x50 [test_kasan]
[ 3087.153995] ? kunit_kfree+0x200/0x200 [kunit]
[ 3087.154765] ? rcu_read_lock_sched_held+0x12/0x80
[ 3087.155560] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 3087.156481] ? rcu_read_lock_held+0x30/0x50
[ 3087.157176] ? trace_kmalloc+0x3c/0x100
[ 3087.157834] ? kmem_cache_alloc_trace+0x1af/0x320
[ 3087.158631] kasan_bitops_generic+0xfa/0x164 [test_kasan]
[ 3087.159509] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan]
[ 3087.160650] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit]
[ 3087.161542] ? kunit_add_resource+0x197/0x280 [kunit]
[ 3087.162335] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3087.163105] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 3087.163903] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3087.164867] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 3087.165674] kthread+0x2a7/0x350
[ 3087.166196] ? kthread_complete_and_exit+0x20/0x20
[ 3087.166955] ret_from_fork+0x22/0x30
[ 3087.167543]
[ 3087.168181] Allocated by task 119547:
[ 3087.168765] kasan_save_stack+0x1e/0x40
[ 3087.169374] __kasan_kmalloc+0x81/0xa0
[ 3087.169962] kasan_bitops_generic+0x86/0x164 [test_kasan]
[ 3087.170758] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3087.171485] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3087.172509] kthread+0x2a7/0x350
[ 3087.173000] ret_from_fork+0x22/0x30
[ 3087.173798] The buggy address belongs to the object at ffff888007867d00
which belongs to the cache kmalloc-16 of size 16
[ 3087.175548] The buggy address is located 8 bytes inside of
16-byte region [ffff888007867d00, ffff888007867d10)
[ 3087.177436] The buggy address belongs to the physical page:
[ 3087.178255] page:00000000ef9d5931 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7867
[ 3087.179591] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 3087.180575] raw: 000fffffc0000200 dead000000000100 dead000000000122 ffff8881000413c0
[ 3087.181634] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000
[ 3087.182690] page dumped because: kasan: bad access detected
[ 3087.183699] Memory state around the buggy address:
[ 3087.184365] ffff888007867c00: fb fb fc fc 00 00 fc fc 00 00 fc fc fb fb fc fc
[ 3087.185357] ffff888007867c80: 00 00 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 3087.186353] >ffff888007867d00: 00 01 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 3087.187344] ^
[ 3087.187850] ffff888007867d80: 00 00 fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc
[ 3087.188847] ffff888007867e00: 00 00 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 3087.189841] ==================================================================
[ 3087.190826] ==================================================================
[ 3087.191787] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x24d/0x850 [test_kasan]
[ 3087.193002] Write of size 8 at addr ffff888007867d08 by task kunit_try_catch/119547
[ 3087.194232] CPU: 0 PID: 119547 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-256.1991_766543265.el9.x86_64+debug #1
[ 3087.196001] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 3087.196772] Call Trace:
[ 3087.197115]
[ 3087.197417] ? kasan_bitops_modify.constprop.0+0x24d/0x850 [test_kasan]
[ 3087.198291] dump_stack_lvl+0x57/0x81
[ 3087.198802] print_address_description.constprop.0+0x1f/0x1e0
[ 3087.199572] ? kasan_bitops_modify.constprop.0+0x24d/0x850 [test_kasan]
[ 3087.200308] print_report.cold+0x5c/0x237
[ 3087.200694] kasan_report+0xc9/0x100
[ 3087.201036] ? kasan_bitops_modify.constprop.0+0x24d/0x850 [test_kasan]
[ 3087.201757] kasan_check_range+0xfd/0x1e0
[ 3087.202137] kasan_bitops_modify.constprop.0+0x24d/0x850 [test_kasan]
[ 3087.202738] ? kasan_test_init+0x50/0x50 [test_kasan]
[ 3087.203211] ? kunit_kfree+0x200/0x200 [kunit]
[ 3087.203639] ? rcu_read_lock_sched_held+0x12/0x80
[ 3087.204083] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 3087.204603] ? rcu_read_lock_held+0x30/0x50
[ 3087.204994] ? trace_kmalloc+0x3c/0x100
[ 3087.205356] ? kmem_cache_alloc_trace+0x1af/0x320
[ 3087.205804] kasan_bitops_generic+0xfa/0x164 [test_kasan]
[ 3087.206310] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan]
[ 3087.206994] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit]
[ 3087.207525] ? kunit_add_resource+0x197/0x280 [kunit]
[ 3087.208004] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3087.208462] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 3087.208940] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3087.209509] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 3087.209988] kthread+0x2a7/0x350
[ 3087.210302] ? kthread_complete_and_exit+0x20/0x20
[ 3087.210783] ret_from_fork+0x22/0x30
[ 3087.211149]
[ 3087.211532] Allocated by task 119547:
[ 3087.211878] kasan_save_stack+0x1e/0x40
[ 3087.212238] __kasan_kmalloc+0x81/0xa0
[ 3087.212601] kasan_bitops_generic+0x86/0x164 [test_kasan]
[ 3087.213105] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3087.213568] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3087.214130] kthread+0x2a7/0x350
[ 3087.214442] ret_from_fork+0x22/0x30
[ 3087.214951] The buggy address belongs to the object at ffff888007867d00
which belongs to the cache kmalloc-16 of size 16
[ 3087.216056] The buggy address is located 8 bytes inside of
16-byte region [ffff888007867d00, ffff888007867d10)
[ 3087.217249] The buggy address belongs to the physical page:
[ 3087.217764] page:00000000ef9d5931 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7867
[ 3087.218606] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 3087.219234] raw: 000fffffc0000200 dead000000000100 dead000000000122 ffff8881000413c0
[ 3087.219946] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000
[ 3087.220655] page dumped because: kasan: bad access detected
[ 3087.221325] Memory state around the buggy address:
[ 3087.221779] ffff888007867c00: fb fb fc fc 00 00 fc fc 00 00 fc fc fb fb fc fc
[ 3087.222440] ffff888007867c80: 00 00 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 3087.223107] >ffff888007867d00: 00 01 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 3087.223775] ^
[ 3087.224107] ffff888007867d80: 00 00 fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc
[ 3087.224781] ffff888007867e00: 00 00 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 3087.225442] ==================================================================
[ 3087.226165] ==================================================================
[ 3087.226840] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x2f2/0x850 [test_kasan]
[ 3087.227707] Write of size 8 at addr ffff888007867d08 by task kunit_try_catch/119547
[ 3087.228568] CPU: 0 PID: 119547 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-256.1991_766543265.el9.x86_64+debug #1
[ 3087.229810] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 3087.230342] Call Trace:
[ 3087.230588]
[ 3087.230805] ? kasan_bitops_modify.constprop.0+0x2f2/0x850 [test_kasan]
[ 3087.231415] dump_stack_lvl+0x57/0x81
[ 3087.231868] print_address_description.constprop.0+0x1f/0x1e0
[ 3087.232402] ? kasan_bitops_modify.constprop.0+0x2f2/0x850 [test_kasan]
[ 3087.233020] print_report.cold+0x5c/0x237
[ 3087.233400] kasan_report+0xc9/0x100
[ 3087.233748] ? kasan_bitops_modify.constprop.0+0x2f2/0x850 [test_kasan]
[ 3087.234362] kasan_check_range+0xfd/0x1e0
[ 3087.234748] kasan_bitops_modify.constprop.0+0x2f2/0x850 [test_kasan]
[ 3087.235343] ? kasan_test_init+0x50/0x50 [test_kasan]
[ 3087.235819] ? kunit_kfree+0x200/0x200 [kunit]
[ 3087.236247] ? rcu_read_lock_sched_held+0x12/0x80
[ 3087.236695] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 3087.237211] ? rcu_read_lock_held+0x30/0x50
[ 3087.237607] ? trace_kmalloc+0x3c/0x100
[ 3087.237969] ? kmem_cache_alloc_trace+0x1af/0x320
[ 3087.238411] kasan_bitops_generic+0xfa/0x164 [test_kasan]
[ 3087.238916] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan]
[ 3087.239644] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit]
[ 3087.240175] ? kunit_add_resource+0x197/0x280 [kunit]
[ 3087.240676] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3087.241159] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 3087.241638] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3087.242203] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 3087.242686] kthread+0x2a7/0x350
[ 3087.243000] ? kthread_complete_and_exit+0x20/0x20
[ 3087.243449] ret_from_fork+0x22/0x30
[ 3087.243813]
[ 3087.244193] Allocated by task 119547:
[ 3087.244545] kasan_save_stack+0x1e/0x40
[ 3087.244907] __kasan_kmalloc+0x81/0xa0
[ 3087.245262] kasan_bitops_generic+0x86/0x164 [test_kasan]
[ 3087.245768] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3087.246224] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3087.246792] kthread+0x2a7/0x350
[ 3087.247106] ret_from_fork+0x22/0x30
[ 3087.247610] The buggy address belongs to the object at ffff888007867d00
which belongs to the cache kmalloc-16 of size 16
[ 3087.248719] The buggy address is located 8 bytes inside of
16-byte region [ffff888007867d00, ffff888007867d10)
[ 3087.249917] The buggy address belongs to the physical page:
[ 3087.250429] page:00000000ef9d5931 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7867
[ 3087.251270] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 3087.251902] raw: 000fffffc0000200 dead000000000100 dead000000000122 ffff8881000413c0
[ 3087.252614] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000
