From: Naresh Kamboju <naresh.kamboju@linaro.org>
To: Feng Tang <feng.tang@intel.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
linux-kernel@vger.kernel.org, stable@vger.kernel.org,
torvalds@linux-foundation.org, akpm@linux-foundation.org,
linux@roeck-us.net, shuah@kernel.org, patches@kernelci.org,
lkft-triage@lists.linaro.org, pavel@denx.de,
jonathanh@nvidia.com, f.fainelli@gmail.com,
sudipm.mukherjee@gmail.com, srw@sladewatkins.net,
Hyeonggon Yoo <42.hyeyoo@gmail.com>,
Waiman Long <longman@redhat.com>,
Vlastimil Babka <vbabka@suse.cz>
Subject: Re: [PATCH 5.19 000/101] 5.19.13-rc1 review
Date: Thu, 6 Oct 2022 13:15:38 +0530 [thread overview]
Message-ID: <CA+G9fYuzs=tVXBzDuYMp6YpCg5_OOgVjjPC+=CdVsVb45bM-3g@mail.gmail.com> (raw)
In-Reply-To: <Yz1QnjrOoKtOmCOu@feng-clx>
[-- Attachment #1: Type: text/plain, Size: 5930 bytes --]
On Wed, 5 Oct 2022 at 15:09, Feng Tang <feng.tang@intel.com> wrote:
>
> On Tue, Oct 04, 2022 at 12:18:05PM +0530, Naresh Kamboju wrote:
> > On Mon, 3 Oct 2022 at 12:43, Greg Kroah-Hartman
> > <gregkh@linuxfoundation.org> wrote:
> > >
> > > This is the start of the stable review cycle for the 5.19.13 release.
> > > There are 101 patches in this series, all will be posted as a response
> > > to this one. If anyone has any issues with these being applied, please
> > > let me know.
> > >
> > > Responses should be made by Wed, 05 Oct 2022 07:07:06 +0000.
> > > Anything received after that time might be too late.
> > >
> > > The whole patch series can be found in one patch at:
> > > https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.19.13-rc1.gz
> > > or in the git tree and branch at:
> > > git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.19.y
> > > and the diffstat can be found below.
> > >
> > > thanks,
> > >
> > > greg k-h
> >
> > Results from Linaro's test farm.
> > No regressions on arm64, arm, x86_64, and i386.
> >
> > Tested-by: Linux Kernel Functional Testing <lkft@linaro.org>
> >
> > NOTE:
> > 1) Build warning
> > 2) Boot warning on qemu-arm64 with KASAN and Kunit test
> > Suspecting one of the recently commits causing this warning and
> > need to bisect to confirm the commit id.
> > mm/slab_common: fix possible double free of kmem_cache
> > [ Upstream commit d71608a877362becdc94191f190902fac1e64d35 ]
>
> Hi Naresh Kamboju,
>
> Thanks for the report!
>
> Could you try reverting the commit and re-test it to confirm?
Anders re-run the tests multiple times with and without the patch reverted and
was not successful in reproducing the reported problem.
Which confirms that, it is not easy to reproduce.
> Also could you provide the kernel dmesg of the failure and the
> kernel config of the test?
dmesg log attached to this email.
Here is the build link,
https://builds.tuxbuild.com/2FcCwzbNgR7TlQXzJ0nu32y1CpB/
>
> I locally pulled the linux-stable source and used QEMU to test
> it with kasan/kfence enabled, but could not reproduce it (I
> only have x86 HW at hand).
>
> > 2) Following kernel boot warning noticed on qemu-arm64 with KASAN and
> > KUNIT enabled [1]
> >
> > [ 177.651182] ------------[ cut here ]------------
> > [ 177.652217] kmem_cache_destroy test: Slab cache still has
> > objects when called from test_exit+0x28/0x40
> > [ 177.654849] WARNING: CPU: 0 PID: 1 at mm/slab_common.c:520
> > kmem_cache_destroy+0x1e8/0x20c
> > [ 177.666237] Modules linked in:
> > [ 177.667325] CPU: 0 PID: 1 Comm: swapper/0 Tainted: G B
> > 5.19.13-rc1 #1
> > [ 177.668666] Hardware name: linux,dummy-virt (DT)
> > [ 177.669783] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT
> > -SSBS BTYPE=--)
> > [ 177.671120] pc : kmem_cache_destroy+0x1e8/0x20c
> > [ 177.672217] lr : kmem_cache_destroy+0x1e8/0x20c
> > [ 177.691598] Call trace:
> > [ 177.692165] kmem_cache_destroy+0x1e8/0x20c
> > [ 177.693196] test_exit+0x28/0x40
> > [ 177.694158] kunit_catch_run_case+0x5c/0x120
> > [ 177.695177] kunit_try_catch_run+0x144/0x26c
> > [ 177.696211] kunit_run_case_catch_errors+0x158/0x1e0
> > [ 177.697353] kunit_run_tests+0x374/0x750
> > [ 177.698333] __kunit_test_suites_init+0x74/0xa0
> > [ 177.699386] kunit_run_all_tests+0x160/0x380
> > [ 177.700428] kernel_init_freeable+0x32c/0x388
> > [ 177.701497] kernel_init+0x2c/0x150
> > [ 177.702347] ret_from_fork+0x10/0x20
> > [ 177.703308] ---[ end trace 0000000000000000 ]---
> >
> > [1] https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2FcCyacq1SusUcnAfamULqzkdUA
>
> I also tried the reproduce cmmand from the above link:
>
> tuxrun --runtime podman --device qemu-arm64 --kernel https://builds.tuxbuild.com/2FcCwzbNgR7TlQXzJ0nu32y1CpB/Image.gz --modules https://builds.tuxbuild.com/2FcCwzbNgR7TlQXzJ0nu32y1CpB/modules.tar.xz --rootfs https://storage.lkft.org/rootfs/oe-kirkstone/20220824-114729/juno/lkft-tux-image-juno-20220824120304.rootfs.ext4.gz --parameters SKIPFILE=skipfile-lkft.yaml --image docker.io/lavasoftware/lava-dispatcher:2022.06 --tests kunit --timeouts boot=30
>
> Which also didn't reproduce it, but had some RCU stall problems
> (could also be related to the x86 HWs)
>
> [ 321.006279] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
> [ 321.007281] ffff0000074c2300: 00 07 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [ 321.009283] rcu: 0-...0: (1 GPs behind) idle=40f/1/0x4000000000000000 softirq=436/437 fqs=5
>
> [ 321.024995] rcu: rcu_preempt kthread timer wakeup didn't happen for 4464 jiffies! g-207 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402
> [ 321.026343] rcu: Possible timer handling issue on cpu=1 timer-softirq=1426
> [ 321.027340] rcu: rcu_preempt kthread starved for 4465 jiffies! g-207 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=1
> [ 321.028517] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
> [ 321.029488] rcu: RCU grace-period kthread stack dump:
> [ 321.030251] task:rcu_preempt state:I stack: 0 pid: 16 ppid: 2 flags:0x00000008
> [ 321.031434] Call trace:
> [ 321.031878] __switch_to+0x140/0x1e0
> [ 321.032565] __schedule+0x4f4/0xc74
> [ 321.033228] schedule+0x88/0x13c
> [ 321.033915] schedule_timeout+0x104/0x2b0
> [ 321.034646] rcu_gp_fqs_loop+0x1a0/0x784
> [ 321.035119] rcu_gp_kthread+0x278/0x3a0
> [ 321.035608] kthread+0x160/0x170
> [ 339.882465] ret_from_fork+0x10/0x20
> [ 339.883898] rcu: Stack dump where RCU GP kthread last ran:
>
> The full .xz log is attched.
Thanks for looking into this.
>
> Thanks,
> Feng
- Naresh
[-- Attachment #2: qemu-arm64-kasan-kfence-kunit-warning-5.19.13-rc1.txt --]
[-- Type: text/plain, Size: 225808 bytes --]
<6>[ 0.000000] Booting Linux on physical CPU 0x0000000000 [0x000f0510]
<5>[ 0.000000] Linux version 5.19.13-rc1 (tuxmake@tuxmake) (aarch64-linux-gnu-gcc (Debian 11.3.0-3) 11.3.0, GNU ld (GNU Binutils for Debian) 2.38.90.20220713) #1 SMP PREEMPT @1664782420
<6>[ 0.000000] Machine model: linux,dummy-virt
<6>[ 0.000000] efi: UEFI not found.
<6>[ 0.000000] NUMA: No NUMA configuration found
<6>[ 0.000000] NUMA: Faking a node at [mem 0x0000000040000000-0x000000007fffffff]
<6>[ 0.000000] NUMA: NODE_DATA [mem 0x7fdffb40-0x7fe01fff]
<6>[ 0.000000] Zone ranges:
<6>[ 0.000000] DMA [mem 0x0000000040000000-0x000000007fffffff]
<6>[ 0.000000] DMA32 empty
<6>[ 0.000000] Normal empty
<6>[ 0.000000] Movable zone start for each node
<6>[ 0.000000] Early memory node ranges
<6>[ 0.000000] node 0: [mem 0x0000000040000000-0x000000007fffffff]
<6>[ 0.000000] Initmem setup node 0 [mem 0x0000000040000000-0x000000007fffffff]
<6>[ 0.000000] cma: Reserved 32 MiB at 0x000000007cc00000
<6>[ 0.000000] kasan: KernelAddressSanitizer initialized (generic)
<6>[ 0.000000] psci: probing for conduit method from DT.
<6>[ 0.000000] psci: PSCIv1.1 detected in firmware.
<6>[ 0.000000] psci: Using standard PSCI v0.2 function IDs
<6>[ 0.000000] psci: Trusted OS migration not required
<6>[ 0.000000] psci: SMC Calling Convention v1.0
<6>[ 0.000000] percpu: Embedded 30 pages/cpu s83240 r8192 d31448 u122880
<7>[ 0.000000] pcpu-alloc: s83240 r8192 d31448 u122880 alloc=30*4096
<7>[ 0.000000] pcpu-alloc: [0] 0 [0] 1
<6>[ 0.000000] Detected PIPT I-cache on CPU0
<6>[ 0.000000] CPU features: detected: Address authentication (IMP DEF algorithm)
<6>[ 0.000000] CPU features: detected: GIC system register CPU interface
<6>[ 0.000000] CPU features: detected: Spectre-v2
<6>[ 0.000000] CPU features: detected: Spectre-v4
<6>[ 0.000000] CPU features: kernel page table isolation forced ON by KASLR
<6>[ 0.000000] CPU features: detected: Kernel page table isolation (KPTI)
<6>[ 0.000000] alternatives: patching kernel code
<6>[ 0.000000] Fallback order for Node 0: 0
<6>[ 0.000000] Built 1 zonelists, mobility grouping on. Total pages: 258048
<6>[ 0.000000] Policy zone: DMA
<5>[ 0.000000] Kernel command line: console=ttyAMA0,115200 rootwait root=/dev/vda debug verbose console_msg_format=syslog
<5>[ 0.000000] Unknown kernel command line parameters \"verbose\", will be passed to user space.
<6>[ 0.000000] Dentry cache hash table entries: 131072 (order: 8, 1048576 bytes, linear)
<6>[ 0.000000] Inode-cache hash table entries: 65536 (order: 7, 524288 bytes, linear)
<6>[ 0.000000] mem auto-init: stack:off, heap alloc:off, heap free:off
<6>[ 0.000000] Stack Depot early init allocating hash table with memblock_alloc, 8388608 bytes
<6>[ 0.000000] Memory: 737900K/1048576K available (29120K kernel code, 20624K rwdata, 21040K rodata, 30080K init, 1205K bss, 277908K reserved, 32768K cma-reserved)
<6>[ 0.000000] SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=2, Nodes=1
<6>[ 0.000000] ftrace: allocating 72326 entries in 283 pages
<6>[ 0.000000] ftrace: allocated 283 pages with 5 groups
<6>[ 0.000000] trace event string verifier disabled
<6>[ 0.000000] rcu: Preemptible hierarchical RCU implementation.
<6>[ 0.000000] rcu: RCU event tracing is enabled.
<6>[ 0.000000] rcu: RCU restricting CPUs from NR_CPUS=256 to nr_cpu_ids=2.
<6>[ 0.000000] Trampoline variant of Tasks RCU enabled.
<6>[ 0.000000] Rude variant of Tasks RCU enabled.
<6>[ 0.000000] Tracing variant of Tasks RCU enabled.
<6>[ 0.000000] rcu: RCU calculated value of scheduler-enlistment delay is 25 jiffies.
<6>[ 0.000000] rcu: Adjusting geometry for rcu_fanout_leaf=16, nr_cpu_ids=2
<6>[ 0.000000] NR_IRQS: 64, nr_irqs: 64, preallocated irqs: 0
<6>[ 0.000000] GICv3: 224 SPIs implemented
<6>[ 0.000000] GICv3: 0 Extended SPIs implemented
<6>[ 0.000000] Root IRQ handler: gic_handle_irq
<6>[ 0.000000] GICv3: GICv3 features: 16 PPIs
<6>[ 0.000000] GICv3: CPU0: found redistributor 0 region 0:0x00000000080a0000
<6>[ 0.000000] ITS [mem 0x08080000-0x0809ffff]
<6>[ 0.000000] ITS@0x0000000008080000: allocated 8192 Devices @47030000 (indirect, esz 8, psz 64K, shr 1)
<6>[ 0.000000] ITS@0x0000000008080000: allocated 8192 Interrupt Collections @47040000 (flat, esz 8, psz 64K, shr 1)
<6>[ 0.000000] GICv3: using LPI property table @0x0000000047050000
<6>[ 0.000000] GICv3: CPU0: using allocated LPI pending table @0x0000000047060000
<6>[ 0.000000] rcu: srcu_init: Setting srcu_struct sizes based on contention.
<6>[ 0.000000] kfence: initialized - using 2097152 bytes for 255 objects at 0x(____ptrval____)-0x(____ptrval____)
<6>[ 0.000000] arch_timer: cp15 timer(s) running at 62.50MHz (virt).
<6>[ 0.000000] clocksource: arch_sys_counter: mask: 0x1ffffffffffffff max_cycles: 0x1cd42e208c, max_idle_ns: 881590405314 ns
<6>[ 0.000102] sched_clock: 57 bits at 63MHz, resolution 16ns, wraps every 4398046511096ns
<5>[ 0.003703] random: crng init done
<6>[ 0.031225] Console: colour dummy device 80x25
<6>[ 0.041157] Calibrating delay loop (skipped), value calculated using timer frequency.. 125.00 BogoMIPS (lpj=250000)
<6>[ 0.043293] pid_max: default: 32768 minimum: 301
<6>[ 0.048068] LSM: Security Framework initializing
<6>[ 0.057274] Mount-cache hash table entries: 2048 (order: 2, 16384 bytes, linear)
<6>[ 0.057580] Mountpoint-cache hash table entries: 2048 (order: 2, 16384 bytes, linear)
<4>[ 0.135156] /cpus/cpu-map: empty cluster
<6>[ 0.176807] cblist_init_generic: Setting adjustable number of callback queues.
<6>[ 0.177189] cblist_init_generic: Setting shift to 1 and lim to 1.
<6>[ 0.186446] cblist_init_generic: Setting shift to 1 and lim to 1.
<6>[ 0.189984] cblist_init_generic: Setting shift to 1 and lim to 1.
<6>[ 0.198789] rcu: Hierarchical SRCU implementation.
<6>[ 0.198966] rcu: Max phase no-delay instances is 1000.
<6>[ 0.271478] Platform MSI: its@8080000 domain created
<6>[ 0.274373] PCI/MSI: /intc@8000000/its@8080000 domain created
<6>[ 0.276996] fsl-mc MSI: its@8080000 domain created
<6>[ 0.304913] EFI services will not be available.
<6>[ 0.313679] smp: Bringing up secondary CPUs ...
<6>[ 0.344043] Detected PIPT I-cache on CPU1
<6>[ 0.353757] GICv3: CPU1: found redistributor 1 region 0:0x00000000080c0000
<6>[ 0.355350] GICv3: CPU1: using allocated LPI pending table @0x0000000047070000
<6>[ 0.359511] CPU1: Booted secondary processor 0x0000000001 [0x000f0510]
<6>[ 0.369784] smp: Brought up 1 node, 2 CPUs
<6>[ 0.369996] SMP: Total of 2 processors activated.
<6>[ 0.370342] CPU features: detected: Branch Target Identification
<6>[ 0.370554] CPU features: detected: 32-bit EL0 Support
<6>[ 0.370683] CPU features: detected: 32-bit EL1 Support
<6>[ 0.372007] CPU features: detected: Common not Private translations
<6>[ 0.372157] CPU features: detected: CRC32 instructions
<6>[ 0.372371] CPU features: detected: Generic authentication (IMP DEF algorithm)
<6>[ 0.372504] CPU features: detected: RCpc load-acquire (LDAPR)
<6>[ 0.372628] CPU features: detected: LSE atomic instructions
<6>[ 0.372750] CPU features: detected: Privileged Access Never
<6>[ 0.372874] CPU features: detected: Random Number Generator
<6>[ 0.372994] CPU features: detected: Speculation barrier (SB)
<6>[ 0.373118] CPU features: detected: TLB range maintenance instructions
<6>[ 0.373331] CPU features: detected: Speculative Store Bypassing Safe (SSBS)
<6>[ 0.373471] CPU features: detected: Scalable Vector Extension
<6>[ 0.835200] SVE: maximum available vector length 256 bytes per vector
<6>[ 0.839284] SVE: default vector length 64 bytes per vector
<6>[ 0.869069] CPU: All CPU(s) started at EL1
<6>[ 1.009245] devtmpfs: initialized
<6>[ 1.300084] KASLR enabled
<6>[ 1.308848] clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 7645041785100000 ns
<6>[ 1.310182] futex hash table entries: 512 (order: 3, 32768 bytes, linear)
<6>[ 1.351214] pinctrl core: initialized pinctrl subsystem
<6>[ 1.431592] DMI not present or invalid.
<6>[ 1.465202] NET: Registered PF_NETLINK/PF_ROUTE protocol family
<6>[ 1.536141] DMA: preallocated 128 KiB GFP_KERNEL pool for atomic allocations
<6>[ 1.542351] DMA: preallocated 128 KiB GFP_KERNEL|GFP_DMA pool for atomic allocations
<6>[ 1.548990] DMA: preallocated 128 KiB GFP_KERNEL|GFP_DMA32 pool for atomic allocations
<6>[ 1.552716] audit: initializing netlink subsys (disabled)
<5>[ 1.563170] audit: type=2000 audit(1.368:1): state=initialized audit_enabled=0 res=1
<6>[ 1.621231] thermal_sys: Registered thermal governor 'step_wise'
<6>[ 1.621523] thermal_sys: Registered thermal governor 'power_allocator'
<6>[ 1.625600] cpuidle: using governor menu
<6>[ 1.635726] hw-breakpoint: found 6 breakpoint and 4 watchpoint registers.
<6>[ 1.638323] ASID allocator initialised with 32768 entries
<6>[ 1.638713] HugeTLB: can optimize 4095 vmemmap pages for hugepages-1048576kB
<6>[ 1.639011] HugeTLB: can optimize 127 vmemmap pages for hugepages-32768kB
<6>[ 1.639314] HugeTLB: can optimize 7 vmemmap pages for hugepages-2048kB
<6>[ 1.639543] HugeTLB: can optimize 0 vmemmap pages for hugepages-64kB
<6>[ 1.726098] Serial: AMBA PL011 UART driver
<6>[ 2.483024] 9000000.pl011: ttyAMA0 at MMIO 0x9000000 (irq = 13, base_baud = 0) is a PL011 rev1
<6>[ 2.649542] printk: console [ttyAMA0] enabled
<6>[ 4.173689] HugeTLB registered 1.00 GiB page size, pre-allocated 0 pages
<6>[ 4.175670] HugeTLB registered 32.0 MiB page size, pre-allocated 0 pages
<6>[ 4.176873] HugeTLB registered 2.00 MiB page size, pre-allocated 0 pages
<6>[ 4.178083] HugeTLB registered 64.0 KiB page size, pre-allocated 0 pages
<6>[ 4.312525] cryptd: max_cpu_qlen set to 1000
<6>[ 4.528442] ACPI: Interpreter disabled.
<6>[ 4.902469] iommu: Default domain type: Translated
<6>[ 4.906734] iommu: DMA domain TLB invalidation policy: strict mode
<5>[ 4.971450] SCSI subsystem initialized
<7>[ 5.004354] libata version 3.00 loaded.
<6>[ 5.064847] usbcore: registered new interface driver usbfs
<6>[ 5.087776] usbcore: registered new interface driver hub
<6>[ 5.091950] usbcore: registered new device driver usb
<6>[ 5.308625] mc: Linux media interface: v0.10
<6>[ 5.316870] videodev: Linux video capture interface: v2.00
<6>[ 5.331737] pps_core: LinuxPPS API ver. 1 registered
<6>[ 5.332879] pps_core: Software ver. 5.3.6 - Copyright 2005-2007 Rodolfo Giometti <giometti@linux.it>
<6>[ 5.340604] PTP clock support registered
<6>[ 5.374829] EDAC MC: Ver: 3.0.0
<6>[ 5.533580] FPGA manager framework
<6>[ 5.545477] Advanced Linux Sound Architecture Driver Initialized.
<6>[ 5.690482] vgaarb: loaded
<6>[ 5.771041] clocksource: Switched to clocksource arch_sys_counter
<5>[ 5.916665] VFS: Disk quotas dquot_6.6.0
<6>[ 5.931591] VFS: Dquot-cache hash table entries: 512 (order 0, 4096 bytes)
<6>[ 5.984423] pnp: PnP ACPI: disabled
<6>[ 6.827452] NET: Registered PF_INET protocol family
<6>[ 6.838632] IP idents hash table entries: 16384 (order: 5, 131072 bytes, linear)
<6>[ 6.905246] tcp_listen_portaddr_hash hash table entries: 512 (order: 1, 8192 bytes, linear)
<6>[ 6.914266] Table-perturb hash table entries: 65536 (order: 6, 262144 bytes, linear)
<6>[ 6.916324] TCP established hash table entries: 8192 (order: 4, 65536 bytes, linear)
<6>[ 6.931926] TCP bind hash table entries: 8192 (order: 5, 131072 bytes, linear)
<6>[ 6.939800] TCP: Hash tables configured (established 8192 bind 8192)
<6>[ 6.963587] MPTCP token hash table entries: 1024 (order: 2, 24576 bytes, linear)
<6>[ 6.976403] UDP hash table entries: 512 (order: 2, 16384 bytes, linear)
<6>[ 6.979700] UDP-Lite hash table entries: 512 (order: 2, 16384 bytes, linear)
<6>[ 7.018191] NET: Registered PF_UNIX/PF_LOCAL protocol family
<6>[ 7.126579] RPC: Registered named UNIX socket transport module.
<6>[ 7.127920] RPC: Registered udp transport module.
<6>[ 7.128858] RPC: Registered tcp transport module.
<6>[ 7.131347] RPC: Registered tcp NFSv4.1 backchannel transport module.
<6>[ 7.132864] PCI: CLS 0 bytes, default 64
<6>[ 7.368465] hw perfevents: enabled with armv8_pmuv3 PMU driver, 5 counters available
<6>[ 7.391204] kvm [1]: HYP mode not available
<5>[ 7.610824] Initialise system trusted keyrings
<6>[ 7.637809] workingset: timestamp_bits=42 max_order=18 bucket_order=0
<6>[ 8.772820] squashfs: version 4.0 (2009/01/31) Phillip Lougher
<5>[ 8.899228] NFS: Registering the id_resolver key type
<5>[ 8.902018] Key type id_resolver registered
<5>[ 8.902985] Key type id_legacy registered
<6>[ 8.917292] nfs4filelayout_init: NFSv4 File Layout Driver Registering...
<6>[ 8.923114] nfs4flexfilelayout_init: NFSv4 Flexfile Layout Driver Registering...
<6>[ 8.959780] 9p: Installing v9fs 9p2000 file system support
<6>[ 9.143658] NET: Registered PF_ALG protocol family
<5>[ 9.149888] Key type asymmetric registered
<5>[ 9.150986] Asymmetric key parser 'x509' registered
<6>[ 9.159794] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 244)
<6>[ 9.165346] io scheduler mq-deadline registered
<6>[ 9.168489] io scheduler kyber registered
<6>[ 11.150142] pl061_gpio 9030000.pl061: PL061 GPIO chip registered
<6>[ 11.542600] pci-host-generic 4010000000.pcie: host bridge /pcie@10000000 ranges:
<6>[ 11.548117] pci-host-generic 4010000000.pcie: IO 0x003eff0000..0x003effffff -> 0x0000000000
<6>[ 11.554155] pci-host-generic 4010000000.pcie: MEM 0x0010000000..0x003efeffff -> 0x0010000000
<6>[ 11.556519] pci-host-generic 4010000000.pcie: MEM 0x8000000000..0xffffffffff -> 0x8000000000
<4>[ 11.561003] pci-host-generic 4010000000.pcie: Memory resource size exceeds max for 32 bits
<6>[ 12.925046] pci-host-generic 4010000000.pcie: ECAM at [mem 0x4010000000-0x401fffffff] for [bus 00-ff]
<6>[ 12.968139] pci-host-generic 4010000000.pcie: PCI host bridge to bus 0000:00
<6>[ 12.974785] pci_bus 0000:00: root bus resource [bus 00-ff]
<6>[ 12.976230] pci_bus 0000:00: root bus resource [io 0x0000-0xffff]
<6>[ 12.982124] pci_bus 0000:00: root bus resource [mem 0x10000000-0x3efeffff]
<6>[ 12.983751] pci_bus 0000:00: root bus resource [mem 0x8000000000-0xffffffffff]
<6>[ 12.999860] pci 0000:00:00.0: [1b36:0008] type 00 class 0x060000
<6>[ 13.395054] EINJ: ACPI disabled.
<6>[ 17.324962] Serial: 8250/16550 driver, 4 ports, IRQ sharing enabled
<6>[ 17.854694] SuperH (H)SCI(F) driver initialized
<6>[ 17.944175] msm_serial: driver initialized
<4>[ 18.222144] cacheinfo: Unable to detect cache hierarchy for CPU 0
<6>[ 18.866139] loop: module loaded
<6>[ 18.872452] virtio_blk virtio0: 1/0/0 default/read/poll queues
<5>[ 18.902454] virtio_blk virtio0: [vda] 2797452 512-byte logical blocks (1.43 GB/1.33 GiB)
<6>[ 19.255536] megasas: 07.719.03.00-rc1
<5>[ 19.903938] physmap-flash 0.flash: physmap platform flash device: [mem 0x00000000-0x03ffffff]
<6>[ 19.915399] 0.flash: Found 2 x16 devices at 0x0 in 32-bit bank. Manufacturer ID 0x000000 Chip ID 0x000000
<6>[ 19.923403] Intel/Sharp Extended Query Table at 0x0031
<6>[ 19.928164] Using buffer write method
<7>[ 19.935382] erase region 0: offset=0x0,size=0x40000,blocks=256
<5>[ 20.509294] physmap-flash 0.flash: physmap platform flash device: [mem 0x04000000-0x07ffffff]
<6>[ 20.521810] 0.flash: Found 2 x16 devices at 0x0 in 32-bit bank. Manufacturer ID 0x000000 Chip ID 0x000000
<6>[ 20.527152] Intel/Sharp Extended Query Table at 0x0031
<6>[ 20.534854] Using buffer write method
<7>[ 20.536199] erase region 0: offset=0x0,size=0x40000,blocks=256
<5>[ 20.538813] Concatenating MTD devices:
<5>[ 20.545833] (0): \"0.flash\"
<5>[ 20.546609] (1): \"0.flash\"
<5>[ 20.547332] into device \"0.flash\"
<6>[ 22.299728] thunder_xcv, ver 1.0
<6>[ 22.304421] thunder_bgx, ver 1.0
<6>[ 22.310710] nicpf, ver 1.0
<6>[ 22.507805] hns3: Hisilicon Ethernet Network Driver for Hip08 Family - version
<6>[ 22.513331] hns3: Copyright (c) 2017 Huawei Corporation.
<6>[ 22.530321] hclge is initializing
<6>[ 22.532509] e1000: Intel(R) PRO/1000 Network Driver
<6>[ 22.541936] e1000: Copyright (c) 1999-2006 Intel Corporation.
<6>[ 22.555080] e1000e: Intel(R) PRO/1000 Network Driver
<6>[ 22.556051] e1000e: Copyright(c) 1999 - 2015 Intel Corporation.
<6>[ 22.571771] igb: Intel(R) Gigabit Ethernet Network Driver
<6>[ 22.572819] igb: Copyright (c) 2007-2014 Intel Corporation.
<6>[ 22.593977] igbvf: Intel(R) Gigabit Virtual Function Network Driver
<6>[ 22.595137] igbvf: Copyright (c) 2009 - 2012 Intel Corporation.