[ 3087.253320] page dumped because: kasan: bad access detected
[ 3087.254024] Memory state around the buggy address:
[ 3087.254563] ffff888007867c00: fb fb fc fc 00 00 fc fc 00 00 fc fc fb fb fc fc
[ 3087.255260] ffff888007867c80: 00 00 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 3087.255979] >ffff888007867d00: 00 01 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 3087.256654] ^
[ 3087.256998] ffff888007867d80: 00 00 fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc
[ 3087.257667] ffff888007867e00: 00 00 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 3087.258326] ==================================================================
[ 3087.259004] ==================================================================
[ 3087.259679] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x39b/0x850 [test_kasan]
[ 3087.260529] Write of size 8 at addr ffff888007867d08 by task kunit_try_catch/119547
[ 3087.261383] CPU: 0 PID: 119547 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-256.1991_766543265.el9.x86_64+debug #1
[ 3087.264515] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 3087.265907] Call Trace:
[ 3087.266551]
[ 3087.267126] ? kasan_bitops_modify.constprop.0+0x39b/0x850 [test_kasan]
[ 3087.268726] dump_stack_lvl+0x57/0x81
[ 3087.269515] print_address_description.constprop.0+0x1f/0x1e0
[ 3087.270721] ? kasan_bitops_modify.constprop.0+0x39b/0x850 [test_kasan]
[ 3087.272106] print_report.cold+0x5c/0x237
[ 3087.272992] kasan_report+0xc9/0x100
[ 3087.273762] ? kasan_bitops_modify.constprop.0+0x39b/0x850 [test_kasan]
[ 3087.275127] kasan_check_range+0xfd/0x1e0
[ 3087.275980] kasan_bitops_modify.constprop.0+0x39b/0x850 [test_kasan]
[ 3087.277311] ? kasan_test_init+0x50/0x50 [test_kasan]
[ 3087.278375] ? kunit_kfree+0x200/0x200 [kunit]
[ 3087.279326] ? rcu_read_lock_sched_held+0x12/0x80
[ 3087.280299] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 3087.281383] ? rcu_read_lock_held+0x30/0x50
[ 3087.282207] ? trace_kmalloc+0x3c/0x100
[ 3087.282969] ? kmem_cache_alloc_trace+0x1af/0x320
[ 3087.283918] kasan_bitops_generic+0xfa/0x164 [test_kasan]
[ 3087.284965] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan]
[ 3087.286382] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit]
[ 3087.287519] ? kunit_add_resource+0x197/0x280 [kunit]
[ 3087.288515] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3087.289479] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 3087.290424] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3087.291604] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 3087.292591] kthread+0x2a7/0x350
[ 3087.293199] ? kthread_complete_and_exit+0x20/0x20
[ 3087.294092] ret_from_fork+0x22/0x30
[ 3087.294773]
[ 3087.295524] Allocated by task 119547:
[ 3087.296195] kasan_save_stack+0x1e/0x40
[ 3087.296904] __kasan_kmalloc+0x81/0xa0
[ 3087.297598] kasan_bitops_generic+0x86/0x164 [test_kasan]
[ 3087.298574] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3087.299460] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3087.300587] kthread+0x2a7/0x350
[ 3087.301193] ret_from_fork+0x22/0x30
[ 3087.302142] The buggy address belongs to the object at ffff888007867d00
which belongs to the cache kmalloc-16 of size 16
[ 3087.304200] The buggy address is located 8 bytes inside of
16-byte region [ffff888007867d00, ffff888007867d10)
[ 3087.306402] The buggy address belongs to the physical page:
[ 3087.307317] page:00000000ef9d5931 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7867
[ 3087.308819] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 3087.309962] raw: 000fffffc0000200 dead000000000100 dead000000000122 ffff8881000413c0
[ 3087.311134] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000
[ 3087.312309] page dumped because: kasan: bad access detected
[ 3087.313447] Memory state around the buggy address:
[ 3087.314200] ffff888007867c00: fb fb fc fc 00 00 fc fc 00 00 fc fc fb fb fc fc
[ 3087.315407] ffff888007867c80: 00 00 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 3087.316573] >ffff888007867d00: 00 01 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 3087.317706] ^
[ 3087.318262] ffff888007867d80: 00 00 fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc
[ 3087.319380] ffff888007867e00: 00 00 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 3087.320455] ==================================================================
[ 3087.321549] ==================================================================
[ 3087.322713] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x440/0x850 [test_kasan]
[ 3087.324060] Write of size 8 at addr ffff888007867d08 by task kunit_try_catch/119547
[ 3087.325432] CPU: 0 PID: 119547 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-256.1991_766543265.el9.x86_64+debug #1
[ 3087.327400] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 3087.328249] Call Trace:
[ 3087.328634]
[ 3087.328968] ? kasan_bitops_modify.constprop.0+0x440/0x850 [test_kasan]
[ 3087.329941] dump_stack_lvl+0x57/0x81
[ 3087.330491] print_address_description.constprop.0+0x1f/0x1e0
[ 3087.331295] ? kasan_bitops_modify.constprop.0+0x440/0x850 [test_kasan]
[ 3087.332215] print_report.cold+0x5c/0x237
[ 3087.332801] kasan_report+0xc9/0x100
[ 3087.333314] ? kasan_bitops_modify.constprop.0+0x440/0x850 [test_kasan]
[ 3087.334227] kasan_check_range+0xfd/0x1e0
[ 3087.334797] kasan_bitops_modify.constprop.0+0x440/0x850 [test_kasan]
[ 3087.335702] ? kasan_test_init+0x50/0x50 [test_kasan]
[ 3087.336426] ? kunit_kfree+0x200/0x200 [kunit]
[ 3087.337071] ? rcu_read_lock_sched_held+0x12/0x80
[ 3087.337751] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 3087.338543] ? rcu_read_lock_held+0x30/0x50
[ 3087.339137] ? trace_kmalloc+0x3c/0x100
[ 3087.339688] ? kmem_cache_alloc_trace+0x1af/0x320
[ 3087.340349] kasan_bitops_generic+0xfa/0x164 [test_kasan]
[ 3087.341116] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan]
[ 3087.342089] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit]
[ 3087.342853] ? kunit_add_resource+0x197/0x280 [kunit]
[ 3087.343541] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3087.344202] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 3087.344892] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3087.345700] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 3087.346383] kthread+0x2a7/0x350
[ 3087.346851] ? kthread_complete_and_exit+0x20/0x20
[ 3087.347499] ret_from_fork+0x22/0x30
[ 3087.348011]
[ 3087.348551] Allocated by task 119547:
[ 3087.349043] kasan_save_stack+0x1e/0x40
[ 3087.349569] __kasan_kmalloc+0x81/0xa0
[ 3087.350072] kasan_bitops_generic+0x86/0x164 [test_kasan]
[ 3087.350724] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3087.351195] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3087.351894] kthread+0x2a7/0x350
[ 3087.352219] ret_from_fork+0x22/0x30
[ 3087.352704] The buggy address belongs to the object at ffff888007867d00
which belongs to the cache kmalloc-16 of size 16
[ 3087.353802] The buggy address is located 8 bytes inside of
16-byte region [ffff888007867d00, ffff888007867d10)
[ 3087.355039] The buggy address belongs to the physical page:
[ 3087.355569] page:00000000ef9d5931 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7867
[ 3087.356391] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 3087.357016] raw: 000fffffc0000200 dead000000000100 dead000000000122 ffff8881000413c0
[ 3087.357741] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000
[ 3087.358429] page dumped because: kasan: bad access detected
[ 3087.359113] Memory state around the buggy address:
[ 3087.359565] ffff888007867c00: fb fb fc fc 00 00 fc fc 00 00 fc fc fb fb fc fc
[ 3087.360253] ffff888007867c80: 00 00 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 3087.360933] >ffff888007867d00: 00 01 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 3087.361649] ^
[ 3087.362010] ffff888007867d80: 00 00 fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc
[ 3087.362713] ffff888007867e00: 00 00 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 3087.363383] ==================================================================
[ 3087.364094] ==================================================================
[ 3087.364816] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x4e9/0x850 [test_kasan]
[ 3087.365655] Write of size 8 at addr ffff888007867d08 by task kunit_try_catch/119547
[ 3087.366514] CPU: 0 PID: 119547 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-256.1991_766543265.el9.x86_64+debug #1
[ 3087.367743] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 3087.368295] Call Trace:
[ 3087.368562]
[ 3087.368772] ? kasan_bitops_modify.constprop.0+0x4e9/0x850 [test_kasan]
[ 3087.369368] dump_stack_lvl+0x57/0x81
[ 3087.369732] print_address_description.constprop.0+0x1f/0x1e0
[ 3087.370260] ? kasan_bitops_modify.constprop.0+0x4e9/0x850 [test_kasan]
[ 3087.370886] print_report.cold+0x5c/0x237
[ 3087.371251] kasan_report+0xc9/0x100
[ 3087.371603] ? kasan_bitops_modify.constprop.0+0x4e9/0x850 [test_kasan]
[ 3087.372208] kasan_check_range+0xfd/0x1e0
[ 3087.372596] kasan_bitops_modify.constprop.0+0x4e9/0x850 [test_kasan]
[ 3087.373189] ? kasan_test_init+0x50/0x50 [test_kasan]
[ 3087.373669] ? kunit_kfree+0x200/0x200 [kunit]
[ 3087.374091] ? rcu_read_lock_sched_held+0x12/0x80
[ 3087.374555] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 3087.375088] ? rcu_read_lock_held+0x30/0x50