<6>[ 22.699193] sky2: driver version 1.30
<6>[ 22.708206] QLogic FastLinQ 4xxxx Core Module qed
<6>[ 22.713809] qede init: QLogic FastLinQ 4xxxx Ethernet Driver qede
<6>[ 22.994678] usbcore: registered new interface driver asix
<6>[ 23.002665] usbcore: registered new interface driver ax88179_178a
<6>[ 23.034268] VFIO - User Level meta-driver version: 0.3
<6>[ 23.318876] ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver
<6>[ 23.320952] ehci-pci: EHCI PCI platform driver
<6>[ 23.333958] ehci-platform: EHCI generic platform driver
<6>[ 23.359801] ehci-orion: EHCI orion driver
<6>[ 23.384940] ehci-exynos: EHCI Exynos driver
<6>[ 23.407439] ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver
<6>[ 23.413695] ohci-pci: OHCI PCI platform driver
<6>[ 23.422534] ohci-platform: OHCI generic platform driver
<6>[ 23.446857] ohci-exynos: OHCI Exynos driver
<6>[ 23.515235] usbcore: registered new interface driver usb-storage
<6>[ 23.931946] rtc-pl031 9010000.pl031: registered as rtc0
<6>[ 23.935470] rtc-pl031 9010000.pl031: setting system clock to 2022-10-03T07:46:36 UTC (1664783196)
<6>[ 24.014102] i2c_dev: i2c /dev entries driver
<6>[ 25.332992] sdhci: Secure Digital Host Controller Interface driver
<6>[ 25.334619] sdhci: Copyright(c) Pierre Ossman
<6>[ 25.415733] Synopsys Designware Multimedia Card Interface Driver
<6>[ 25.698682] sdhci-pltfm: SDHCI platform and OF driver helper
<6>[ 26.025791] ledtrig-cpu: registered to indicate activity on CPUs
<6>[ 26.407670] usbcore: registered new interface driver usbhid
<6>[ 26.408848] usbhid: USB HID core driver
<6>[ 26.840347] cs_system_cfg: CoreSight Configuration manager initialised
<6>[ 27.432170] NET: Registered PF_INET6 protocol family
<6>[ 27.591988] Segment Routing with IPv6
<6>[ 27.599834] In-situ OAM (IOAM) with IPv6
<6>[ 27.614833] NET: Registered PF_PACKET protocol family
<6>[ 27.647783] 9pnet: Installing 9P2000 support
<5>[ 27.656375] Key type dns_resolver registered
<6>[ 27.788024] registered taskstats version 1
<5>[ 27.791983] Loading compiled-in X.509 certificates
<4>[ 28.185597] hrtimer: interrupt took 51928464 ns
<6>[ 30.775087] input: gpio-keys as /devices/platform/gpio-keys/input/input0
<6>[ 52.644082] ALSA device list:
<6>[ 52.644927] No soundcards found.
<6>[ 52.648264] TAP version 14
<6>[ 52.649004] 1..47
<6>[ 52.652799] # Subtest: time_test_cases
<6>[ 52.654282] 1..1
<6>[ 145.100118] ok 1 - time64_to_tm_test_date_range
<6>[ 145.102023] ok 1 - time_test_cases
<6>[ 145.110675] # Subtest: resource
<6>[ 145.110995] 1..2
<6>[ 145.128770] ok 1 - resource_test_union
<6>[ 145.146090] ok 2 - resource_test_intersection
<6>[ 145.147172] # resource: pass:2 fail:0 skip:0 total:2
<6>[ 145.148297] # Totals: pass:2 fail:0 skip:0 total:2
<6>[ 145.152185] ok 2 - resource
<6>[ 145.160304] # Subtest: sysctl_test
<6>[ 145.160627] 1..10
<6>[ 145.182651] ok 1 - sysctl_test_api_dointvec_null_tbl_data
<6>[ 145.206041] ok 2 - sysctl_test_api_dointvec_table_maxlen_unset
<6>[ 145.230054] ok 3 - sysctl_test_api_dointvec_table_len_is_zero
<6>[ 145.252378] ok 4 - sysctl_test_api_dointvec_table_read_but_position_set
<6>[ 145.279309] ok 5 - sysctl_test_dointvec_read_happy_single_positive
<6>[ 145.298700] ok 6 - sysctl_test_dointvec_read_happy_single_negative
<6>[ 145.323330] ok 7 - sysctl_test_dointvec_write_happy_single_positive
<6>[ 145.361957] ok 8 - sysctl_test_dointvec_write_happy_single_negative
<6>[ 145.413931] ok 9 - sysctl_test_api_dointvec_write_single_less_int_min
<6>[ 145.457998] ok 10 - sysctl_test_api_dointvec_write_single_greater_int_max
<6>[ 145.459438] # sysctl_test: pass:10 fail:0 skip:0 total:10
<6>[ 145.460757] # Totals: pass:10 fail:0 skip:0 total:10
<6>[ 145.462534] ok 3 - sysctl_test
<6>[ 145.482053] # Subtest: kfence
<6>[ 145.482975] 1..25
<6>[ 145.505031] # test_out_of_bounds_read: test_alloc: size=128, gfp=cc0, policy=left, cache=0
<3>[ 145.521308] ==================================================================
<3>[ 145.524993] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x11c/0x260
<3>[ 145.524993]
<3>[ 145.528841] Out-of-bounds read at 0x00000000a541d560 (1B left of kfence-#43):
<4>[ 145.543094] test_out_of_bounds_read+0x11c/0x260
<4>[ 145.544333] kunit_try_run_case+0x8c/0x124
<4>[ 145.545356] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 145.546583] kthread+0x160/0x170
<4>[ 145.547448] ret_from_fork+0x10/0x20
<3>[ 145.548394]
<4>[ 145.549067] kfence-#43: 0x00000000b43a4815-0x000000000284ca2d, size=128, cache=kmalloc-128
<4>[ 145.549067]
<4>[ 145.551274] allocated by task 185 on cpu 0 at 145.517149s:
<4>[ 145.552954] test_alloc+0x1ec/0x3f4
<4>[ 145.553990] test_out_of_bounds_read+0x108/0x260
<4>[ 145.555004] kunit_try_run_case+0x8c/0x124
<4>[ 145.555986] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 145.557191] kthread+0x160/0x170
<4>[ 145.560730] ret_from_fork+0x10/0x20
<3>[ 145.561728]
<3>[ 145.562423] CPU: 0 PID: 185 Comm: kunit_try_catch Not tainted 5.19.13-rc1 #1
<3>[ 145.563852] Hardware name: linux,dummy-virt (DT)
<3>[ 145.564996] ==================================================================
<6>[ 145.570745] # test_out_of_bounds_read: test_alloc: size=128, gfp=cc0, policy=right, cache=0
<3>[ 145.621986] ==================================================================
<3>[ 145.623232] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x1ac/0x260
<3>[ 145.623232]
<3>[ 145.624790] Out-of-bounds read at 0x00000000615dec98 (128B right of kfence-#51):
<4>[ 145.626150] test_out_of_bounds_read+0x1ac/0x260
<4>[ 145.627190] kunit_try_run_case+0x8c/0x124
<4>[ 145.628185] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 145.629409] kthread+0x160/0x170
<4>[ 145.630277] ret_from_fork+0x10/0x20
<3>[ 145.631176]
<4>[ 145.631624] kfence-#51: 0x0000000087fb6646-0x00000000d0fc8005, size=128, cache=kmalloc-128
<4>[ 145.631624]
<4>[ 145.633149] allocated by task 185 on cpu 0 at 145.620042s:
<4>[ 145.634372] test_alloc+0x1ec/0x3f4
<4>[ 145.635345] test_out_of_bounds_read+0x198/0x260
<4>[ 145.636339] kunit_try_run_case+0x8c/0x124
<4>[ 145.637328] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 145.638549] kthread+0x160/0x170
<4>[ 145.639397] ret_from_fork+0x10/0x20
<3>[ 145.640285]
<3>[ 145.640900] CPU: 0 PID: 185 Comm: kunit_try_catch Tainted: G B 5.19.13-rc1 #1
<3>[ 145.642354] Hardware name: linux,dummy-virt (DT)
<3>[ 145.643206] ==================================================================
<6>[ 145.658938] ok 1 - test_out_of_bounds_read
<6>[ 145.669074] # test_out_of_bounds_read-memcache: setup_test_cache: size=32, ctor=0x0
<6>[ 145.695212] # test_out_of_bounds_read-memcache: test_alloc: size=32, gfp=cc0, policy=left, cache=1
<3>[ 145.857077] ==================================================================
<3>[ 145.858808] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x11c/0x260
<3>[ 145.858808]
<3>[ 145.860356] Out-of-bounds read at 0x00000000554bc340 (1B left of kfence-#96):
<4>[ 145.861618] test_out_of_bounds_read+0x11c/0x260
<4>[ 145.862640] kunit_try_run_case+0x8c/0x124
<4>[ 145.863633] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 145.864844] kthread+0x160/0x170
<4>[ 145.865710] ret_from_fork+0x10/0x20
<3>[ 145.866618]
<4>[ 145.867067] kfence-#96: 0x00000000cfb2c818-0x00000000c749c5ae, size=32, cache=test
<4>[ 145.867067]
<4>[ 145.868504] allocated by task 186 on cpu 0 at 145.855590s:
<4>[ 145.869803] test_alloc+0x1dc/0x3f4
<4>[ 145.870797] test_out_of_bounds_read+0x108/0x260
<4>[ 145.871794] kunit_try_run_case+0x8c/0x124
<4>[ 145.872771] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 145.873988] kthread+0x160/0x170
<4>[ 145.874841] ret_from_fork+0x10/0x20
<3>[ 145.875731]
<3>[ 145.876205] CPU: 0 PID: 186 Comm: kunit_try_catch Tainted: G B 5.19.13-rc1 #1
<3>[ 145.877631] Hardware name: linux,dummy-virt (DT)
<3>[ 145.878495] ==================================================================
<6>[ 145.882374] # test_out_of_bounds_read-memcache: test_alloc: size=32, gfp=cc0, policy=right, cache=1
<3>[ 146.186418] ==================================================================
<3>[ 146.187712] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x1ac/0x260
<3>[ 146.187712]
<3>[ 146.189265] Out-of-bounds read at 0x000000007ae6480b (32B right of kfence-#128):
<4>[ 146.191042] test_out_of_bounds_read+0x1ac/0x260
<4>[ 146.192069] kunit_try_run_case+0x8c/0x124
<4>[ 146.193057] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 146.194295] kthread+0x160/0x170
<4>[ 146.195150] ret_from_fork+0x10/0x20
<3>[ 146.196048]
<4>[ 146.196497] kfence-#128: 0x00000000a622f8df-0x000000002a926c42, size=32, cache=test
<4>[ 146.196497]
<4>[ 146.197954] allocated by task 186 on cpu 0 at 146.184476s:
<4>[ 146.199169] test_alloc+0x1dc/0x3f4
<4>[ 146.200137] test_out_of_bounds_read+0x198/0x260
<4>[ 146.201130] kunit_try_run_case+0x8c/0x124
<4>[ 146.202127] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 146.203334] kthread+0x160/0x170
<4>[ 146.204174] ret_from_fork+0x10/0x20
<3>[ 146.205056]
<3>[ 146.205543] CPU: 0 PID: 186 Comm: kunit_try_catch Tainted: G B 5.19.13-rc1 #1
<3>[ 146.206973] Hardware name: linux,dummy-virt (DT)
<3>[ 146.207819] ==================================================================
<6>[ 146.308532] ok 2 - test_out_of_bounds_read-memcache
<6>[ 146.331361] # test_out_of_bounds_write: test_alloc: size=32, gfp=cc0, policy=left, cache=0
<3>[ 146.510722] ==================================================================
<3>[ 146.512067] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0xec/0x1a4
<3>[ 146.512067]
<3>[ 146.513718] Out-of-bounds write at 0x0000000096373cb7 (1B left of kfence-#139):
<4>[ 146.515034] test_out_of_bounds_write+0xec/0x1a4
<4>[ 146.516067] kunit_try_run_case+0x8c/0x124
<4>[ 146.517114] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 146.518490] kthread+0x160/0x170
<4>[ 146.519372] ret_from_fork+0x10/0x20
<3>[ 146.520290]
<4>[ 146.520745] kfence-#139: 0x0000000060778e4f-0x00000000ed903925, size=32, cache=kmalloc-128
<4>[ 146.520745]
<4>[ 146.522319] allocated by task 187 on cpu 1 at 146.508136s:
<4>[ 146.523540] test_alloc+0x1ec/0x3f4
<4>[ 146.524524] test_out_of_bounds_write+0xd8/0x1a4
<4>[ 146.525540] kunit_try_run_case+0x8c/0x124
<4>[ 146.526544] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 146.527765] kthread+0x160/0x170
<4>[ 146.528648] ret_from_fork+0x10/0x20
<3>[ 146.529557]
<3>[ 146.530054] CPU: 1 PID: 187 Comm: kunit_try_catch Tainted: G B 5.19.13-rc1 #1
<3>[ 146.531503] Hardware name: linux,dummy-virt (DT)
<3>[ 146.532366] ==================================================================
<6>[ 146.564765] ok 3 - test_out_of_bounds_write
<6>[ 146.577134] # test_out_of_bounds_write-memcache: setup_test_cache: size=32, ctor=0x0
<6>[ 146.592675] # test_out_of_bounds_write-memcache: test_alloc: size=32, gfp=cc0, policy=left, cache=1
<3>[ 156.602992] # test_out_of_bounds_write-memcache: ASSERTION FAILED at mm/kfence/kfence_test.c:312
<3>[ 156.602992] Expected false to be true, but is false
<3>[ 156.602992]
<3>[ 156.602992] failed to allocate from KFENCE
<6>[ 156.864670] not ok 4 - test_out_of_bounds_write-memcache
<6>[ 156.883110] # test_use_after_free_read: test_alloc: size=32, gfp=cc0, policy=any, cache=0
<3>[ 156.920306] ==================================================================
<3>[ 156.921649] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x108/0x1a0
<3>[ 156.921649]
<3>[ 156.923309] Use-after-free read at 0x00000000caed40f2 (in kfence-#161):
<4>[ 156.924510] test_use_after_free_read+0x108/0x1a0
<4>[ 156.925576] kunit_try_run_case+0x8c/0x124
<4>[ 156.926604] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 156.927837] kthread+0x160/0x170
<4>[ 156.928704] ret_from_fork+0x10/0x20
<3>[ 156.929633]
<4>[ 156.930097] kfence-#161: 0x00000000caed40f2-0x00000000cfe1dfed, size=32, cache=kmalloc-128
<4>[ 156.930097]
<4>[ 156.931655] allocated by task 189 on cpu 1 at 156.916196s:
<4>[ 156.932866] test_alloc+0x1ec/0x3f4
<4>[ 156.933866] test_use_after_free_read+0xd8/0x1a0
<4>[ 156.934880] kunit_try_run_case+0x8c/0x124
<4>[ 156.935869] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 156.937087] kthread+0x160/0x170
<4>[ 156.937954] ret_from_fork+0x10/0x20
<4>[ 156.938876]
<4>[ 156.939397] freed by task 189 on cpu 1 at 156.918656s:
<4>[ 156.940804] test_use_after_free_read+0x100/0x1a0
<4>[ 156.941846] kunit_try_run_case+0x8c/0x124
<4>[ 156.942846] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 156.944067] kthread+0x160/0x170
<4>[ 156.944953] ret_from_fork+0x10/0x20
<3>[ 156.945999]
<3>[ 156.946508] CPU: 1 PID: 189 Comm: kunit_try_catch Tainted: G B 5.19.13-rc1 #1
<3>[ 156.947958] Hardware name: linux,dummy-virt (DT)
<3>[ 156.948819] ==================================================================
<6>[ 156.966907] ok 5 - test_use_after_free_read
<6>[ 156.976859] # test_use_after_free_read-memcache: setup_test_cache: size=32, ctor=0x0
<6>[ 156.992569] # test_use_after_free_read-memcache: test_alloc: size=32, gfp=cc0, policy=any, cache=1
<3>[ 157.027293] ==================================================================
<3>[ 157.028504] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x108/0x1a0
<3>[ 157.028504]
<3>[ 157.030132] Use-after-free read at 0x00000000c829ce1f (in kfence-#163):
<4>[ 157.031322] test_use_after_free_read+0x108/0x1a0
<4>[ 157.032362] kunit_try_run_case+0x8c/0x124
<4>[ 157.033393] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 157.034632] kthread+0x160/0x170
<4>[ 157.035502] ret_from_fork+0x10/0x20
<3>[ 157.036413]
<4>[ 157.036866] kfence-#163: 0x00000000c829ce1f-0x000000005e59ddd5, size=32, cache=test
<4>[ 157.036866]
<4>[ 157.038360] allocated by task 190 on cpu 0 at 157.023569s:
<4>[ 157.039585] test_alloc+0x1dc/0x3f4
<4>[ 157.040565] test_use_after_free_read+0xd8/0x1a0
<4>[ 157.041582] kunit_try_run_case+0x8c/0x124
<4>[ 157.042580] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 157.043799] kthread+0x160/0x170
<4>[ 157.044649] ret_from_fork+0x10/0x20
<4>[ 157.045599]
<4>[ 157.046134] freed by task 190 on cpu 0 at 157.024953s:
<4>[ 157.047551] test_use_after_free_read+0xf8/0x1a0
<4>[ 157.048566] kunit_try_run_case+0x8c/0x124
<4>[ 157.049568] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 157.050796] kthread+0x160/0x170
<4>[ 157.051649] ret_from_fork+0x10/0x20
<3>[ 157.052548]
<3>[ 157.053031] CPU: 0 PID: 190 Comm: kunit_try_catch Tainted: G B 5.19.13-rc1 #1
<3>[ 157.054498] Hardware name: linux,dummy-virt (DT)
<3>[ 157.055359] ==================================================================
<6>[ 157.104441] ok 6 - test_use_after_free_read-memcache
<6>[ 157.119372] # test_double_free: test_alloc: size=32, gfp=cc0, policy=any, cache=0
<3>[ 157.135669] ==================================================================
<3>[ 157.137221] BUG: KFENCE: invalid free in test_double_free+0x11c/0x1b0
<3>[ 157.137221]
<3>[ 157.140413] Invalid free of 0x00000000625d21b8 (in kfence-#169):
<4>[ 157.142747] test_double_free+0x11c/0x1b0
<4>[ 157.143701] kunit_try_run_case+0x8c/0x124
<4>[ 157.144704] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 157.146066] kthread+0x160/0x170
<4>[ 157.146950] ret_from_fork+0x10/0x20
<3>[ 157.147863]
<4>[ 157.148317] kfence-#169: 0x00000000625d21b8-0x000000006be93155, size=32, cache=kmalloc-128
<4>[ 157.148317]
<4>[ 157.149883] allocated by task 191 on cpu 0 at 157.128703s:
<4>[ 157.151092] test_alloc+0x1ec/0x3f4
<4>[ 157.152074] test_double_free+0xdc/0x1b0
<4>[ 157.152968] kunit_try_run_case+0x8c/0x124
<4>[ 157.153970] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 157.155197] kthread+0x160/0x170
<4>[ 157.156047] ret_from_fork+0x10/0x20
<4>[ 157.156944]
<4>[ 157.157401] freed by task 191 on cpu 0 at 157.132322s:
<4>[ 157.158734] test_double_free+0x100/0x1b0
<4>[ 157.159642] kunit_try_run_case+0x8c/0x124
<4>[ 157.160630] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 157.161858] kthread+0x160/0x170
<4>[ 157.162718] ret_from_fork+0x10/0x20
<3>[ 157.163618]
<3>[ 157.164098] CPU: 0 PID: 191 Comm: kunit_try_catch Tainted: G B 5.19.13-rc1 #1
<3>[ 157.165554] Hardware name: linux,dummy-virt (DT)
<3>[ 157.166420] ==================================================================
<6>[ 157.184528] ok 7 - test_double_free
<6>[ 157.192238] # test_double_free-memcache: setup_test_cache: size=32, ctor=0x0
<6>[ 157.207952] # test_double_free-memcache: test_alloc: size=32, gfp=cc0, policy=any, cache=1
<3>[ 157.247737] ==================================================================
<3>[ 157.248996] BUG: KFENCE: invalid free in test_double_free+0x110/0x1b0
<3>[ 157.248996]
<3>[ 157.250434] Invalid free of 0x0000000089e10b56 (in kfence-#175):
<4>[ 157.251576] test_double_free+0x110/0x1b0
<4>[ 157.252516] kunit_try_run_case+0x8c/0x124
<4>[ 157.253549] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 157.254803] kthread+0x160/0x170
<4>[ 157.255677] ret_from_fork+0x10/0x20
<3>[ 157.256598]
<4>[ 157.257056] kfence-#175: 0x0000000089e10b56-0x000000007f292b81, size=32, cache=test
<4>[ 157.257056]
<4>[ 157.258578] allocated by task 192 on cpu 1 at 157.243891s:
<4>[ 157.259806] test_alloc+0x1dc/0x3f4
<4>[ 157.260795] test_double_free+0xdc/0x1b0
<4>[ 157.261710] kunit_try_run_case+0x8c/0x124
<4>[ 157.262716] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 157.263947] kthread+0x160/0x170
<4>[ 157.264806] ret_from_fork+0x10/0x20
<4>[ 157.265726]
<4>[ 157.266183] freed by task 192 on cpu 1 at 157.245330s:
<4>[ 157.267559] test_double_free+0xf8/0x1b0
<4>[ 157.268546] kunit_try_run_case+0x8c/0x124
<4>[ 157.269559] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 157.270802] kthread+0x160/0x170
<4>[ 157.271662] ret_from_fork+0x10/0x20
<3>[ 157.272570]
<3>[ 157.273058] CPU: 1 PID: 192 Comm: kunit_try_catch Tainted: G B 5.19.13-rc1 #1
<3>[ 157.274541] Hardware name: linux,dummy-virt (DT)
<3>[ 157.275413] ==================================================================
<6>[ 157.328503] ok 8 - test_double_free-memcache
<6>[ 157.344877] # test_invalid_addr_free: test_alloc: size=32, gfp=cc0, policy=any, cache=0
<3>[ 157.453043] ==================================================================
<3>[ 157.455019] BUG: KFENCE: invalid free in test_invalid_addr_free+0x100/0x1b0
<3>[ 157.455019]
<3>[ 157.456502] Invalid free of 0x0000000076a0b334 (in kfence-#192):
<4>[ 157.457644] test_invalid_addr_free+0x100/0x1b0
<4>[ 157.458665] kunit_try_run_case+0x8c/0x124
<4>[ 157.459674] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 157.460904] kthread+0x160/0x170
<4>[ 157.461785] ret_from_fork+0x10/0x20
<3>[ 157.462710]
<4>[ 157.463165] kfence-#192: 0x0000000043e4eba2-0x00000000f7ba355c, size=32, cache=kmalloc-128
<4>[ 157.463165]
<4>[ 157.464725] allocated by task 193 on cpu 1 at 157.451146s:
<4>[ 157.465938] test_alloc+0x1ec/0x3f4
<4>[ 157.466932] test_invalid_addr_free+0xdc/0x1b0
<4>[ 157.467908] kunit_try_run_case+0x8c/0x124
<4>[ 157.468895] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 157.470135] kthread+0x160/0x170
<4>[ 157.470990] ret_from_fork+0x10/0x20
<3>[ 157.471891]
<3>[ 157.472376] CPU: 1 PID: 193 Comm: kunit_try_catch Tainted: G B 5.19.13-rc1 #1
<3>[ 157.473835] Hardware name: linux,dummy-virt (DT)
<3>[ 157.474709] ==================================================================
<6>[ 157.493162] ok 9 - test_invalid_addr_free
<6>[ 157.503607] # test_invalid_addr_free-memcache: setup_test_cache: size=32, ctor=0x0
<6>[ 157.519752] # test_invalid_addr_free-memcache: test_alloc: size=32, gfp=cc0, policy=any, cache=1
<3>[ 157.561604] ==================================================================
<3>[ 157.562850] BUG: KFENCE: invalid free in test_invalid_addr_free+0xf4/0x1b0
<3>[ 157.562850]
<3>[ 157.564286] Invalid free of 0x000000007575d443 (in kfence-#196):
<4>[ 157.568831] test_invalid_addr_free+0xf4/0x1b0
<4>[ 157.573273] kunit_try_run_case+0x8c/0x124
<4>[ 157.574305] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 157.575538] kthread+0x160/0x170
<4>[ 157.576400] ret_from_fork+0x10/0x20
<3>[ 157.577327]
<4>[ 157.577786] kfence-#196: 0x00000000249aef65-0x0000000016504c7f, size=32, cache=test
<4>[ 157.577786]
<4>[ 157.579271] allocated by task 194 on cpu 0 at 157.559725s:
<4>[ 157.580493] test_alloc+0x1dc/0x3f4
<4>[ 157.581490] test_invalid_addr_free+0xdc/0x1b0
<4>[ 157.582477] kunit_try_run_case+0x8c/0x124
<4>[ 157.583468] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 157.585416] kthread+0x160/0x170
<4>[ 157.586294] ret_from_fork+0x10/0x20
<3>[ 157.587200]
<3>[ 157.587683] CPU: 0 PID: 194 Comm: kunit_try_catch Tainted: G B 5.19.13-rc1 #1
<3>[ 157.589128] Hardware name: linux,dummy-virt (DT)
<3>[ 157.590009] ==================================================================
<6>[ 157.650109] ok 10 - test_invalid_addr_free-memcache
<6>[ 157.660487] # test_corruption: test_alloc: size=32, gfp=cc0, policy=left, cache=0
<3>[ 157.770968] ==================================================================
<3>[ 157.772253] BUG: KFENCE: memory corruption in test_corruption+0x110/0x228
<3>[ 157.772253]
<3>[ 157.773875] Corrupted memory at 0x000000004b7c28a2 [ ! . . . . . . . . . . . . . . . ] (in kfence-#214):
<4>[ 157.779193] test_corruption+0x110/0x228
<4>[ 157.780272] kunit_try_run_case+0x8c/0x124
<4>[ 157.781276] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 157.782513] kthread+0x160/0x170
<4>[ 157.783376] ret_from_fork+0x10/0x20
<3>[ 157.784277]
<4>[ 157.784727] kfence-#214: 0x00000000d6acd214-0x000000006c8b3e7d, size=32, cache=kmalloc-128
<4>[ 157.784727]
<4>[ 157.786281] allocated by task 195 on cpu 0 at 157.767848s:
<4>[ 157.787467] test_alloc+0x1ec/0x3f4
<4>[ 157.788433] test_corruption+0xdc/0x228
<4>[ 157.789468] kunit_try_run_case+0x8c/0x124
<4>[ 157.790463] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 157.791669] kthread+0x160/0x170
<4>[ 157.792509] ret_from_fork+0x10/0x20
<4>[ 157.793410]
<4>[ 157.793853] freed by task 195 on cpu 0 at 157.769287s:
<4>[ 157.795175] test_corruption+0x110/0x228
<4>[ 157.796215] kunit_try_run_case+0x8c/0x124
<4>[ 157.797190] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 157.798421] kthread+0x160/0x170
<4>[ 157.799265] ret_from_fork+0x10/0x20
<3>[ 157.800154]
<3>[ 157.800633] CPU: 0 PID: 195 Comm: kunit_try_catch Tainted: G B 5.19.13-rc1 #1
<3>[ 157.802070] Hardware name: linux,dummy-virt (DT)
<3>[ 157.802920] ==================================================================
<6>[ 157.807905] # test_corruption: test_alloc: size=32, gfp=cc0, policy=right, cache=0
<3>[ 157.875686] ==================================================================
<3>[ 157.876952] BUG: KFENCE: memory corruption in test_corruption+0x19c/0x228
<3>[ 157.876952]
<3>[ 157.878568] Corrupted memory at 0x00000000ef92165d [ ! ] (in kfence-#69):
<4>[ 157.880281] test_corruption+0x19c/0x228
<4>[ 157.881357] kunit_try_run_case+0x8c/0x124
<4>[ 157.882367] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 157.883592] kthread+0x160/0x170
<4>[ 157.884446] ret_from_fork+0x10/0x20
<3>[ 157.885356]
<4>[ 157.885807] kfence-#69: 0x000000006d1452b9-0x000000007ecd8566, size=32, cache=kmalloc-128
<4>[ 157.885807]
<4>[ 157.887331] allocated by task 195 on cpu 0 at 157.871996s:
<4>[ 157.888514] test_alloc+0x1ec/0x3f4
<4>[ 157.889491] test_corruption+0x168/0x228
<4>[ 157.890543] kunit_try_run_case+0x8c/0x124
<4>[ 157.891527] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 157.892732] kthread+0x160/0x170
<4>[ 157.893585] ret_from_fork+0x10/0x20
<4>[ 157.894501]
<4>[ 157.894944] freed by task 195 on cpu 0 at 157.873844s:
<4>[ 157.896253] test_corruption+0x19c/0x228
<4>[ 157.897304] kunit_try_run_case+0x8c/0x124
<4>[ 157.898301] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 157.899508] kthread+0x160/0x170
<4>[ 157.900351] ret_from_fork+0x10/0x20
<3>[ 157.901239]
<3>[ 157.901725] CPU: 0 PID: 195 Comm: kunit_try_catch Tainted: G B 5.19.13-rc1 #1
<3>[ 157.903151] Hardware name: linux,dummy-virt (DT)
<3>[ 157.903997] ==================================================================
<6>[ 157.920805] ok 11 - test_corruption
<6>[ 157.935536] # test_corruption-memcache: setup_test_cache: size=32, ctor=0x0
<6>[ 157.955155] # test_corruption-memcache: test_alloc: size=32, gfp=cc0, policy=left, cache=1
<3>[ 158.004366] ==================================================================
<3>[ 158.005682] BUG: KFENCE: memory corruption in test_corruption+0x104/0x228
<3>[ 158.005682]
<3>[ 158.007295] Corrupted memory at 0x000000001c5968bc [ ! . . . . . . . . . . . . . . . ] (in kfence-#227):
<4>[ 158.011480] test_corruption+0x104/0x228
<4>[ 158.012576] kunit_try_run_case+0x8c/0x124
<4>[ 158.013630] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 158.014887] kthread+0x160/0x170
<4>[ 158.015764] ret_from_fork+0x10/0x20