[ 3087.375507] ? trace_kmalloc+0x3c/0x100
[ 3087.375881] ? kmem_cache_alloc_trace+0x1af/0x320
[ 3087.376305] kasan_bitops_generic+0xfa/0x164 [test_kasan]
[ 3087.376829] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan]
[ 3087.377515] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit]
[ 3087.378072] ? kunit_add_resource+0x197/0x280 [kunit]
[ 3087.378548] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3087.379009] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 3087.379461] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3087.380051] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 3087.380542] kthread+0x2a7/0x350
[ 3087.380866] ? kthread_complete_and_exit+0x20/0x20
[ 3087.381296] ret_from_fork+0x22/0x30
[ 3087.381760]
[ 3087.382160] Allocated by task 119547:
[ 3087.382514] kasan_save_stack+0x1e/0x40
[ 3087.382884] __kasan_kmalloc+0x81/0xa0
[ 3087.383223] kasan_bitops_generic+0x86/0x164 [test_kasan]
[ 3087.383709] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3087.384147] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3087.384717] kthread+0x2a7/0x350
[ 3087.385035] ret_from_fork+0x22/0x30
[ 3087.385563] The buggy address belongs to the object at ffff888007867d00
which belongs to the cache kmalloc-16 of size 16
[ 3087.386702] The buggy address is located 8 bytes inside of
16-byte region [ffff888007867d00, ffff888007867d10)
[ 3087.387893] The buggy address belongs to the physical page:
[ 3087.388382] page:00000000ef9d5931 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7867
[ 3087.389228] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 3087.389904] raw: 000fffffc0000200 dead000000000100 dead000000000122 ffff8881000413c0
[ 3087.390600] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000
[ 3087.391271] page dumped because: kasan: bad access detected
[ 3087.392004] Memory state around the buggy address:
[ 3087.392431] ffff888007867c00: fb fb fc fc 00 00 fc fc 00 00 fc fc fb fb fc fc
[ 3087.393112] ffff888007867c80: 00 00 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 3087.393772] >ffff888007867d00: 00 01 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 3087.394459] ^
[ 3087.394887] ffff888007867d80: 00 00 fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc
[ 3087.395556] ffff888007867e00: 00 00 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 3087.396212] ==================================================================
[ 3087.396903] ==================================================================
[ 3087.397568] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x58e/0x850 [test_kasan]
[ 3087.398398] Write of size 8 at addr ffff888007867d08 by task kunit_try_catch/119547
[ 3087.399225] CPU: 0 PID: 119547 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-256.1991_766543265.el9.x86_64+debug #1
[ 3087.400454] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 3087.401007] Call Trace:
[ 3087.401239]
[ 3087.401442] ? kasan_bitops_modify.constprop.0+0x58e/0x850 [test_kasan]
[ 3087.402031] dump_stack_lvl+0x57/0x81
[ 3087.402370] print_address_description.constprop.0+0x1f/0x1e0
[ 3087.402929] ? kasan_bitops_modify.constprop.0+0x58e/0x850 [test_kasan]
[ 3087.403536] print_report.cold+0x5c/0x237
[ 3087.403925] kasan_report+0xc9/0x100
[ 3087.404256] ? kasan_bitops_modify.constprop.0+0x58e/0x850 [test_kasan]
[ 3087.404871] kasan_check_range+0xfd/0x1e0
[ 3087.405251] kasan_bitops_modify.constprop.0+0x58e/0x850 [test_kasan]
[ 3087.405832] ? kasan_test_init+0x50/0x50 [test_kasan]
[ 3087.406287] ? kunit_kfree+0x200/0x200 [kunit]
[ 3087.406720] ? rcu_read_lock_sched_held+0x12/0x80
[ 3087.407166] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 3087.407711] ? rcu_read_lock_held+0x30/0x50
[ 3087.408150] ? trace_kmalloc+0x3c/0x100
[ 3087.408525] ? kmem_cache_alloc_trace+0x1af/0x320
[ 3087.408949] kasan_bitops_generic+0xfa/0x164 [test_kasan]
[ 3087.409431] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan]
[ 3087.410134] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit]
[ 3087.410669] ? kunit_add_resource+0x197/0x280 [kunit]
[ 3087.411147] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3087.411732] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 3087.412227] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3087.412785] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 3087.413248] kthread+0x2a7/0x350
[ 3087.413553] ? kthread_complete_and_exit+0x20/0x20
[ 3087.413987] ret_from_fork+0x22/0x30
[ 3087.414323]
[ 3087.414842] Allocated by task 119547:
[ 3087.415297] kasan_save_stack+0x1e/0x40
[ 3087.415701] __kasan_kmalloc+0x81/0xa0
[ 3087.416085] kasan_bitops_generic+0x86/0x164 [test_kasan]
[ 3087.416639] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3087.417136] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3087.417765] kthread+0x2a7/0x350
[ 3087.418079] ret_from_fork+0x22/0x30
[ 3087.418582] The buggy address belongs to the object at ffff888007867d00
which belongs to the cache kmalloc-16 of size 16
[ 3087.419708] The buggy address is located 8 bytes inside of
16-byte region [ffff888007867d00, ffff888007867d10)
[ 3087.420937] The buggy address belongs to the physical page:
[ 3087.421427] page:00000000ef9d5931 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7867
[ 3087.422322] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 3087.422983] raw: 000fffffc0000200 dead000000000100 dead000000000122 ffff8881000413c0
[ 3087.423682] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000
[ 3087.424378] page dumped because: kasan: bad access detected
[ 3087.425064] Memory state around the buggy address:
[ 3087.425538] ffff888007867c00: fb fb fc fc 00 00 fc fc 00 00 fc fc fb fb fc fc
[ 3087.426171] ffff888007867c80: 00 00 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 3087.426827] >ffff888007867d00: 00 01 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 3087.427506] ^
[ 3087.427834] ffff888007867d80: 00 00 fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc
[ 3087.428502] ffff888007867e00: 00 00 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 3087.429160] ==================================================================
[ 3087.429851] ==================================================================
[ 3087.430497] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xff/0x990 [test_kasan]
[ 3087.431370] Write of size 8 at addr ffff888007867d08 by task kunit_try_catch/119547
[ 3087.432237] CPU: 0 PID: 119547 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-256.1991_766543265.el9.x86_64+debug #1
[ 3087.433469] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 3087.433980] Call Trace:
[ 3087.434211]
[ 3087.434414] ? kasan_bitops_test_and_modify.constprop.0+0xff/0x990 [test_kasan]
[ 3087.435144] dump_stack_lvl+0x57/0x81
[ 3087.435501] print_address_description.constprop.0+0x1f/0x1e0
[ 3087.436043] ? kasan_bitops_test_and_modify.constprop.0+0xff/0x990 [test_kasan]
[ 3087.436715] print_report.cold+0x5c/0x237
[ 3087.437096] kasan_report+0xc9/0x100
[ 3087.437432] ? kasan_bitops_test_and_modify.constprop.0+0xff/0x990 [test_kasan]
[ 3087.438122] kasan_check_range+0xfd/0x1e0
[ 3087.438491] kasan_bitops_test_and_modify.constprop.0+0xff/0x990 [test_kasan]
[ 3087.439124] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan]
[ 3087.439761] ? kunit_kfree+0x200/0x200 [kunit]
[ 3087.440206] ? rcu_read_lock_sched_held+0x12/0x80
[ 3087.440677] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 3087.441191] ? rcu_read_lock_held+0x30/0x50
[ 3087.441662] ? trace_kmalloc+0x3c/0x100
[ 3087.442045] ? kmem_cache_alloc_trace+0x1af/0x320
[ 3087.442473] kasan_bitops_generic+0x105/0x164 [test_kasan]
[ 3087.442963] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan]
[ 3087.443641] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit]
[ 3087.444194] ? kunit_add_resource+0x197/0x280 [kunit]
[ 3087.449017] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3087.449461] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 3087.449966] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3087.450533] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 3087.451041] kthread+0x2a7/0x350
[ 3087.451342] ? kthread_complete_and_exit+0x20/0x20
[ 3087.451804] ret_from_fork+0x22/0x30
[ 3087.452157]
[ 3087.452530] Allocated by task 119547:
[ 3087.452863] kasan_save_stack+0x1e/0x40
[ 3087.453211] __kasan_kmalloc+0x81/0xa0
[ 3087.453576] kasan_bitops_generic+0x86/0x164 [test_kasan]
[ 3087.454082] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3087.454542] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3087.455114] kthread+0x2a7/0x350
[ 3087.455413] ret_from_fork+0x22/0x30
[ 3087.455936] The buggy address belongs to the object at ffff888007867d00
which belongs to the cache kmalloc-16 of size 16
[ 3087.456997] The buggy address is located 8 bytes inside of
16-byte region [ffff888007867d00, ffff888007867d10)
[ 3087.458186] The buggy address belongs to the physical page:
[ 3087.458702] page:00000000ef9d5931 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7867
[ 3087.459805] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 3087.460407] raw: 000fffffc0000200 dead000000000100 dead000000000122 ffff8881000413c0
[ 3087.461087] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000
[ 3087.461805] page dumped because: kasan: bad access detected
[ 3087.462448] Memory state around the buggy address:
[ 3087.462920] ffff888007867c00: fb fb fc fc 00 00 fc fc 00 00 fc fc fb fb fc fc
[ 3087.463578] ffff888007867c80: 00 00 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 3087.464236] >ffff888007867d00: 00 01 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 3087.464906] ^
[ 3087.465241] ffff888007867d80: 00 00 fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc
[ 3087.465920] ffff888007867e00: 00 00 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 3087.466574] ==================================================================
[ 3087.467286] ==================================================================
[ 3087.468054] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x1a9/0x990 [test_kasan]
[ 3087.469017] Write of size 8 at addr ffff888007867d08 by task kunit_try_catch/119547
[ 3087.469952] CPU: 0 PID: 119547 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-256.1991_766543265.el9.x86_64+debug #1
[ 3087.471222] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 3087.471935] Call Trace:
[ 3087.472192]
[ 3087.472413] ? kasan_bitops_test_and_modify.constprop.0+0x1a9/0x990 [test_kasan]
[ 3087.473114] dump_stack_lvl+0x57/0x81
[ 3087.473451] print_address_description.constprop.0+0x1f/0x1e0
[ 3087.473971] ? kasan_bitops_test_and_modify.constprop.0+0x1a9/0x990 [test_kasan]
[ 3087.474628] print_report.cold+0x5c/0x237
[ 3087.475017] kasan_report+0xc9/0x100
[ 3087.475402] ? kasan_bitops_test_and_modify.constprop.0+0x1a9/0x990 [test_kasan]
[ 3087.476157] kasan_check_range+0xfd/0x1e0
[ 3087.476543] kasan_bitops_test_and_modify.constprop.0+0x1a9/0x990 [test_kasan]
[ 3087.477209] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan]
[ 3087.477841] ? kunit_kfree+0x200/0x200 [kunit]
[ 3087.478245] ? rcu_read_lock_sched_held+0x12/0x80
[ 3087.478698] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 3087.479212] ? rcu_read_lock_held+0x30/0x50
[ 3087.479635] ? trace_kmalloc+0x3c/0x100
[ 3087.480048] ? kmem_cache_alloc_trace+0x1af/0x320
[ 3087.480534] kasan_bitops_generic+0x105/0x164 [test_kasan]
[ 3087.481078] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan]
[ 3087.481805] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit]
[ 3087.482333] ? kunit_add_resource+0x197/0x280 [kunit]
[ 3087.482835] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3087.483277] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 3087.483759] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3087.484322] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 3087.484786] kthread+0x2a7/0x350
[ 3087.485087] ? kthread_complete_and_exit+0x20/0x20
[ 3087.485541] ret_from_fork+0x22/0x30
[ 3087.485899]
[ 3087.486261] Allocated by task 119547:
[ 3087.486597] kasan_save_stack+0x1e/0x40
[ 3087.486945] __kasan_kmalloc+0x81/0xa0
[ 3087.487286] kasan_bitops_generic+0x86/0x164 [test_kasan]
[ 3087.487796] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3087.488252] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3087.488805] kthread+0x2a7/0x350
[ 3087.489104] ret_from_fork+0x22/0x30
[ 3087.489615] The buggy address belongs to the object at ffff888007867d00
which belongs to the cache kmalloc-16 of size 16
[ 3087.490721] The buggy address is located 8 bytes inside of
16-byte region [ffff888007867d00, ffff888007867d10)
[ 3087.491926] The buggy address belongs to the physical page:
[ 3087.492415] page:00000000ef9d5931 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7867
[ 3087.493219] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 3087.493826] raw: 000fffffc0000200 dead000000000100 dead000000000122 ffff8881000413c0
[ 3087.494556] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000
[ 3087.495300] page dumped because: kasan: bad access detected
[ 3087.496034] Memory state around the buggy address:
[ 3087.496508] ffff888007867c00: fb fb fc fc 00 00 fc fc 00 00 fc fc fb fb fc fc
[ 3087.497182] ffff888007867c80: 00 00 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 3087.497867] >ffff888007867d00: 00 01 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 3087.498563] ^
[ 3087.498924] ffff888007867d80: 00 00 fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc
[ 3087.499622] ffff888007867e00: 00 00 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 3087.500305] ==================================================================
[ 3087.500995] ==================================================================
[ 3087.501759] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x252/0x990 [test_kasan]
[ 3087.502687] Write of size 8 at addr ffff888007867d08 by task kunit_try_catch/119547
[ 3087.503547] CPU: 0 PID: 119547 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-256.1991_766543265.el9.x86_64+debug #1
[ 3087.504759] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 3087.505269] Call Trace:
[ 3087.505504]
[ 3087.505840] ? kasan_bitops_test_and_modify.constprop.0+0x252/0x990 [test_kasan]
[ 3087.506693] dump_stack_lvl+0x57/0x81
[ 3087.507071] print_address_description.constprop.0+0x1f/0x1e0
[ 3087.507673] ? kasan_bitops_test_and_modify.constprop.0+0x252/0x990 [test_kasan]
[ 3087.508437] print_report.cold+0x5c/0x237
[ 3087.508884] kasan_report+0xc9/0x100
[ 3087.509214] ? kasan_bitops_test_and_modify.constprop.0+0x252/0x990 [test_kasan]
[ 3087.509971] kasan_check_range+0xfd/0x1e0
[ 3087.510361] kasan_bitops_test_and_modify.constprop.0+0x252/0x990 [test_kasan]
[ 3087.511047] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan]
[ 3087.511681] ? kunit_kfree+0x200/0x200 [kunit]
[ 3087.512133] ? rcu_read_lock_sched_held+0x12/0x80
[ 3087.512584] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 3087.513101] ? rcu_read_lock_held+0x30/0x50
[ 3087.513498] ? trace_kmalloc+0x3c/0x100
[ 3087.513870] ? kmem_cache_alloc_trace+0x1af/0x320
[ 3087.514296] kasan_bitops_generic+0x105/0x164 [test_kasan]
[ 3087.514836] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan]
[ 3087.515511] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit]
[ 3087.516046] ? kunit_add_resource+0x197/0x280 [kunit]
[ 3087.516508] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3087.516949] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 3087.517403] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3087.517951] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 3087.518411] kthread+0x2a7/0x350
[ 3087.518743] ? kthread_complete_and_exit+0x20/0x20
[ 3087.519189] ret_from_fork+0x22/0x30
[ 3087.519545]
[ 3087.519933] Allocated by task 119547:
[ 3087.520265] kasan_save_stack+0x1e/0x40
[ 3087.520619] __kasan_kmalloc+0x81/0xa0
[ 3087.520960] kasan_bitops_generic+0x86/0x164 [test_kasan]
[ 3087.521441] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3087.521884] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3087.522426] kthread+0x2a7/0x350
[ 3087.522752] ret_from_fork+0x22/0x30
[ 3087.523252] The buggy address belongs to the object at ffff888007867d00
which belongs to the cache kmalloc-16 of size 16
[ 3087.524356] The buggy address is located 8 bytes inside of
16-byte region [ffff888007867d00, ffff888007867d10)
[ 3087.525576] The buggy address belongs to the physical page:
[ 3087.526087] page:00000000ef9d5931 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7867
[ 3087.526930] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 3087.527575] raw: 000fffffc0000200 dead000000000100 dead000000000122 ffff8881000413c0
[ 3087.528299] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000
[ 3087.529017] page dumped because: kasan: bad access detected
[ 3087.529688] Memory state around the buggy address:
[ 3087.530137] ffff888007867c00: fb fb fc fc 00 00 fc fc 00 00 fc fc fb fb fc fc
[ 3087.530814] ffff888007867c80: 00 00 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 3087.531447] >ffff888007867d00: 00 01 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 3087.532236] ^
[ 3087.532612] ffff888007867d80: 00 00 fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc
[ 3087.533306] ffff888007867e00: 00 00 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 3087.533943] ==================================================================
[ 3087.534612] ==================================================================
[ 3087.535273] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x2fc/0x990 [test_kasan]
[ 3087.536157] Write of size 8 at addr ffff888007867d08 by task kunit_try_catch/119547
[ 3087.537026] CPU: 0 PID: 119547 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-256.1991_766543265.el9.x86_64+debug #1
[ 3087.538255] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 3087.538811] Call Trace:
[ 3087.539043]
[ 3087.539252] ? kasan_bitops_test_and_modify.constprop.0+0x2fc/0x990 [test_kasan]
[ 3087.539992] dump_stack_lvl+0x57/0x81
[ 3087.540350] print_address_description.constprop.0+0x1f/0x1e0
[ 3087.540931] ? kasan_bitops_test_and_modify.constprop.0+0x2fc/0x990 [test_kasan]
[ 3087.541626] print_report.cold+0x5c/0x237
[ 3087.542039] kasan_report+0xc9/0x100
[ 3087.542369] ? kasan_bitops_test_and_modify.constprop.0+0x2fc/0x990 [test_kasan]
[ 3087.543076] kasan_check_range+0xfd/0x1e0
[ 3087.543440] kasan_bitops_test_and_modify.constprop.0+0x2fc/0x990 [test_kasan]
[ 3087.544084] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan]
[ 3087.544747] ? kunit_kfree+0x200/0x200 [kunit]
[ 3087.545188] ? rcu_read_lock_sched_held+0x12/0x80
[ 3087.545639] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 3087.546154] ? rcu_read_lock_held+0x30/0x50
[ 3087.546553] ? trace_kmalloc+0x3c/0x100
[ 3087.546926] ? kmem_cache_alloc_trace+0x1af/0x320
[ 3087.547351] kasan_bitops_generic+0x105/0x164 [test_kasan]
[ 3087.547846] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan]
[ 3087.548566] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit]
[ 3087.549139] ? kunit_add_resource+0x197/0x280 [kunit]
[ 3087.549621] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3087.550080] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 3087.550556] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3087.551143] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 3087.551606] kthread+0x2a7/0x350
[ 3087.551906] ? kthread_complete_and_exit+0x20/0x20
[ 3087.552337] ret_from_fork+0x22/0x30
[ 3087.552698]
[ 3087.553079] Allocated by task 119547:
[ 3087.553414] kasan_save_stack+0x1e/0x40
[ 3087.553823] __kasan_kmalloc+0x81/0xa0
[ 3087.554307] kasan_bitops_generic+0x86/0x164 [test_kasan]
[ 3087.554992] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3087.555531] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3087.556131] kthread+0x2a7/0x350
[ 3087.556526] ret_from_fork+0x22/0x30
[ 3087.557066] The buggy address belongs to the object at ffff888007867d00
which belongs to the cache kmalloc-16 of size 16
[ 3087.558248] The buggy address is located 8 bytes inside of
16-byte region [ffff888007867d00, ffff888007867d10)
[ 3087.559495] The buggy address belongs to the physical page:
[ 3087.560072] page:00000000ef9d5931 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7867
[ 3087.560942] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 3087.561672] raw: 000fffffc0000200 dead000000000100 dead000000000122 ffff8881000413c0
[ 3087.562433] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000
[ 3087.563224] page dumped because: kasan: bad access detected
[ 3087.563936] Memory state around the buggy address:
[ 3087.564412] ffff888007867c00: fb fb fc fc 00 00 fc fc 00 00 fc fc fb fb fc fc
[ 3087.565145] ffff888007867c80: 00 00 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 3087.565846] >ffff888007867d00: 00 01 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 3087.566519] ^
[ 3087.566871] ffff888007867d80: 00 00 fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc
[ 3087.567548] ffff888007867e00: 00 00 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 3087.568226] ==================================================================
[ 3087.568940] ==================================================================
[ 3087.569691] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x3a6/0x990 [test_kasan]
[ 3087.570708] Write of size 8 at addr ffff888007867d08 by task kunit_try_catch/119547
[ 3087.571685] CPU: 0 PID: 119547 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-256.1991_766543265.el9.x86_64+debug #1
[ 3087.573020] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 3087.573569] Call Trace:
[ 3087.573828]
[ 3087.574038] ? kasan_bitops_test_and_modify.constprop.0+0x3a6/0x990 [test_kasan]
[ 3087.574742] dump_stack_lvl+0x57/0x81
[ 3087.575107] print_address_description.constprop.0+0x1f/0x1e0
[ 3087.575660] ? kasan_bitops_test_and_modify.constprop.0+0x3a6/0x990 [test_kasan]
[ 3087.576381] print_report.cold+0x5c/0x237
[ 3087.576838] kasan_report+0xc9/0x100
[ 3087.577228] ? kasan_bitops_test_and_modify.constprop.0+0x3a6/0x990 [test_kasan]
[ 3087.578007] kasan_check_range+0xfd/0x1e0
[ 3087.578439] kasan_bitops_test_and_modify.constprop.0+0x3a6/0x990 [test_kasan]
[ 3087.579227] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan]
[ 3087.579914] ? kunit_kfree+0x200/0x200 [kunit]
[ 3087.580377] ? rcu_read_lock_sched_held+0x12/0x80
[ 3087.580906] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 3087.581434] ? rcu_read_lock_held+0x30/0x50
[ 3087.581869] ? trace_kmalloc+0x3c/0x100
[ 3087.582257] ? kmem_cache_alloc_trace+0x1af/0x320
[ 3087.582722] kasan_bitops_generic+0x105/0x164 [test_kasan]
[ 3087.583246] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan]
[ 3087.583970] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit]
[ 3087.584532] ? kunit_add_resource+0x197/0x280 [kunit]
[ 3087.585055] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3087.585530] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 3087.586022] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3087.586631] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 3087.587144] kthread+0x2a7/0x350
[ 3087.587467] ? kthread_complete_and_exit+0x20/0x20
[ 3087.588014] ret_from_fork+0x22/0x30
[ 3087.588370]
[ 3087.588793] Allocated by task 119547:
[ 3087.589164] kasan_save_stack+0x1e/0x40
[ 3087.589574] __kasan_kmalloc+0x81/0xa0
[ 3087.589989] kasan_bitops_generic+0x86/0x164 [test_kasan]
[ 3087.590522] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3087.591017] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3087.591699] kthread+0x2a7/0x350
[ 3087.592041] ret_from_fork+0x22/0x30
[ 3087.592582] The buggy address belongs to the object at ffff888007867d00
which belongs to the cache kmalloc-16 of size 16
[ 3087.593769] The buggy address is located 8 bytes inside of
16-byte region [ffff888007867d00, ffff888007867d10)
[ 3087.595106] The buggy address belongs to the physical page:
[ 3087.595660] page:00000000ef9d5931 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7867
[ 3087.596569] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 3087.597214] raw: 000fffffc0000200 dead000000000100 dead000000000122 ffff8881000413c0
[ 3087.597963] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000
[ 3087.598695] page dumped because: kasan: bad access detected
[ 3087.599380] Memory state around the buggy address:
[ 3087.599907] ffff888007867c00: fb fb fc fc 00 00 fc fc 00 00 fc fc fb fb fc fc
[ 3087.600605] ffff888007867c80: 00 00 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 3087.601280] >ffff888007867d00: 00 01 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 3087.602011] ^
[ 3087.602341] ffff888007867d80: 00 00 fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc
[ 3087.603078] ffff888007867e00: 00 00 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 3087.603759] ==================================================================
[ 3087.604428] ==================================================================
[ 3087.605097] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x44f/0x990 [test_kasan]
[ 3087.606079] Write of size 8 at addr ffff888007867d08 by task kunit_try_catch/119547
[ 3087.607001] CPU: 0 PID: 119547 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-256.1991_766543265.el9.x86_64+debug #1
[ 3087.608252] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 3087.608844] Call Trace:
[ 3087.609090]
[ 3087.609307] ? kasan_bitops_test_and_modify.constprop.0+0x44f/0x990 [test_kasan]
[ 3087.610067] dump_stack_lvl+0x57/0x81
[ 3087.610427] print_address_description.constprop.0+0x1f/0x1e0
[ 3087.611049] ? kasan_bitops_test_and_modify.constprop.0+0x44f/0x990 [test_kasan]
[ 3087.611825] print_report.cold+0x5c/0x237
[ 3087.612275] kasan_report+0xc9/0x100
[ 3087.612646] ? kasan_bitops_test_and_modify.constprop.0+0x44f/0x990 [test_kasan]
[ 3087.613392] kasan_check_range+0xfd/0x1e0
[ 3087.613843] kasan_bitops_test_and_modify.constprop.0+0x44f/0x990 [test_kasan]
[ 3087.614608] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan]
[ 3087.615257] ? kunit_kfree+0x200/0x200 [kunit]
[ 3087.615732] ? rcu_read_lock_sched_held+0x12/0x80
[ 3087.616239] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 3087.616842] ? rcu_read_lock_held+0x30/0x50
[ 3087.617245] ? trace_kmalloc+0x3c/0x100
[ 3087.617644] ? kmem_cache_alloc_trace+0x1af/0x320
[ 3087.618124] kasan_bitops_generic+0x105/0x164 [test_kasan]
[ 3087.618678] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan]
[ 3087.619397] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit]
[ 3087.620016] ? kunit_add_resource+0x197/0x280 [kunit]
[ 3087.620493] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3087.620948] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 3087.621418] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3087.622158] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 3087.622661] kthread+0x2a7/0x350
[ 3087.622991] ? kthread_complete_and_exit+0x20/0x20
[ 3087.623437] ret_from_fork+0x22/0x30
[ 3087.623813]
[ 3087.624204] Allocated by task 119547:
[ 3087.624554] kasan_save_stack+0x1e/0x40
[ 3087.624937] __kasan_kmalloc+0x81/0xa0
[ 3087.625288] kasan_bitops_generic+0x86/0x164 [test_kasan]
[ 3087.625851] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3087.626327] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3087.626933] kthread+0x2a7/0x350
[ 3087.627266] ret_from_fork+0x22/0x30
[ 3087.627816] The buggy address belongs to the object at ffff888007867d00
which belongs to the cache kmalloc-16 of size 16
[ 3087.628996] The buggy address is located 8 bytes inside of
16-byte region [ffff888007867d00, ffff888007867d10)
[ 3087.630263] The buggy address belongs to the physical page:
[ 3087.630813] page:00000000ef9d5931 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7867
[ 3087.631687] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 3087.632354] raw: 000fffffc0000200 dead000000000100 dead000000000122 ffff8881000413c0
[ 3087.633119] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000
[ 3087.633885] page dumped because: kasan: bad access detected