<3>[ 158.016685]
<4>[ 158.017144] kfence-#227: 0x000000004fd9acd3-0x00000000933444bb, size=32, cache=test
<4>[ 158.017144]
<4>[ 158.018677] allocated by task 196 on cpu 1 at 158.002424s:
<4>[ 158.019939] test_alloc+0x1dc/0x3f4
<4>[ 158.020936] test_corruption+0xdc/0x228
<4>[ 158.022000] kunit_try_run_case+0x8c/0x124
<4>[ 158.023007] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 158.024242] kthread+0x160/0x170
<4>[ 158.025101] ret_from_fork+0x10/0x20
<4>[ 158.026031]
<4>[ 158.026485] freed by task 196 on cpu 1 at 158.003823s:
<4>[ 158.027854] test_corruption+0x104/0x228
<4>[ 158.028912] kunit_try_run_case+0x8c/0x124
<4>[ 158.029928] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 158.031170] kthread+0x160/0x170
<4>[ 158.032029] ret_from_fork+0x10/0x20
<3>[ 158.032936]
<3>[ 158.033448] CPU: 1 PID: 196 Comm: kunit_try_catch Tainted: G B 5.19.13-rc1 #1
<3>[ 158.034918] Hardware name: linux,dummy-virt (DT)
<3>[ 158.035795] ==================================================================
<6>[ 158.042188] # test_corruption-memcache: test_alloc: size=32, gfp=cc0, policy=right, cache=1
<3>[ 158.110495] ==================================================================
<3>[ 158.111824] BUG: KFENCE: memory corruption in test_corruption+0x190/0x228
<3>[ 158.111824]
<3>[ 158.113469] Corrupted memory at 0x0000000033b0c4d1 [ ! ] (in kfence-#228):
<4>[ 158.115252] test_corruption+0x190/0x228
<4>[ 159.161394] kunit_try_run_case+0x8c/0x124
<4>[ 159.162566] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 159.163819] kthread+0x160/0x170
<4>[ 159.164690] ret_from_fork+0x10/0x20
<3>[ 159.165639]
<4>[ 159.166113] kfence-#228: 0x000000008994cb38-0x00000000c2596400, size=32, cache=test
<4>[ 159.166113]
<4>[ 159.167623] allocated by task 196 on cpu 1 at 158.106887s:
<4>[ 159.168861] test_alloc+0x1dc/0x3f4
<4>[ 159.169870] test_corruption+0x168/0x228
<4>[ 159.170942] kunit_try_run_case+0x8c/0x124
<4>[ 159.171942] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 159.173174] kthread+0x160/0x170
<4>[ 159.174066] ret_from_fork+0x10/0x20
<4>[ 159.174981]
<4>[ 159.175432] freed by task 196 on cpu 1 at 158.108234s:
<4>[ 159.176809] test_corruption+0x190/0x228
<4>[ 159.177887] kunit_try_run_case+0x8c/0x124
<4>[ 159.178898] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 159.180137] kthread+0x160/0x170
<4>[ 159.181000] ret_from_fork+0x10/0x20
<3>[ 159.181927]
<3>[ 159.182425] CPU: 1 PID: 196 Comm: kunit_try_catch Tainted: G B 5.19.13-rc1 #1
<3>[ 159.183897] Hardware name: linux,dummy-virt (DT)
<3>[ 159.184770] ==================================================================
<6>[ 159.282905] ok 12 - test_corruption-memcache
<6>[ 159.295095] # test_free_bulk: test_alloc: size=97, gfp=cc0, policy=right, cache=0
<6>[ 159.303452] # test_free_bulk: test_alloc: size=97, gfp=cc0, policy=none, cache=0
<6>[ 159.305291] # test_free_bulk: test_alloc: size=97, gfp=cc0, policy=left, cache=0
<6>[ 159.512685] # test_free_bulk: test_alloc: size=97, gfp=cc0, policy=none, cache=0
<6>[ 159.515515] # test_free_bulk: test_alloc: size=97, gfp=cc0, policy=none, cache=0
<6>[ 159.521918] # test_free_bulk: test_alloc: size=245, gfp=cc0, policy=right, cache=0
<6>[ 159.628833] # test_free_bulk: test_alloc: size=245, gfp=cc0, policy=none, cache=0
<6>[ 162.531844] # test_free_bulk: test_alloc: size=245, gfp=cc0, policy=left, cache=0
<6>[ 162.829039] # test_free_bulk: test_alloc: size=245, gfp=cc0, policy=none, cache=0
<6>[ 162.831288] # test_free_bulk: test_alloc: size=245, gfp=cc0, policy=none, cache=0
<6>[ 162.836448] # test_free_bulk: test_alloc: size=54, gfp=cc0, policy=right, cache=0
<6>[ 162.933225] # test_free_bulk: test_alloc: size=54, gfp=cc0, policy=none, cache=0
<6>[ 162.935541] # test_free_bulk: test_alloc: size=54, gfp=cc0, policy=left, cache=0
<6>[ 163.037933] # test_free_bulk: test_alloc: size=54, gfp=cc0, policy=none, cache=0
<6>[ 163.039762] # test_free_bulk: test_alloc: size=54, gfp=cc0, policy=none, cache=0
<6>[ 163.047287] # test_free_bulk: test_alloc: size=109, gfp=cc0, policy=right, cache=0
<6>[ 163.349825] # test_free_bulk: test_alloc: size=109, gfp=cc0, policy=none, cache=0
<6>[ 163.351653] # test_free_bulk: test_alloc: size=109, gfp=cc0, policy=left, cache=0
<6>[ 163.453225] # test_free_bulk: test_alloc: size=109, gfp=cc0, policy=none, cache=0
<6>[ 163.455650] # test_free_bulk: test_alloc: size=109, gfp=cc0, policy=none, cache=0
<6>[ 163.460892] # test_free_bulk: test_alloc: size=126, gfp=cc0, policy=right, cache=0
<6>[ 163.765793] # test_free_bulk: test_alloc: size=126, gfp=cc0, policy=none, cache=0
<6>[ 163.767619] # test_free_bulk: test_alloc: size=126, gfp=cc0, policy=left, cache=0
<6>[ 163.869857] # test_free_bulk: test_alloc: size=126, gfp=cc0, policy=none, cache=0
<6>[ 163.871694] # test_free_bulk: test_alloc: size=126, gfp=cc0, policy=none, cache=0
<6>[ 163.892894] ok 13 - test_free_bulk
<6>[ 163.904684] # test_free_bulk-memcache: setup_test_cache: size=223, ctor=0x0
<6>[ 163.927257] # test_free_bulk-memcache: test_alloc: size=223, gfp=cc0, policy=right, cache=1
<6>[ 163.992279] # test_free_bulk-memcache: test_alloc: size=223, gfp=cc0, policy=none, cache=1
<6>[ 164.007799] # test_free_bulk-memcache: test_alloc: size=223, gfp=cc0, policy=left, cache=1
<3>[ 176.777879] # test_free_bulk-memcache: ASSERTION FAILED at mm/kfence/kfence_test.c:312
<3>[ 176.777879] Expected false to be true, but is false
<3>[ 176.777879]
<3>[ 176.777879] failed to allocate from KFENCE
<3>[ 177.604811] =============================================================================
<3>[ 177.608387] BUG test (Tainted: G B ): Objects remaining in test on __kmem_cache_shutdown()
<3>[ 177.609927] -----------------------------------------------------------------------------
<3>[ 177.609927]
<3>[ 177.611424] Slab 0x000000009535baed objects=14 used=1 fp=0x00000000e8649a76 flags=0x3fffc0000000200(slab|node=0|zone=0|lastcpupid=0xffff)
<4>[ 177.613882] CPU: 0 PID: 1 Comm: swapper/0 Tainted: G B 5.19.13-rc1 #1
<4>[ 177.615231] Hardware name: linux,dummy-virt (DT)
<4>[ 177.616197] Call trace:
<4>[ 177.616788] dump_backtrace+0xb8/0x130
<4>[ 177.617792] show_stack+0x20/0x60
<4>[ 177.618630] dump_stack_lvl+0x8c/0xb8
<4>[ 177.619548] dump_stack+0x1c/0x38
<4>[ 177.620396] slab_err+0xa0/0xf0
<4>[ 177.621180] __kmem_cache_shutdown+0x140/0x3c0
<4>[ 177.622230] kmem_cache_destroy+0x9c/0x20c
<4>[ 177.623242] test_exit+0x28/0x40
<4>[ 177.624172] kunit_catch_run_case+0x5c/0x120
<4>[ 177.625189] kunit_try_catch_run+0x144/0x26c
<4>[ 177.626251] kunit_run_case_catch_errors+0x158/0x1e0
<4>[ 177.627359] kunit_run_tests+0x374/0x750
<4>[ 177.628316] __kunit_test_suites_init+0x74/0xa0
<4>[ 177.629376] kunit_run_all_tests+0x160/0x380
<4>[ 177.630440] kernel_init_freeable+0x32c/0x388
<4>[ 177.631517] kernel_init+0x2c/0x150
<4>[ 177.632351] ret_from_fork+0x10/0x20
<4>[ 177.633506] Disabling lock debugging due to kernel taint
<3>[ 177.634724] Object 0x00000000a1747116 @offset=2880
<4>[ 177.651182] ------------[ cut here ]------------
<4>[ 177.652217] kmem_cache_destroy test: Slab cache still has objects when called from test_exit+0x28/0x40
<4>[ 177.654849] WARNING: CPU: 0 PID: 1 at mm/slab_common.c:520 kmem_cache_destroy+0x1e8/0x20c
<4>[ 177.666237] Modules linked in:
<4>[ 177.667325] CPU: 0 PID: 1 Comm: swapper/0 Tainted: G B 5.19.13-rc1 #1
<4>[ 177.668666] Hardware name: linux,dummy-virt (DT)
<4>[ 177.669783] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
<4>[ 177.671120] pc : kmem_cache_destroy+0x1e8/0x20c
<4>[ 177.672217] lr : kmem_cache_destroy+0x1e8/0x20c
<4>[ 177.673302] sp : ffff8000080876f0
<4>[ 177.674013] x29: ffff8000080876f0 x28: ffffb5ed1da56f38 x27: ffffb5ed1a87b480
<4>[ 177.676478] x26: ffff800008087aa0 x25: ffff800008087ac8 x24: ffff00000c73b480
<4>[ 177.678215] x23: 000000004c800000 x22: ffffb5ed1eca3000 x21: ffffb5ed1da381f0
<4>[ 177.679873] x20: fdecb5ed18ea3a78 x19: ffff00000759be00 x18: 00000000ffffffff
<4>[ 177.681540] x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000
<4>[ 177.683139] x14: 0000000000000000 x13: 206d6f7266206465 x12: ffff700001010e63
<4>[ 177.684776] x11: 1ffff00001010e62 x10: ffff700001010e62 x9 : ffffb5ed18b89514
<4>[ 177.686554] x8 : ffff800008087317 x7 : 0000000000000001 x6 : 0000000000000001
<4>[ 177.688238] x5 : ffffb5ed1d893000 x4 : dfff800000000000 x3 : ffffb5ed18b89520
<4>[ 177.689912] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff000007150000
<4>[ 177.691598] Call trace:
<4>[ 177.692165] kmem_cache_destroy+0x1e8/0x20c
<4>[ 177.693196] test_exit+0x28/0x40
<4>[ 177.694158] kunit_catch_run_case+0x5c/0x120
<4>[ 177.695177] kunit_try_catch_run+0x144/0x26c
<4>[ 177.696211] kunit_run_case_catch_errors+0x158/0x1e0
<4>[ 177.697353] kunit_run_tests+0x374/0x750
<4>[ 177.698333] __kunit_test_suites_init+0x74/0xa0
<4>[ 177.699386] kunit_run_all_tests+0x160/0x380
<4>[ 177.700428] kernel_init_freeable+0x32c/0x388
<4>[ 177.701497] kernel_init+0x2c/0x150
<4>[ 177.702347] ret_from_fork+0x10/0x20
<4>[ 177.703308] ---[ end trace 0000000000000000 ]---
<6>[ 180.045230] not ok 14 - test_free_bulk-memcache
<6>[ 180.063196] ok 15 - test_init_on_free # SKIP Test requires: IS_ENABLED(CONFIG_INIT_ON_FREE_DEFAULT_ON)
<6>[ 180.084390] ok 16 - test_init_on_free-memcache # SKIP Test requires: IS_ENABLED(CONFIG_INIT_ON_FREE_DEFAULT_ON)
<6>[ 180.105203] # test_kmalloc_aligned_oob_read: test_alloc: size=73, gfp=cc0, policy=right, cache=0
<3>[ 180.457864] ==================================================================
<3>[ 180.459247] BUG: KFENCE: out-of-bounds read in test_kmalloc_aligned_oob_read+0x198/0x24c
<3>[ 180.459247]
<3>[ 180.460963] Out-of-bounds read at 0x000000002560c7f9 (201B right of kfence-#4):
<4>[ 180.462326] test_kmalloc_aligned_oob_read+0x198/0x24c
<4>[ 180.463474] kunit_try_run_case+0x8c/0x124
<4>[ 180.464500] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 180.465755] kthread+0x160/0x170
<4>[ 180.466649] ret_from_fork+0x10/0x20
<3>[ 180.467575]
<4>[ 180.468039] kfence-#4: 0x0000000015e6d0b8-0x000000008825abb9, size=73, cache=kmalloc-128
<4>[ 180.468039]
<4>[ 180.469609] allocated by task 201 on cpu 1 at 180.455855s:
<4>[ 180.470849] test_alloc+0x1ec/0x3f4
<4>[ 180.471846] test_kmalloc_aligned_oob_read+0xd8/0x24c
<4>[ 180.472942] kunit_try_run_case+0x8c/0x124
<4>[ 180.473955] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 180.475199] kthread+0x160/0x170
<4>[ 180.476058] ret_from_fork+0x10/0x20
<3>[ 180.476967]
<3>[ 180.477473] CPU: 1 PID: 201 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<3>[ 180.478948] Hardware name: linux,dummy-virt (DT)
<3>[ 180.479824] ==================================================================
<6>[ 180.491058] ok 17 - test_kmalloc_aligned_oob_read
<6>[ 180.503288] # test_kmalloc_aligned_oob_write: test_alloc: size=73, gfp=cc0, policy=right, cache=0
<3>[ 180.585153] ==================================================================
<3>[ 185.469598] BUG: KFENCE: memory corruption in test_kmalloc_aligned_oob_write+0x138/0x1c4
<3>[ 185.469598]
<3>[ 185.474133] Corrupted memory at 0x00000000a0ce6a66 [ ! . . . . . . . . . . . . . . . ] (in kfence-#27):
<4>[ 185.484171] test_kmalloc_aligned_oob_write+0x138/0x1c4
<4>[ 185.485493] kunit_try_run_case+0x8c/0x124
<4>[ 185.486516] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 185.487735] kthread+0x160/0x170
<4>[ 185.488587] ret_from_fork+0x10/0x20
<3>[ 185.489513]
<4>[ 185.489972] kfence-#27: 0x00000000e9371982-0x00000000c23ba8ef, size=73, cache=kmalloc-128
<4>[ 185.489972]
<4>[ 185.491505] allocated by task 202 on cpu 0 at 180.567889s:
<4>[ 185.492692] test_alloc+0x1ec/0x3f4
<4>[ 185.493702] test_kmalloc_aligned_oob_write+0xb0/0x1c4
<4>[ 185.494955] kunit_try_run_case+0x8c/0x124
<4>[ 185.495932] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 185.497137] kthread+0x160/0x170
<4>[ 185.498030] ret_from_fork+0x10/0x20
<4>[ 185.498960]
<4>[ 185.499412] freed by task 202 on cpu 0 at 180.569369s:
<4>[ 185.500726] test_kmalloc_aligned_oob_write+0x138/0x1c4
<4>[ 185.501997] kunit_try_run_case+0x8c/0x124
<4>[ 185.502985] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 185.504189] kthread+0x160/0x170
<4>[ 185.505030] ret_from_fork+0x10/0x20
<3>[ 185.505934]
<3>[ 185.506425] CPU: 1 PID: 202 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<3>[ 185.507854] Hardware name: linux,dummy-virt (DT)