[ 3087.634720] Memory state around the buggy address:
[ 3087.635265] ffff888007867c00: fb fb fc fc 00 00 fc fc 00 00 fc fc fb fb fc fc
[ 3087.635967] ffff888007867c80: 00 00 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 3087.636654] >ffff888007867d00: 00 01 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 3087.637307] ^
[ 3087.637658] ffff888007867d80: 00 00 fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc
[ 3087.638326] ffff888007867e00: 00 00 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 3087.639011] ==================================================================
[ 3087.639738] ==================================================================
[ 3087.640435] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x4f9/0x990 [test_kasan]
[ 3087.641401] Write of size 8 at addr ffff888007867d08 by task kunit_try_catch/119547
[ 3087.642287] CPU: 0 PID: 119547 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-256.1991_766543265.el9.x86_64+debug #1
[ 3087.643575] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 3087.644121] Call Trace:
[ 3087.644359]
[ 3087.644620] ? kasan_bitops_test_and_modify.constprop.0+0x4f9/0x990 [test_kasan]
[ 3087.645354] dump_stack_lvl+0x57/0x81
[ 3087.645738] print_address_description.constprop.0+0x1f/0x1e0
[ 3087.646298] ? kasan_bitops_test_and_modify.constprop.0+0x4f9/0x990 [test_kasan]
[ 3087.647050] print_report.cold+0x5c/0x237
[ 3087.647439] kasan_report+0xc9/0x100
[ 3087.647859] ? kasan_bitops_test_and_modify.constprop.0+0x4f9/0x990 [test_kasan]
[ 3087.648595] kasan_check_range+0xfd/0x1e0
[ 3087.649001] kasan_bitops_test_and_modify.constprop.0+0x4f9/0x990 [test_kasan]
[ 3087.649727] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan]
[ 3087.650385] ? kunit_kfree+0x200/0x200 [kunit]
[ 3087.650824] ? rcu_read_lock_sched_held+0x12/0x80
[ 3087.651280] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 3087.651974] ? rcu_read_lock_held+0x30/0x50
[ 3087.652394] ? trace_kmalloc+0x3c/0x100
[ 3087.652803] ? kmem_cache_alloc_trace+0x1af/0x320
[ 3087.653264] kasan_bitops_generic+0x105/0x164 [test_kasan]
[ 3087.653920] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan]
[ 3087.654757] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit]
[ 3087.655383] ? kunit_add_resource+0x197/0x280 [kunit]
[ 3087.655941] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3087.656487] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 3087.657018] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3087.657625] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 3087.658147] kthread+0x2a7/0x350
[ 3087.658457] ? kthread_complete_and_exit+0x20/0x20
[ 3087.658948] ret_from_fork+0x22/0x30
[ 3087.659293]
[ 3087.659717] Allocated by task 119547:
[ 3087.660102] kasan_save_stack+0x1e/0x40
[ 3087.660465] __kasan_kmalloc+0x81/0xa0
[ 3087.660859] kasan_bitops_generic+0x86/0x164 [test_kasan]
[ 3087.661354] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3087.661879] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3087.662455] kthread+0x2a7/0x350
[ 3087.662767] ret_from_fork+0x22/0x30
[ 3087.663265] The buggy address belongs to the object at ffff888007867d00
which belongs to the cache kmalloc-16 of size 16
[ 3087.664403] The buggy address is located 8 bytes inside of
16-byte region [ffff888007867d00, ffff888007867d10)
[ 3087.665663] The buggy address belongs to the physical page:
[ 3087.666187] page:00000000ef9d5931 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7867
[ 3087.667044] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 3087.667733] raw: 000fffffc0000200 dead000000000100 dead000000000122 ffff8881000413c0
[ 3087.668537] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000
[ 3087.669257] page dumped because: kasan: bad access detected
[ 3087.669964] Memory state around the buggy address:
[ 3087.670406] ffff888007867c00: fb fb fc fc 00 00 fc fc 00 00 fc fc fb fb fc fc
[ 3087.671133] ffff888007867c80: 00 00 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 3087.671858] >ffff888007867d00: 00 01 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 3087.672564] ^
[ 3087.672935] ffff888007867d80: 00 00 fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc
[ 3087.673666] ffff888007867e00: 00 00 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 3087.674375] ==================================================================
[ 3087.675154] ==================================================================
[ 3087.675864] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x5a2/0x990 [test_kasan]
[ 3087.676862] Read of size 8 at addr ffff888007867d08 by task kunit_try_catch/119547
[ 3087.677759] CPU: 0 PID: 119547 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-256.1991_766543265.el9.x86_64+debug #1
[ 3087.679094] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 3087.679703] Call Trace:
[ 3087.679999]
[ 3087.680231] ? kasan_bitops_test_and_modify.constprop.0+0x5a2/0x990 [test_kasan]
[ 3087.680985] dump_stack_lvl+0x57/0x81
[ 3087.681332] print_address_description.constprop.0+0x1f/0x1e0
[ 3087.682034] ? kasan_bitops_test_and_modify.constprop.0+0x5a2/0x990 [test_kasan]
[ 3087.682737] print_report.cold+0x5c/0x237
[ 3087.683159] kasan_report+0xc9/0x100
[ 3087.683568] ? kasan_bitops_test_and_modify.constprop.0+0x5a2/0x990 [test_kasan]
[ 3087.684290] kasan_check_range+0xfd/0x1e0
[ 3087.684684] kasan_bitops_test_and_modify.constprop.0+0x5a2/0x990 [test_kasan]
[ 3087.685360] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan]
[ 3087.686007] ? kunit_kfree+0x200/0x200 [kunit]
[ 3087.686425] ? rcu_read_lock_sched_held+0x12/0x80
[ 3087.686871] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 3087.687413] ? rcu_read_lock_held+0x30/0x50
[ 3087.687821] ? trace_kmalloc+0x3c/0x100
[ 3087.688261] ? kmem_cache_alloc_trace+0x1af/0x320
[ 3087.688771] kasan_bitops_generic+0x105/0x164 [test_kasan]
[ 3087.689314] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan]
[ 3087.690060] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit]
[ 3087.690608] ? kunit_add_resource+0x197/0x280 [kunit]
[ 3087.691119] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3087.691598] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 3087.692092] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3087.692664] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 3087.693139] kthread+0x2a7/0x350
[ 3087.693448] ? kthread_complete_and_exit+0x20/0x20
[ 3087.693897] ret_from_fork+0x22/0x30
[ 3087.694267]
[ 3087.694705] Allocated by task 119547:
[ 3087.695126] kasan_save_stack+0x1e/0x40
[ 3087.695506] __kasan_kmalloc+0x81/0xa0
[ 3087.695889] kasan_bitops_generic+0x86/0x164 [test_kasan]
[ 3087.696386] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3087.696888] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3087.697489] kthread+0x2a7/0x350
[ 3087.697843] ret_from_fork+0x22/0x30
[ 3087.698339] The buggy address belongs to the object at ffff888007867d00
which belongs to the cache kmalloc-16 of size 16
[ 3087.699547] The buggy address is located 8 bytes inside of
16-byte region [ffff888007867d00, ffff888007867d10)
[ 3087.700808] The buggy address belongs to the physical page:
[ 3087.701313] page:00000000ef9d5931 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7867
[ 3087.702181] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 3087.702835] raw: 000fffffc0000200 dead000000000100 dead000000000122 ffff8881000413c0
[ 3087.703557] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000
[ 3087.704254] page dumped because: kasan: bad access detected
[ 3087.705011] Memory state around the buggy address:
[ 3087.705474] ffff888007867c00: fb fb fc fc 00 00 fc fc 00 00 fc fc fb fb fc fc
[ 3087.706129] ffff888007867c80: 00 00 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 3087.706817] >ffff888007867d00: 00 01 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 3087.707509] ^
[ 3087.707874] ffff888007867d80: 00 00 fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc
[ 3087.708570] ffff888007867e00: 00 00 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 3087.709277] ==================================================================
[ 3087.710083] ==================================================================
[ 3087.710837] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x984/0x990 [test_kasan]
[ 3087.711992] Read of size 8 at addr ffff888007867d08 by task kunit_try_catch/119547
[ 3087.712900] CPU: 0 PID: 119547 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-256.1991_766543265.el9.x86_64+debug #1
[ 3087.714168] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 3087.714879] Call Trace:
[ 3087.715181]
[ 3087.715455] ? kasan_bitops_test_and_modify.constprop.0+0x984/0x990 [test_kasan]
[ 3087.716213] dump_stack_lvl+0x57/0x81
[ 3087.716627] print_address_description.constprop.0+0x1f/0x1e0
[ 3087.717212] ? kasan_bitops_test_and_modify.constprop.0+0x984/0x990 [test_kasan]
[ 3087.717986] print_report.cold+0x5c/0x237
[ 3087.718366] kasan_report+0xc9/0x100
[ 3087.718740] ? kasan_bitops_test_and_modify.constprop.0+0x984/0x990 [test_kasan]
[ 3087.719436] kasan_bitops_test_and_modify.constprop.0+0x984/0x990 [test_kasan]
[ 3087.720212] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan]
[ 3087.720846] ? kunit_kfree+0x200/0x200 [kunit]
[ 3087.721288] ? rcu_read_lock_sched_held+0x12/0x80
[ 3087.721783] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 3087.722331] ? rcu_read_lock_held+0x30/0x50
[ 3087.722749] ? trace_kmalloc+0x3c/0x100
[ 3087.723128] ? kmem_cache_alloc_trace+0x1af/0x320
[ 3087.723572] kasan_bitops_generic+0x105/0x164 [test_kasan]
[ 3087.724078] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan]
[ 3087.724785] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit]
[ 3087.725323] ? kunit_add_resource+0x197/0x280 [kunit]
[ 3087.725800] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3087.726278] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 3087.726800] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3087.727379] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 3087.727863] kthread+0x2a7/0x350
[ 3087.728197] ? kthread_complete_and_exit+0x20/0x20
[ 3087.728664] ret_from_fork+0x22/0x30
[ 3087.729009]
[ 3087.729389] Allocated by task 119547:
[ 3087.729740] kasan_save_stack+0x1e/0x40
[ 3087.730101] __kasan_kmalloc+0x81/0xa0
[ 3087.730451] kasan_bitops_generic+0x86/0x164 [test_kasan]
[ 3087.730997] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3087.731450] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3087.732054] kthread+0x2a7/0x350
[ 3087.732362] ret_from_fork+0x22/0x30
[ 3087.732862] The buggy address belongs to the object at ffff888007867d00
which belongs to the cache kmalloc-16 of size 16
[ 3087.733963] The buggy address is located 8 bytes inside of
16-byte region [ffff888007867d00, ffff888007867d10)
[ 3087.735262] The buggy address belongs to the physical page:
[ 3087.735849] page:00000000ef9d5931 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7867
[ 3087.736743] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 3087.737363] raw: 000fffffc0000200 dead000000000100 dead000000000122 ffff8881000413c0
[ 3087.738112] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000
[ 3087.738840] page dumped because: kasan: bad access detected
[ 3087.739598] Memory state around the buggy address:
[ 3087.740133] ffff888007867c00: fb fb fc fc 00 00 fc fc 00 00 fc fc fb fb fc fc
[ 3087.740837] ffff888007867c80: 00 00 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 3087.741543] >ffff888007867d00: 00 01 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 3087.742329] ^
[ 3087.742822] ffff888007867d80: 00 00 fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc
[ 3087.743654] ffff888007867e00: 00 00 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 3087.744416] ==================================================================
[ 3087.745165] ==================================================================
[ 3087.745928] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x66e/0x990 [test_kasan]
[ 3087.746874] Write of size 8 at addr ffff888007867d08 by task kunit_try_catch/119547
[ 3087.747773] CPU: 0 PID: 119547 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-256.1991_766543265.el9.x86_64+debug #1
[ 3087.749016] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 3087.749565] Call Trace:
[ 3087.749811]
[ 3087.750040] ? kasan_bitops_test_and_modify.constprop.0+0x66e/0x990 [test_kasan]
[ 3087.750824] dump_stack_lvl+0x57/0x81
[ 3087.751172] print_address_description.constprop.0+0x1f/0x1e0
[ 3087.751745] ? kasan_bitops_test_and_modify.constprop.0+0x66e/0x990 [test_kasan]
[ 3087.752457] print_report.cold+0x5c/0x237
[ 3087.752881] kasan_report+0xc9/0x100
[ 3087.753222] ? kasan_bitops_test_and_modify.constprop.0+0x66e/0x990 [test_kasan]
[ 3087.753943] kasan_check_range+0xfd/0x1e0
[ 3087.754319] kasan_bitops_test_and_modify.constprop.0+0x66e/0x990 [test_kasan]
[ 3087.755025] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan]
[ 3087.755657] ? kunit_kfree+0x200/0x200 [kunit]
[ 3087.756096] ? rcu_read_lock_sched_held+0x12/0x80
[ 3087.756614] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 3087.757184] ? rcu_read_lock_held+0x30/0x50
[ 3087.757578] ? trace_kmalloc+0x3c/0x100
[ 3087.757939] ? kmem_cache_alloc_trace+0x1af/0x320
[ 3087.758378] kasan_bitops_generic+0x105/0x164 [test_kasan]
[ 3087.758929] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan]
[ 3087.759630] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit]
[ 3087.760178] ? kunit_add_resource+0x197/0x280 [kunit]
[ 3087.760676] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3087.761150] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 3087.761623] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3087.762184] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 3087.762686] kthread+0x2a7/0x350
[ 3087.763015] ? kthread_complete_and_exit+0x20/0x20
[ 3087.763464] ret_from_fork+0x22/0x30
[ 3087.763836]
[ 3087.764226] Allocated by task 119547:
[ 3087.764614] kasan_save_stack+0x1e/0x40
[ 3087.765020] __kasan_kmalloc+0x81/0xa0
[ 3087.765373] kasan_bitops_generic+0x86/0x164 [test_kasan]
[ 3087.765914] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3087.766369] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3087.766973] kthread+0x2a7/0x350
[ 3087.767287] ret_from_fork+0x22/0x30
[ 3087.767842] The buggy address belongs to the object at ffff888007867d00
which belongs to the cache kmalloc-16 of size 16
[ 3087.769013] The buggy address is located 8 bytes inside of
16-byte region [ffff888007867d00, ffff888007867d10)
[ 3087.770241] The buggy address belongs to the physical page:
[ 3087.770780] page:00000000ef9d5931 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7867
[ 3087.771786] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 3087.772448] raw: 000fffffc0000200 dead000000000100 dead000000000122 ffff8881000413c0
[ 3087.773195] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000
[ 3087.773896] page dumped because: kasan: bad access detected
[ 3087.774582] Memory state around the buggy address:
[ 3087.775044] ffff888007867c00: fb fb fc fc 00 00 fc fc 00 00 fc fc fb fb fc fc
[ 3087.775758] ffff888007867c80: 00 00 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 3087.776517] >ffff888007867d00: 00 01 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 3087.777209] ^
[ 3087.777543] ffff888007867d80: 00 00 fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc
[ 3087.778200] ffff888007867e00: 00 00 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 3087.778897] ==================================================================
[ 3087.781095] ok 45 - kasan_bitops_generic
[ 3087.788326] ok 46 - kasan_bitops_tags # SKIP Test requires CONFIG_KASAN_GENERIC=n
[ 3087.790363] ==================================================================
[ 3087.791870] BUG: KASAN: use-after-free in kmalloc_double_kzfree+0x1ad/0x270 [test_kasan]
[ 3087.792634] Read of size 1 at addr ffff888007867720 by task kunit_try_catch/119549
[ 3087.793505] CPU: 0 PID: 119549 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-256.1991_766543265.el9.x86_64+debug #1
[ 3087.794825] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 3087.795424] Call Trace:
[ 3087.795705]
[ 3087.795935] ? kmalloc_double_kzfree+0x1ad/0x270 [test_kasan]
[ 3087.796532] dump_stack_lvl+0x57/0x81
[ 3087.796904] print_address_description.constprop.0+0x1f/0x1e0
[ 3087.797435] ? kmalloc_double_kzfree+0x1ad/0x270 [test_kasan]
[ 3087.798016] print_report.cold+0x5c/0x237
[ 3087.798394] kasan_report+0xc9/0x100
[ 3087.798766] ? kmalloc_double_kzfree+0x1ad/0x270 [test_kasan]
[ 3087.799312] ? kmalloc_double_kzfree+0x1ad/0x270 [test_kasan]
[ 3087.799921] __kasan_check_byte+0x36/0x50
[ 3087.800312] kfree_sensitive+0x1b/0x60
[ 3087.805632] kmalloc_double_kzfree+0x1ad/0x270 [test_kasan]
[ 3087.806225] ? vmalloc_oob+0x5e0/0x5e0 [test_kasan]
[ 3087.806731] ? do_raw_spin_trylock+0xb5/0x180
[ 3087.807202] ? do_raw_spin_lock+0x270/0x270
[ 3087.807642] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 3087.808179] ? kunit_add_resource+0x197/0x280 [kunit]
[ 3087.808682] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3087.809159] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 3087.809661] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3087.810266] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 3087.810805] kthread+0x2a7/0x350
[ 3087.811172] ? kthread_complete_and_exit+0x20/0x20
[ 3087.811666] ret_from_fork+0x22/0x30
[ 3087.812079]
[ 3087.812534] Allocated by task 119549:
[ 3087.812924] kasan_save_stack+0x1e/0x40
[ 3087.813310] __kasan_kmalloc+0x81/0xa0
[ 3087.813711] kmalloc_double_kzfree+0x9a/0x270 [test_kasan]
[ 3087.814233] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3087.814745] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3087.815342] kthread+0x2a7/0x350
[ 3087.815691] ret_from_fork+0x22/0x30
[ 3087.816253] Freed by task 119549:
[ 3087.816603] kasan_save_stack+0x1e/0x40
[ 3087.817002] kasan_set_track+0x21/0x30
[ 3087.817353] kasan_set_free_info+0x20/0x40
[ 3087.817743] __kasan_slab_free+0x108/0x170
[ 3087.818124] slab_free_freelist_hook+0x11d/0x1d0
[ 3087.818583] kfree+0xe2/0x3c0
[ 3087.818880] kmalloc_double_kzfree+0x137/0x270 [test_kasan]
[ 3087.819410] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3087.819910] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3087.820494] kthread+0x2a7/0x350
[ 3087.820827] ret_from_fork+0x22/0x30
[ 3087.821324] The buggy address belongs to the object at ffff888007867720
which belongs to the cache kmalloc-16 of size 16
[ 3087.822600] The buggy address is located 0 bytes inside of
16-byte region [ffff888007867720, ffff888007867730)
[ 3087.823868] The buggy address belongs to the physical page:
[ 3087.824391] page:00000000ef9d5931 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7867
[ 3087.825327] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 3087.825967] raw: 000fffffc0000200 dead000000000100 dead000000000122 ffff8881000413c0
[ 3087.826724] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000
[ 3087.827454] page dumped because: kasan: bad access detected
[ 3087.828195] Memory state around the buggy address:
[ 3087.828663] ffff888007867600: 00 00 fc fc fa fb fc fc 00 00 fc fc 00 00 fc fc
[ 3087.829336] ffff888007867680: 00 00 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 3087.830040] >ffff888007867700: fa fb fc fc fa fb fc fc 00 00 fc fc 00 00 fc fc
[ 3087.830722] ^
[ 3087.831158] ffff888007867780: 00 00 fc fc 00 00 fc fc 00 00 fc fc fb fb fc fc
[ 3087.831897] ffff888007867800: 00 00 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 3087.832575] ==================================================================
[ 3087.833787] ==================================================================
[ 3087.834521] BUG: KASAN: double-free or invalid-free in kfree+0xe2/0x3c0
[ 3087.835448] CPU: 0 PID: 119549 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-256.1991_766543265.el9.x86_64+debug #1
[ 3087.836789] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 3087.837358] Call Trace:
[ 3087.837609]
[ 3087.837840] dump_stack_lvl+0x57/0x81
[ 3087.838206] print_address_description.constprop.0+0x1f/0x1e0
[ 3087.838771] print_report.cold+0x5c/0x237
[ 3087.839171] ? kfree+0xe2/0x3c0
[ 3087.839511] ? kfree+0xe2/0x3c0
[ 3087.839834] kasan_report_invalid_free+0x99/0xc0
[ 3087.840302] ? kfree+0xe2/0x3c0
[ 3087.840631] ? kfree+0xe2/0x3c0
[ 3087.840955] __kasan_slab_free+0x152/0x170
[ 3087.841339] slab_free_freelist_hook+0x11d/0x1d0
[ 3087.841823] ? kmalloc_double_kzfree+0x1ad/0x270 [test_kasan]
[ 3087.842393] kfree+0xe2/0x3c0
[ 3087.842721] ? __kasan_check_byte+0x36/0x50
[ 3087.843142] kmalloc_double_kzfree+0x1ad/0x270 [test_kasan]
[ 3087.843696] ? vmalloc_oob+0x5e0/0x5e0 [test_kasan]
[ 3087.844177] ? do_raw_spin_trylock+0xb5/0x180
[ 3087.844633] ? do_raw_spin_lock+0x270/0x270
[ 3087.845060] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 3087.845645] ? kunit_add_resource+0x197/0x280 [kunit]
[ 3087.846118] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3087.846597] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 3087.847106] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3087.847719] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 3087.848214] kthread+0x2a7/0x350
[ 3087.848546] ? kthread_complete_and_exit+0x20/0x20
[ 3087.849014] ret_from_fork+0x22/0x30
[ 3087.849356]
[ 3087.849734] Allocated by task 119549:
[ 3087.850078] kasan_save_stack+0x1e/0x40
[ 3087.850438] __kasan_kmalloc+0x81/0xa0
[ 3087.850876] kmalloc_double_kzfree+0x9a/0x270 [test_kasan]
[ 3087.851380] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3087.851885] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3087.852445] kthread+0x2a7/0x350
[ 3087.852783] ret_from_fork+0x22/0x30
[ 3087.853299] Freed by task 119549:
[ 3087.853619] kasan_save_stack+0x1e/0x40
[ 3087.853979] kasan_set_track+0x21/0x30
[ 3087.854331] kasan_set_free_info+0x20/0x40
[ 3087.854773] __kasan_slab_free+0x108/0x170
[ 3087.855190] slab_free_freelist_hook+0x11d/0x1d0
[ 3087.855646] kfree+0xe2/0x3c0
[ 3087.855954] kmalloc_double_kzfree+0x137/0x270 [test_kasan]
[ 3087.856485] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3087.856964] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3087.857545] kthread+0x2a7/0x350
[ 3087.857864] ret_from_fork+0x22/0x30
[ 3087.858396] The buggy address belongs to the object at ffff888007867720
which belongs to the cache kmalloc-16 of size 16
[ 3087.859615] The buggy address is located 0 bytes inside of
16-byte region [ffff888007867720, ffff888007867730)
[ 3087.860892] The buggy address belongs to the physical page:
[ 3087.861398] page:00000000ef9d5931 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7867
[ 3087.862229] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 3087.862900] raw: 000fffffc0000200 dead000000000100 dead000000000122 ffff8881000413c0
[ 3087.863625] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000
[ 3087.864345] page dumped because: kasan: bad access detected
[ 3087.865181] Memory state around the buggy address:
[ 3087.865649] ffff888007867600: 00 00 fc fc fa fb fc fc 00 00 fc fc 00 00 fc fc
[ 3087.866324] ffff888007867680: 00 00 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 3087.867020] >ffff888007867700: fa fb fc fc fa fb fc fc 00 00 fc fc 00 00 fc fc
[ 3087.867700] ^
[ 3087.868120] ffff888007867780: 00 00 fc fc 00 00 fc fc 00 00 fc fc fb fb fc fc
[ 3087.868820] ffff888007867800: 00 00 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 3087.869536] ==================================================================
[ 3087.870368] ok 47 - kmalloc_double_kzfree
[ 3087.873349] ok 48 - vmalloc_helpers_tags # SKIP Test requires CONFIG_KASAN_GENERIC=n
[ 3087.875401] ==================================================================
[ 3087.876948] BUG: KASAN: out-of-bounds in vmalloc_oob+0x596/0x5e0 [test_kasan]
[ 3087.877676] Read of size 1 at addr ffffc9000007d7f3 by task kunit_try_catch/119551
[ 3087.878586] CPU: 0 PID: 119551 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-256.1991_766543265.el9.x86_64+debug #1
[ 3087.879914] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 3087.880485] Call Trace:
[ 3087.880732]
[ 3087.880960] ? vmalloc_oob+0x596/0x5e0 [test_kasan]
[ 3087.881446] dump_stack_lvl+0x57/0x81
[ 3087.881812] print_address_description.constprop.0+0x1f/0x1e0
[ 3087.882363] ? vmalloc_oob+0x596/0x5e0 [test_kasan]
[ 3087.882893] print_report.cold+0x5c/0x237
[ 3087.883299] kasan_report+0xc9/0x100
[ 3087.883698] ? vmalloc_oob+0x596/0x5e0 [test_kasan]
[ 3087.884173] vmalloc_oob+0x596/0x5e0 [test_kasan]
[ 3087.884683] ? kasan_global_oob_right+0x1f0/0x1f0 [test_kasan]
[ 3087.885288] ? do_raw_spin_trylock+0xb5/0x180
[ 3087.885718] ? do_raw_spin_lock+0x270/0x270
[ 3087.886126] ? kunit_fail_assert_format+0x100/0x100 [kunit]
[ 3087.886669] ? kunit_add_resource+0x197/0x280 [kunit]
[ 3087.887203] kunit_try_run_case+0x10b/0x1a0 [kunit]
[ 3087.887707] ? kunit_catch_run_case+0xe0/0xe0 [kunit]
[ 3087.888221] kunit_generic_run_threadfn_adapter+0x4d/0x90 [kunit]
[ 3087.888828] ? kunit_try_catch_throw+0x80/0x80 [kunit]
[ 3087.889303] kthread+0x2a7/0x350
[ 3087.889639] ? kthread_complete_and_exit+0x20/0x20
[ 3087.890143] ret_from_fork+0x22/0x30
[ 3087.890516]
[ 3087.890955] The buggy address belongs to the virtual mapping at
[ffffc9000007d000, ffffc9000007f000) created by:
vmalloc_oob+0x78/0x5e0 [test_kasan]
[ 3087.892745] The buggy address belongs to the physical page:
[ 3087.893269] page:000000000e41e991 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4ae3
[ 3087.894101] flags: 0xfffffc0000000(node=0|zone=1|lastcpupid=0x1fffff)
[ 3087.894877] raw: 000fffffc0000000 0000000000000000 dead000000000122 0000000000000000
[ 3087.895647] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[ 3087.896409] page dumped because: kasan: bad access detected
[ 3087.897135] Memory state around the buggy address:
[ 3087.897584] ffffc9000007d680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 3087.898264] ffffc9000007d700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 3087.899831] >ffffc9000007d780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 00
[ 3087.901329] ^
[ 3087.902726] ffffc9000007d800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 3087.904173] ffffc9000007d880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 3087.905623] ==================================================================
[ 3087.952701] # vmalloc_oob: EXPECTATION FAILED at lib/test_kasan.c:1131
KASAN failure expected in "((volatile char *)v_ptr)[size + 5]", but none occurred
[ 3087.952973] not ok 49 - vmalloc_oob
[ 3087.957338] ok 50 - vmap_tags # SKIP Test requires CONFIG_KASAN_SW_TAGS=y
[ 3087.959371] ok 51 - vm_map_ram_tags # SKIP Test requires CONFIG_KASAN_SW_TAGS=y
[ 3087.962338] ok 52 - vmalloc_percpu # SKIP Test requires CONFIG_KASAN_SW_TAGS=y
[ 3087.965312] ok 53 - match_all_not_assigned # SKIP Test requires CONFIG_KASAN_GENERIC=n
[ 3087.968357] ok 54 - match_all_ptr_tag # SKIP Test requires CONFIG_KASAN_GENERIC=n
[ 3087.970116] ok 55 - match_all_mem_tag # SKIP Test requires CONFIG_KASAN_GENERIC=n
[ 3087.971338] not ok 20 - kasan
[ 3088.297588] # Subtest: linear-ranges-test
[ 3088.297598] 1..4
[ 3088.301462] ok 1 - range_test_get_value_amount
[ 3088.304632] ok 2 - range_test_get_selector_high
[ 3088.307124] ok 3 - range_test_get_selector_low
[ 3088.311483] ok 4 - range_test_get_value
[ 3088.311916] ok 21 - linear-ranges-test
[ 3088.406815] # Subtest: list_sort
[ 3088.406821] 1..1
[ 3088.417954] ok 1 - list_sort_test
[ 3088.418180] ok 22 - list_sort
[ 3088.676361] # Subtest: time_test_cases
[ 3088.676380] 1..1
[ 3092.212552] ok 1 - time64_to_tm_test_date_range
[ 3092.212852] ok 23 - time_test_cases
[ 3094.067001] systemd-journald[564]: Data hash table of /run/log/journal/6804564210044d64994b1c88cc651f62/system.journal has a fill level at 75.0 (7003 of 9336 items, 5378048 file size, 767 bytes per hash table item), suggesting rotation.
[ 3094.077420] systemd-journald[564]: /run/log/journal/6804564210044d64994b1c88cc651f62/system.journal: Journal header limits reached or header out-of-date, rotating.