<3>[ 185.508700] ==================================================================
<6>[ 185.530118] ok 18 - test_kmalloc_aligned_oob_write
<6>[ 185.553266] # test_shrink_memcache: setup_test_cache: size=32, ctor=0x0
<6>[ 185.564610] # test_shrink_memcache: test_alloc: size=32, gfp=cc0, policy=any, cache=1
<6>[ 185.703533] ok 19 - test_shrink_memcache
<6>[ 185.718531] # test_memcache_ctor: setup_test_cache: size=32, ctor=ctor_set_x
<6>[ 185.738941] # test_memcache_ctor: test_alloc: size=32, gfp=cc0, policy=any, cache=1
<6>[ 191.431611] ok 20 - test_memcache_ctor
<3>[ 191.439679] ==================================================================
<3>[ 191.442299] BUG: KFENCE: invalid read in test_invalid_access+0xbc/0x154
<3>[ 191.442299]
<3>[ 191.444078] Invalid read at 0x0000000007fd2fca:
<4>[ 191.445124] test_invalid_access+0xbc/0x154
<4>[ 191.449335] kunit_try_run_case+0x8c/0x124
<4>[ 191.453014] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 191.455058] kthread+0x160/0x170
<4>[ 191.456088] ret_from_fork+0x10/0x20
<3>[ 191.457131]
<3>[ 191.458559] CPU: 1 PID: 205 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<3>[ 191.460136] Hardware name: linux,dummy-virt (DT)
<3>[ 191.461138] ==================================================================
<6>[ 191.464122] ok 21 - test_invalid_access
<6>[ 191.483030] # test_gfpzero: test_alloc: size=4096, gfp=cc0, policy=any, cache=0
<6>[ 191.602032] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 191.628219] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 191.732270] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 191.836193] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 191.941220] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 192.044521] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 192.148492] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 192.252355] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 192.356490] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 192.460294] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 192.564386] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 192.668504] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 198.831501] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 198.935346] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 199.040858] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 199.144145] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 199.249146] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 199.352064] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 199.460190] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 199.571265] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 199.683792] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 199.795616] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 199.905239] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 200.033009] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 200.145973] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 200.262301] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 200.366223] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 200.470247] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 209.719154] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 209.824896] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 209.932074] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 210.032275] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 210.136401] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 210.240680] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 210.344798] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 210.450255] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 210.552378] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 210.670247] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 210.787878] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 210.894176] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 211.011664] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 211.127937] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 211.244878] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 211.363762] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 211.479959] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 211.598314] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 211.696205] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 211.818181] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 211.913270] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 212.019580] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 212.132069] ok 22 - test_gfpzero
<6>[ 212.144813] # test_memcache_typesafe_by_rcu: setup_test_cache: size=32, ctor=0x0
<6>[ 220.318499] # test_memcache_typesafe_by_rcu: test_alloc: size=32, gfp=cc0, policy=any, cache=1
<3>[ 220.412607] ==================================================================
<3>[ 220.413991] BUG: KFENCE: use-after-free read in test_memcache_typesafe_by_rcu+0x1ec/0x2f4
<3>[ 220.413991]
<3>[ 220.415831] Use-after-free read at 0x00000000cfb2c818 (in kfence-#96):
<4>[ 220.417001] test_memcache_typesafe_by_rcu+0x1ec/0x2f4
<4>[ 220.418285] kunit_try_run_case+0x8c/0x124
<4>[ 220.419294] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 220.420523] kthread+0x160/0x170
<4>[ 220.421477] ret_from_fork+0x10/0x20
<3>[ 220.422413]
<4>[ 220.422869] kfence-#96: 0x00000000cfb2c818-0x00000000c749c5ae, size=32, cache=test
<4>[ 220.422869]
<4>[ 220.424335] allocated by task 207 on cpu 0 at 220.379950s:
<4>[ 220.425572] test_alloc+0x1dc/0x3f4
<4>[ 220.430322] test_memcache_typesafe_by_rcu+0x110/0x2f4
<4>[ 220.431607] kunit_try_run_case+0x8c/0x124
<4>[ 220.432599] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 220.433834] kthread+0x160/0x170
<4>[ 220.434699] ret_from_fork+0x10/0x20
<4>[ 220.435600]
<4>[ 220.436047] freed by task 0 on cpu 0 at 220.410124s:
<4>[ 220.438720] rcu_guarded_free+0x34/0x44
<4>[ 220.439757] rcu_core+0x3ec/0xea0
<4>[ 220.440593] rcu_core_si+0x18/0x24
<4>[ 220.441454] __do_softirq+0x210/0x6d8
<4>[ 220.442330] __irq_exit_rcu+0x150/0x170
<4>[ 220.443219] irq_exit_rcu+0x1c/0x50
<4>[ 220.444047] el1_interrupt+0x38/0x60
<4>[ 220.445021] el1h_64_irq_handler+0x18/0x2c
<4>[ 220.446113] el1h_64_irq+0x64/0x68
<4>[ 220.446942] arch_local_irq_enable+0xc/0x20
<4>[ 220.447884] default_idle_call+0x5c/0x248
<4>[ 220.448888] do_idle+0x318/0x3a0
<4>[ 220.449743] cpu_startup_entry+0x30/0x3c
<4>[ 220.450706] kernel_init+0x0/0x150
<4>[ 220.451521] arch_post_acpi_subsys_init+0x0/0x28
<4>[ 229.261490] start_kernel+0x3b0/0x3e4
<4>[ 229.262580] __primary_switched+0xc4/0xcc
<3>[ 229.263584]
<3>[ 229.264068] CPU: 0 PID: 207 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<3>[ 229.265537] Hardware name: linux,dummy-virt (DT)
<3>[ 229.266410] ==================================================================
<6>[ 229.335366] ok 23 - test_memcache_typesafe_by_rcu
<6>[ 229.363691] # test_krealloc: test_alloc: size=32, gfp=cc0, policy=any, cache=0
<3>[ 229.375301] ==================================================================
<3>[ 229.376537] BUG: KFENCE: use-after-free read in test_krealloc+0x3d0/0x470
<3>[ 229.376537]
<3>[ 229.378277] Use-after-free read at 0x00000000e5ba154b (in kfence-#127):
<4>[ 229.379454] test_krealloc+0x3d0/0x470
<4>[ 229.380495] kunit_try_run_case+0x8c/0x124
<4>[ 229.381563] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 229.382823] kthread+0x160/0x170
<4>[ 229.383696] ret_from_fork+0x10/0x20
<3>[ 229.384610]
<4>[ 229.385065] kfence-#127: 0x00000000e5ba154b-0x0000000058576b5d, size=32, cache=kmalloc-128
<4>[ 229.385065]
<4>[ 229.386658] allocated by task 208 on cpu 1 at 229.371092s:
<4>[ 229.387877] test_alloc+0x1ec/0x3f4
<4>[ 229.388859] test_krealloc+0xbc/0x470
<4>[ 229.389913] kunit_try_run_case+0x8c/0x124
<4>[ 229.390909] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 229.392140] kthread+0x160/0x170
<4>[ 229.393018] ret_from_fork+0x10/0x20
<4>[ 229.393987]
<4>[ 229.394456] freed by task 208 on cpu 1 at 229.372734s:
<4>[ 229.395799] krealloc+0xe0/0x1d0
<4>[ 229.396666] test_krealloc+0x184/0x470
<4>[ 229.397779] kunit_try_run_case+0x8c/0x124
<4>[ 229.398798] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 229.400032] kthread+0x160/0x170
<4>[ 229.400892] ret_from_fork+0x10/0x20
<3>[ 229.401883]
<3>[ 229.402404] CPU: 1 PID: 208 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<3>[ 238.611514] Hardware name: linux,dummy-virt (DT)
<3>[ 238.612482] ==================================================================
<6>[ 238.632920] ok 24 - test_krealloc
<6>[ 238.696085] # test_memcache_alloc_bulk: setup_test_cache: size=32, ctor=0x0
<6>[ 238.850258] ok 25 - test_memcache_alloc_bulk
<6>[ 238.871395] # kfence: pass:21 fail:2 skip:2 total:25
<6>[ 238.872700] # Totals: pass:21 fail:2 skip:2 total:25
<6>[ 238.876941] not ok 4 - kfence
<6>[ 238.927664] # Subtest: binfmt_elf
<6>[ 238.928064] 1..1
<6>[ 238.943081] ok 1 - total_mapping_size_test
<6>[ 238.943988] ok 5 - binfmt_elf
<6>[ 238.953276] # Subtest: compat_binfmt_elf
<6>[ 238.957293] 1..1
<6>[ 238.978832] ok 1 - total_mapping_size_test
<6>[ 238.979699] ok 6 - compat_binfmt_elf
<6>[ 238.985066] # Subtest: ext4_inode_test
<6>[ 238.986791] 1..1
<6>[ 238.987905] # Subtest: inode_test_xtimestamp_decoding
<6>[ 239.002100] ok 1 - 1901-12-13 Lower bound of 32bit < 0 timestamp, no extra bits
<6>[ 239.018377] ok 2 - 1969-12-31 Upper bound of 32bit < 0 timestamp, no extra bits
<6>[ 239.034785] ok 3 - 1970-01-01 Lower bound of 32bit >=0 timestamp, no extra bits
<6>[ 239.059131] ok 4 - 2038-01-19 Upper bound of 32bit >=0 timestamp, no extra bits
<6>[ 239.105052] ok 5 - 2038-01-19 Lower bound of 32bit <0 timestamp, lo extra sec bit on
<6>[ 239.122388] ok 6 - 2106-02-07 Upper bound of 32bit <0 timestamp, lo extra sec bit on
<6>[ 239.142064] ok 7 - 2106-02-07 Lower bound of 32bit >=0 timestamp, lo extra sec bit on
<6>[ 239.178517] ok 8 - 2174-02-25 Upper bound of 32bit >=0 timestamp, lo extra sec bit on
<6>[ 239.211987] ok 9 - 2174-02-25 Lower bound of 32bit <0 timestamp, hi extra sec bit on
<6>[ 239.266123] ok 10 - 2242-03-16 Upper bound of 32bit <0 timestamp, hi extra sec bit on
<6>[ 239.287280] ok 11 - 2242-03-16 Lower bound of 32bit >=0 timestamp, hi extra sec bit on
<6>[ 239.304762] ok 12 - 2310-04-04 Upper bound of 32bit >=0 timestamp, hi extra sec bit on
<6>[ 249.048636] ok 13 - 2310-04-04 Upper bound of 32bit>=0 timestamp, hi extra sec bit 1. 1 ns
<6>[ 249.063451] ok 14 - 2378-04-22 Lower bound of 32bit>= timestamp. Extra sec bits 1. Max ns
<6>[ 249.087134] ok 15 - 2378-04-22 Lower bound of 32bit >=0 timestamp. All extra sec bits on
<6>[ 249.113343] ok 16 - 2446-05-10 Upper bound of 32bit >=0 timestamp. All extra sec bits on
<6>[ 249.115438] # inode_test_xtimestamp_decoding: pass:16 fail:0 skip:0 total:16
<6>[ 249.119662] ok 1 - inode_test_xtimestamp_decoding
<6>[ 249.121129] # Totals: pass:16 fail:0 skip:0 total:16
<6>[ 249.123413] ok 7 - ext4_inode_test
<6>[ 249.134466] # Subtest: fat_test
<6>[ 249.134779] 1..3
<6>[ 249.151000] ok 1 - fat_checksum_test
<6>[ 249.152059] # Subtest: fat_time_fat2unix_test
<6>[ 249.169989] ok 1 - Earliest possible UTC (1980-01-01 00:00:00)
<6>[ 249.199892] ok 2 - Latest possible UTC (2107-12-31 23:59:58)
<6>[ 249.220640] ok 3 - Earliest possible (UTC-11) (== 1979-12-31 13:00:00 UTC)
<6>[ 249.245345] ok 4 - Latest possible (UTC+11) (== 2108-01-01 10:59:58 UTC)
<6>[ 249.264436] ok 5 - Leap Day / Year (1996-02-29 00:00:00)
<6>[ 249.279514] ok 6 - Year 2000 is leap year (2000-02-29 00:00:00)
<6>[ 249.293978] ok 7 - Year 2100 not leap year (2100-03-01 00:00:00)
<6>[ 249.320622] ok 8 - Leap year + timezone UTC+1 (== 2004-02-29 00:30:00 UTC)
<6>[ 249.344042] ok 9 - Leap year + timezone UTC-1 (== 2004-02-29 23:30:00 UTC)
<6>[ 249.366050] ok 10 - VFAT odd-second resolution (1999-12-31 23:59:59)
<6>[ 249.392257] ok 11 - VFAT 10ms resolution (1980-01-01 00:00:00:0010)
<6>[ 249.398427] # fat_time_fat2unix_test: pass:11 fail:0 skip:0 total:11
<6>[ 249.399820] ok 2 - fat_time_fat2unix_test
<6>[ 249.406588] # Subtest: fat_time_unix2fat_test
<6>[ 260.162056] ok 1 - Earliest possible UTC (1980-01-01 00:00:00)
<6>[ 260.179365] ok 2 - Latest possible UTC (2107-12-31 23:59:58)
<6>[ 260.203824] ok 3 - Earliest possible (UTC-11) (== 1979-12-31 13:00:00 UTC)
<6>[ 260.226883] ok 4 - Latest possible (UTC+11) (== 2108-01-01 10:59:58 UTC)
<6>[ 260.280136] ok 5 - Leap Day / Year (1996-02-29 00:00:00)
<6>[ 260.305716] ok 6 - Year 2000 is leap year (2000-02-29 00:00:00)
<6>[ 260.323754] ok 7 - Year 2100 not leap year (2100-03-01 00:00:00)
<6>[ 260.378261] ok 8 - Leap year + timezone UTC+1 (== 2004-02-29 00:30:00 UTC)
<6>[ 260.393144] ok 9 - Leap year + timezone UTC-1 (== 2004-02-29 23:30:00 UTC)
<6>[ 260.415286] ok 10 - VFAT odd-second resolution (1999-12-31 23:59:59)
<6>[ 260.434761] ok 11 - VFAT 10ms resolution (1980-01-01 00:00:00:0010)
<6>[ 260.436185] # fat_time_unix2fat_test: pass:11 fail:0 skip:0 total:11
<6>[ 260.441012] ok 3 - fat_time_unix2fat_test
<6>[ 260.443215] # fat_test: pass:3 fail:0 skip:0 total:3
<6>[ 260.444258] # Totals: pass:23 fail:0 skip:0 total:23
<6>[ 260.447811] ok 8 - fat_test
<6>[ 260.462831] # Subtest: hash
<6>[ 260.463141] 1..2
<6>[ 260.505022] ok 1 - test_string_or
<6>[ 262.084868] ok 2 - test_hash_or
<6>[ 262.088325] # hash: pass:2 fail:0 skip:0 total:2
<6>[ 262.090146] # Totals: pass:2 fail:0 skip:0 total:2
<6>[ 262.102608] ok 9 - hash
<6>[ 262.108069] # Subtest: kasan
<6>[ 262.108392] 1..55
<3>[ 262.136709] ==================================================================
<3>[ 262.140323] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0xcc/0x33c
<3>[ 262.143929] Write of size 1 at addr ffff00000768b673 by task kunit_try_catch/253
<3>[ 262.145162]
<3>[ 262.145723] CPU: 0 PID: 253 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<3>[ 272.745558] Hardware name: linux,dummy-virt (DT)
<3>[ 272.746457] Call trace:
<3>[ 272.747004] dump_backtrace+0xb8/0x130
<3>[ 272.748068] show_stack+0x20/0x60
<3>[ 272.749012] dump_stack_lvl+0x8c/0xb8
<3>[ 272.752279] print_report+0x2e4/0x620
<3>[ 272.753374] kasan_report+0xa8/0x1dc
<3>[ 272.754426] __asan_store1+0x88/0xb0
<3>[ 272.755412] kmalloc_oob_right+0xcc/0x33c
<3>[ 272.756317] kunit_try_run_case+0x8c/0x124
<3>[ 272.757280] kunit_generic_run_threadfn_adapter+0x38/0x54
<3>[ 272.760652] kthread+0x160/0x170
<3>[ 272.761715] ret_from_fork+0x10/0x20
<3>[ 272.762634]
<3>[ 272.763189] Allocated by task 253:
<4>[ 272.763960] kasan_save_stack+0x2c/0x5c
<4>[ 272.764895] __kasan_kmalloc+0xac/0x104
<4>[ 272.767970] kmem_cache_alloc_trace+0x1f8/0x3b0
<4>[ 272.768965] kmalloc_oob_right+0xa0/0x33c
<4>[ 272.772937] kunit_try_run_case+0x8c/0x124
<4>[ 272.779033] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 272.780190] kthread+0x160/0x170
<4>[ 272.781012] ret_from_fork+0x10/0x20
<3>[ 272.784097]
<3>[ 272.784607] The buggy address belongs to the object at ffff00000768b600
<3>[ 272.784607] which belongs to the cache kmalloc-128 of size 128
<3>[ 272.786388] The buggy address is located 115 bytes inside of
<3>[ 272.786388] 128-byte region [ffff00000768b600, ffff00000768b680)
<3>[ 272.788054]
<3>[ 272.788658] The buggy address belongs to the physical page:
<4>[ 272.792008] page:000000002b6fea86 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4768b
<4>[ 272.793586] flags: 0x3fffc0000000200(slab|node=0|zone=0|lastcpupid=0xffff)
<4>[ 272.795328] raw: 03fffc0000000200 fffffc00001da380 dead000000000002 ffff000006802300
<4>[ 272.796640] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
<4>[ 272.800031] page dumped because: kasan: bad access detected
<3>[ 272.800948]
<3>[ 272.801408] Memory state around the buggy address:
<3>[ 272.802568] ffff00000768b500: 00 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 272.803760] ffff00000768b580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 272.804920] >ffff00000768b600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
<3>[ 272.808172] ^
<3>[ 272.809340] ffff00000768b680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 272.810499] ffff00000768b700: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
<3>[ 272.811632] ==================================================================
<3>[ 272.887306] ==================================================================
<3>[ 272.889786] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0xf8/0x33c
<3>[ 272.891094] Write of size 1 at addr ffff00000768b678 by task kunit_try_catch/253
<3>[ 272.892255]
<3>[ 272.892719] CPU: 1 PID: 253 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<3>[ 272.894046] Hardware name: linux,dummy-virt (DT)
<3>[ 272.894849] Call trace:
<3>[ 272.895390] dump_backtrace+0xb8/0x130
<3>[ 272.896262] show_stack+0x20/0x60
<3>[ 272.897055] dump_stack_lvl+0x8c/0xb8
<3>[ 272.897955] print_report+0x2e4/0x620
<3>[ 272.898855] kasan_report+0xa8/0x1dc
<3>[ 272.899731] __asan_store1+0x88/0xb0
<3>[ 272.908131] kmalloc_oob_right+0xf8/0x33c
<3>[ 272.909074] kunit_try_run_case+0x8c/0x124
<3>[ 272.910058] kunit_generic_run_threadfn_adapter+0x38/0x54
<3>[ 272.911222] kthread+0x160/0x170
<3>[ 272.912060] ret_from_fork+0x10/0x20
<3>[ 272.912945]
<3>[ 272.913388] Allocated by task 253:
<4>[ 272.914064] kasan_save_stack+0x2c/0x5c
<4>[ 272.914965] __kasan_kmalloc+0xac/0x104
<4>[ 272.915848] kmem_cache_alloc_trace+0x1f8/0x3b0
<4>[ 272.916810] kmalloc_oob_right+0xa0/0x33c
<4>[ 272.917717] kunit_try_run_case+0x8c/0x124
<4>[ 272.918668] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 272.919816] kthread+0x160/0x170
<4>[ 272.920635] ret_from_fork+0x10/0x20
<3>[ 272.921511]
<3>[ 272.921938] The buggy address belongs to the object at ffff00000768b600
<3>[ 272.921938] which belongs to the cache kmalloc-128 of size 128
<3>[ 272.923632] The buggy address is located 120 bytes inside of
<3>[ 272.923632] 128-byte region [ffff00000768b600, ffff00000768b680)
<3>[ 272.925289]
<3>[ 272.925722] The buggy address belongs to the physical page:
<4>[ 272.926609] page:000000002b6fea86 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4768b
<4>[ 272.927982] flags: 0x3fffc0000000200(slab|node=0|zone=0|lastcpupid=0xffff)
<4>[ 272.929294] raw: 03fffc0000000200 fffffc00001da380 dead000000000002 ffff000006802300
<4>[ 272.930555] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
<4>[ 272.931697] page dumped because: kasan: bad access detected
<3>[ 272.932576]
<3>[ 272.932997] Memory state around the buggy address:
<3>[ 272.933855] ffff00000768b500: 00 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 272.935016] ffff00000768b580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 272.936168] >ffff00000768b600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
<3>[ 272.937261] ^
<3>[ 272.938360] ffff00000768b680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 272.939514] ffff00000768b700: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
<3>[ 272.940598] ==================================================================
<3>[ 272.943491] ==================================================================
<3>[ 272.944574] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x124/0x33c
<3>[ 272.945854] Read of size 1 at addr ffff00000768b680 by task kunit_try_catch/253
<3>[ 272.947010]
<3>[ 272.947469] CPU: 1 PID: 253 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<3>[ 272.948775] Hardware name: linux,dummy-virt (DT)
<3>[ 272.949580] Call trace:
<3>[ 272.950125] dump_backtrace+0xb8/0x130
<3>[ 273.084775] show_stack+0x20/0x60
<3>[ 273.085687] dump_stack_lvl+0x8c/0xb8
<3>[ 273.086588] print_report+0x2e4/0x620
<3>[ 273.087482] kasan_report+0xa8/0x1dc
<3>[ 273.088359] __asan_load1+0x88/0xb0
<3>[ 273.089229] kmalloc_oob_right+0x124/0x33c
<3>[ 273.090172] kunit_try_run_case+0x8c/0x124
<3>[ 273.091126] kunit_generic_run_threadfn_adapter+0x38/0x54
<3>[ 273.092284] kthread+0x160/0x170
<3>[ 273.093113] ret_from_fork+0x10/0x20
<3>[ 273.094022]
<3>[ 273.094451] Allocated by task 253:
<4>[ 273.095116] kasan_save_stack+0x2c/0x5c
<4>[ 273.096009] __kasan_kmalloc+0xac/0x104
<4>[ 273.096892] kmem_cache_alloc_trace+0x1f8/0x3b0
<4>[ 273.097872] kmalloc_oob_right+0xa0/0x33c
<4>[ 273.098770] kunit_try_run_case+0x8c/0x124
<4>[ 273.099711] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 273.100860] kthread+0x160/0x170
<4>[ 273.101698] ret_from_fork+0x10/0x20
<3>[ 273.102572]
<3>[ 273.102996] The buggy address belongs to the object at ffff00000768b600
<3>[ 273.102996] which belongs to the cache kmalloc-128 of size 128
<3>[ 273.104717] The buggy address is located 0 bytes to the right of
<3>[ 273.104717] 128-byte region [ffff00000768b600, ffff00000768b680)
<3>[ 273.106421]
<3>[ 273.106853] The buggy address belongs to the physical page:
<4>[ 273.107732] page:000000002b6fea86 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4768b
<4>[ 273.109100] flags: 0x3fffc0000000200(slab|node=0|zone=0|lastcpupid=0xffff)
<4>[ 273.374827] raw: 03fffc0000000200 fffffc00001da380 dead000000000002 ffff000006802300
<4>[ 273.380394] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
<4>[ 273.381594] page dumped because: kasan: bad access detected
<3>[ 273.382487]
<3>[ 273.382910] Memory state around the buggy address:
<3>[ 273.383760] ffff00000768b580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 273.384913] ffff00000768b600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
<3>[ 273.386086] >ffff00000768b680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 273.387175] ^
<3>[ 273.387868] ffff00000768b700: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
<3>[ 273.389020] ffff00000768b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 273.390128] ==================================================================
<6>[ 273.412868] ok 1 - kmalloc_oob_right
<3>[ 273.431711] ==================================================================
<3>[ 273.435034] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0xcc/0x1e0
<3>[ 273.436285] Read of size 1 at addr ffff00000768dfff by task kunit_try_catch/254
<3>[ 273.439305]
<3>[ 273.439788] CPU: 0 PID: 254 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<3>[ 273.441098] Hardware name: linux,dummy-virt (DT)
<3>[ 273.442769] Call trace:
<3>[ 273.443324] dump_backtrace+0xb8/0x130
<3>[ 273.444193] show_stack+0x20/0x60
<3>[ 273.444986] dump_stack_lvl+0x8c/0xb8
<3>[ 273.447681] print_report+0x2e4/0x620
<3>[ 273.448589] kasan_report+0xa8/0x1dc
<3>[ 273.450237] __asan_load1+0x88/0xb0
<3>[ 273.451139] kmalloc_oob_left+0xcc/0x1e0
<3>[ 273.452024] kunit_try_run_case+0x8c/0x124
<3>[ 273.452973] kunit_generic_run_threadfn_adapter+0x38/0x54
<3>[ 273.455913] kthread+0x160/0x170
<3>[ 273.456757] ret_from_fork+0x10/0x20
<3>[ 273.458410]
<3>[ 273.458861] Allocated by task 1:
<4>[ 273.459509] kasan_save_stack+0x2c/0x5c
<4>[ 273.850477] __kasan_slab_alloc+0xc0/0xd0
<4>[ 273.851506] kmem_cache_alloc+0x180/0x3a0
<4>[ 273.852402] __kernfs_new_node+0xd8/0x360
<4>[ 273.855133] kernfs_new_node+0x78/0xc0
<4>[ 273.856113] __kernfs_create_file+0x38/0x16c
<4>[ 273.857121] sysfs_add_file_mode_ns+0xd0/0x1b0
<4>[ 273.858984] internal_create_group+0x1c4/0x560
<4>[ 273.860051] internal_create_groups.part.0+0x68/0xf0
<4>[ 273.861197] sysfs_create_groups+0x24/0x40
<4>[ 273.864005] device_add_groups+0x18/0x24
<4>[ 273.865019] bus_add_device+0x74/0x244
<4>[ 273.866790] device_add+0x5a0/0xd14
<4>[ 273.867610] of_device_add+0x80/0xb0
<4>[ 273.868528] of_platform_device_create_pdata+0xd4/0x150
<4>[ 273.871468] of_platform_bus_create+0x264/0x5e4
<4>[ 273.872550] of_platform_populate+0x68/0x150
<4>[ 273.874338] of_platform_default_populate_init+0xfc/0x11c
<4>[ 273.875566] do_one_initcall+0xa4/0x3ec
<4>[ 273.876440] kernel_init_freeable+0x2fc/0x388
<4>[ 273.879219] kernel_init+0x2c/0x150
<4>[ 273.880049] ret_from_fork+0x10/0x20
<3>[ 273.880913]
<3>[ 273.882096] The buggy address belongs to the object at ffff00000768df00
<3>[ 273.882096] which belongs to the cache kernfs_node_cache of size 128
<3>[ 273.883871] The buggy address is located 127 bytes to the right of
<3>[ 273.883871] 128-byte region [ffff00000768df00, ffff00000768df80)
<3>[ 273.887340]
<3>[ 273.887792] The buggy address belongs to the physical page:
<4>[ 273.888669] page:000000000f4785f9 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4768d
<4>[ 273.890801] flags: 0x3fffc0000000200(slab|node=0|zone=0|lastcpupid=0xffff)
<4>[ 273.892105] raw: 03fffc0000000200 0000000000000000 dead000000000122 ffff0000070bfb00
<4>[ 273.895105] raw: 0000000000000000 0000000000150015 00000001ffffffff 0000000000000000
<4>[ 273.896281] page dumped because: kasan: bad access detected
<3>[ 273.897162]
<3>[ 273.898342] Memory state around the buggy address:
<3>[ 274.487989] ffff00000768de80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
<3>[ 274.489224] ffff00000768df00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
<3>[ 274.491205] >ffff00000768df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 274.492296] ^
<3>[ 274.495199] ffff00000768e000: 00 07 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 274.496392] ffff00000768e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 274.498249] ==================================================================
<6>[ 274.514571] ok 2 - kmalloc_oob_left
<3>[ 274.539686] ==================================================================
<3>[ 274.541909] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0xd4/0x1f0
<3>[ 274.543592] Read of size 1 at addr ffff00000ac9d000 by task kunit_try_catch/255
<3>[ 274.548170]
<3>[ 274.548679] CPU: 0 PID: 255 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<3>[ 274.550379] Hardware name: linux,dummy-virt (DT)
<3>[ 274.551384] Call trace:
<3>[ 274.552036] dump_backtrace+0xb8/0x130
<3>[ 274.552973] show_stack+0x20/0x60
<3>[ 274.555879] dump_stack_lvl+0x8c/0xb8
<3>[ 274.556782] print_report+0x2e4/0x620
<3>[ 274.557685] kasan_report+0xa8/0x1dc
<3>[ 274.558571] __asan_load1+0x88/0xb0
<3>[ 274.559442] kmalloc_node_oob_right+0xd4/0x1f0
<3>[ 274.560422] kunit_try_run_case+0x8c/0x124
<3>[ 274.563328] kunit_generic_run_threadfn_adapter+0x38/0x54
<3>[ 274.564522] kthread+0x160/0x170
<3>[ 274.565369] ret_from_fork+0x10/0x20
<3>[ 274.566260]
<3>[ 274.566721] Allocated by task 255:
<4>[ 274.567444] kasan_save_stack+0x2c/0x5c
<4>[ 274.568403] __kasan_kmalloc+0xac/0x104
<4>[ 274.569299] kmem_cache_alloc_node_trace+0x1cc/0x3f0
<4>[ 274.572244] kmalloc_node_oob_right+0xa4/0x1f0
<4>[ 274.573217] kunit_try_run_case+0x8c/0x124
<4>[ 274.574179] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 275.352410] kthread+0x160/0x170
<4>[ 275.353517] ret_from_fork+0x10/0x20
<3>[ 275.354559]
<3>[ 275.355058] The buggy address belongs to the object at ffff00000ac9c000
<3>[ 275.355058] which belongs to the cache kmalloc-4k of size 4096
<3>[ 275.356749] The buggy address is located 0 bytes to the right of
<3>[ 275.356749] 4096-byte region [ffff00000ac9c000, ffff00000ac9d000)
<3>[ 275.360772]
<3>[ 275.361231] The buggy address belongs to the physical page:
<4>[ 275.362233] page:0000000025e44160 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4ac98
<4>[ 275.363680] head:0000000025e44160 order:3 compound_mapcount:0 compound_pincount:0
<4>[ 275.364816] flags: 0x3fffc0000010200(slab|head|node=0|zone=0|lastcpupid=0xffff)
<4>[ 275.368511] raw: 03fffc0000010200 0000000000000000 dead000000000001 ffff000006802a80
<4>[ 275.369962] raw: 0000000000000000 0000000080040004 00000001ffffffff 0000000000000000
<4>[ 275.371120] page dumped because: kasan: bad access detected
<3>[ 275.372002]
<3>[ 275.372424] Memory state around the buggy address:
<3>[ 275.373285] ffff00000ac9cf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
<3>[ 275.376653] ffff00000ac9cf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
<3>[ 275.377825] >ffff00000ac9d000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 275.378918] ^
<3>[ 275.379609] ffff00000ac9d080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 275.380761] ffff00000ac9d100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 275.384020] ==================================================================
<6>[ 275.424507] ok 3 - kmalloc_node_oob_right
<3>[ 275.450873] ==================================================================
<3>[ 275.455754] BUG: KASAN: slab-out-of-bounds in kmalloc_pagealloc_oob_right+0xbc/0x1c4
<3>[ 275.457144] Write of size 1 at addr ffff00000cba600a by task kunit_try_catch/256
<3>[ 275.459488]
<3>[ 276.465186] CPU: 1 PID: 256 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<3>[ 276.466662] Hardware name: linux,dummy-virt (DT)
<3>[ 276.467467] Call trace:
<3>[ 276.468011] dump_backtrace+0xb8/0x130
<3>[ 276.468898] show_stack+0x20/0x60
<3>[ 276.469711] dump_stack_lvl+0x8c/0xb8
<3>[ 276.470698] print_report+0x2e4/0x620
<3>[ 276.471727] kasan_report+0xa8/0x1dc
<3>[ 276.472608] __asan_store1+0x88/0xb0
<3>[ 276.473515] kmalloc_pagealloc_oob_right+0xbc/0x1c4
<3>[ 276.474548] kunit_try_run_case+0x8c/0x124
<3>[ 276.475499] kunit_generic_run_threadfn_adapter+0x38/0x54
<3>[ 276.476660] kthread+0x160/0x170
<3>[ 276.477504] ret_from_fork+0x10/0x20
<3>[ 276.478394]
<3>[ 276.478826] The buggy address belongs to the physical page:
<4>[ 276.479886] page:000000002a0a991a refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4cba4
<4>[ 276.481289] head:000000002a0a991a order:2 compound_mapcount:0 compound_pincount:0
<4>[ 276.482433] flags: 0x3fffc0000010000(head|node=0|zone=0|lastcpupid=0xffff)
<4>[ 276.483713] raw: 03fffc0000010000 0000000000000000 dead000000000122 0000000000000000
<4>[ 276.484959] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
<4>[ 276.486189] page dumped because: kasan: bad access detected
<3>[ 276.487080]
<3>[ 276.487502] Memory state around the buggy address:
<3>[ 276.488348] ffff00000cba5f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
<3>[ 276.489515] ffff00000cba5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
<3>[ 276.490675] >ffff00000cba6000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe
<3>[ 276.491759] ^
<3>[ 276.492481] ffff00000cba6080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
<3>[ 276.493650] ffff00000cba6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
<3>[ 276.494742] ==================================================================
<6>[ 276.511929] ok 4 - kmalloc_pagealloc_oob_right
<3>[ 276.534942] ==================================================================
<3>[ 277.850597] BUG: KASAN: use-after-free in kmalloc_pagealloc_uaf+0xc0/0x1c0
<3>[ 277.851905] Read of size 1 at addr ffff00000cba4000 by task kunit_try_catch/257
<3>[ 277.853052]
<3>[ 277.853542] CPU: 1 PID: 257 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<3>[ 277.854860] Hardware name: linux,dummy-virt (DT)
<3>[ 277.855658] Call trace:
<3>[ 277.856196] dump_backtrace+0xb8/0x130
<3>[ 277.857061] show_stack+0x20/0x60
<3>[ 277.857878] dump_stack_lvl+0x8c/0xb8
<3>[ 277.858763] print_report+0x2e4/0x620
<3>[ 277.859651] kasan_report+0xa8/0x1dc
<3>[ 277.860525] __asan_load1+0x88/0xb0
<3>[ 277.861410] kmalloc_pagealloc_uaf+0xc0/0x1c0
<3>[ 277.862362] kunit_try_run_case+0x8c/0x124
<3>[ 277.863313] kunit_generic_run_threadfn_adapter+0x38/0x54
<3>[ 277.864471] kthread+0x160/0x170
<3>[ 277.865312] ret_from_fork+0x10/0x20
<3>[ 277.866203]
<3>[ 277.866635] The buggy address belongs to the physical page:
<4>[ 277.867570] page:000000002a0a991a refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4cba4
<4>[ 277.868943] flags: 0x3fffc0000000000(node=0|zone=0|lastcpupid=0xffff)
<4>[ 277.870198] raw: 03fffc0000000000 fffffc0000323108 ffff00003411a7b0 0000000000000000
<4>[ 277.871446] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
<4>[ 277.872613] page dumped because: kasan: bad access detected
<3>[ 277.873627]
<3>[ 277.874062] Memory state around the buggy address:
<3>[ 277.874910] ffff00000cba3f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
<3>[ 277.876063] ffff00000cba3f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
<3>[ 277.877214] >ffff00000cba4000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
<3>[ 277.878319] ^
<3>[ 277.879015] ffff00000cba4080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
<3>[ 277.880166] ffff00000cba4100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
<3>[ 279.531087] ==================================================================
<6>[ 279.595005] ok 5 - kmalloc_pagealloc_uaf
<3>[ 279.631090] ==================================================================
<3>[ 279.632896] BUG: KASAN: double-free or invalid-free in kfree+0x374/0x3f0
<3>[ 279.634105]
<3>[ 279.634572] CPU: 0 PID: 258 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<3>[ 279.636253] Hardware name: linux,dummy-virt (DT)
<3>[ 279.637265] Call trace:
<3>[ 279.640397] dump_backtrace+0xb8/0x130
<3>[ 279.642141] show_stack+0x20/0x60
<3>[ 279.642983] dump_stack_lvl+0x8c/0xb8
<3>[ 279.643868] print_report+0x2e4/0x620
<3>[ 279.644754] kasan_report_invalid_free+0x84/0x110
<3>[ 279.647562] __kasan_kfree_large+0x5c/0xc4
<3>[ 279.648535] free_large_kmalloc+0x78/0x16c
<3>[ 279.650200] kfree+0x374/0x3f0
<3>[ 279.650974] kmalloc_pagealloc_invalid_free+0xb8/0x1b0
<3>[ 279.652033] kunit_try_run_case+0x8c/0x124
<3>[ 279.652984] kunit_generic_run_threadfn_adapter+0x38/0x54
<3>[ 279.655934] kthread+0x160/0x170
<3>[ 279.656776] ret_from_fork+0x10/0x20
<3>[ 279.658426]
<3>[ 279.658878] The buggy address belongs to the physical page:
<4>[ 279.659763] page:000000009c787604 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4ca60
<4>[ 279.661132] head:000000009c787604 order:2 compound_mapcount:0 compound_pincount:0
<4>[ 279.664028] flags: 0x3fffc0000010000(head|node=0|zone=0|lastcpupid=0xffff)
<4>[ 279.666072] raw: 03fffc0000010000 0000000000000000 dead000000000122 0000000000000000
<4>[ 279.667351] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
<4>[ 279.668494] page dumped because: kasan: bad access detected
<3>[ 279.671120]
<3>[ 279.671570] Memory state around the buggy address:
<3>[ 279.672422] ffff00000ca5ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
<3>[ 279.674347] ffff00000ca5ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
<3>[ 281.596106] >ffff00000ca60000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
<3>[ 281.597284] ^
<3>[ 281.598902] ffff00000ca60080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
<3>[ 281.600060] ffff00000ca60100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
<3>[ 281.601182] ==================================================================
<6>[ 281.618091] ok 6 - kmalloc_pagealloc_invalid_free
<6>[ 281.642935] ok 7 - pagealloc_oob_right # SKIP Test requires CONFIG_KASAN_GENERIC=n
<3>[ 281.668654] ==================================================================
<3>[ 281.671090] BUG: KASAN: use-after-free in pagealloc_uaf+0xdc/0x1ec
<3>[ 281.672542] Read of size 1 at addr ffff00000db80000 by task kunit_try_catch/260
<3>[ 281.676377]
<3>[ 281.676935] CPU: 1 PID: 260 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<3>[ 281.680348] Hardware name: linux,dummy-virt (DT)
<3>[ 281.681389] Call trace:
<3>[ 281.682053] dump_backtrace+0xb8/0x130
<3>[ 281.682976] show_stack+0x20/0x60
<3>[ 281.683771] dump_stack_lvl+0x8c/0xb8
<3>[ 281.684648] print_report+0x2e4/0x620
<3>[ 281.687386] kasan_report+0xa8/0x1dc
<3>[ 281.688293] __asan_load1+0x88/0xb0
<3>[ 281.689165] pagealloc_uaf+0xdc/0x1ec
<3>[ 281.690049] kunit_try_run_case+0x8c/0x124
<3>[ 281.691000] kunit_generic_run_threadfn_adapter+0x38/0x54
<3>[ 281.692157] kthread+0x160/0x170
<3>[ 281.692987] ret_from_fork+0x10/0x20
<3>[ 281.695768]
<3>[ 281.696210] The buggy address belongs to the physical page:
<4>[ 281.697087] page:00000000ba590f46 refcount:0 mapcount:-128 mapping:0000000000000000 index:0x0 pfn:0x4db80
<4>[ 281.698511] flags: 0x3fffc0000000000(node=0|zone=0|lastcpupid=0xffff)
<4>[ 281.699728] raw: 03fffc0000000000 ffff00003fdffda0 fffffc0000392408 0000000000000000
<4>[ 281.700973] raw: 0000000000000000 0000000000000004 00000000ffffff7f 0000000000000000
<4>[ 281.704037] page dumped because: kasan: bad access detected
<3>[ 284.023294]
<3>[ 284.023873] Memory state around the buggy address:
<3>[ 284.024951] ffff00000db7ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
<3>[ 284.026191] ffff00000db7ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
<3>[ 284.027357] >ffff00000db80000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
<3>[ 284.028442] ^
<3>[ 284.029136] ffff00000db80080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
<3>[ 284.032569] ffff00000db80100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
<3>[ 284.033680] ==================================================================
<6>[ 284.080693] ok 8 - pagealloc_uaf
<3>[ 284.106285] ==================================================================
<3>[ 284.108402] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0xcc/0x1dc
<3>[ 284.112775] Write of size 1 at addr ffff00000c565f00 by task kunit_try_catch/261
<3>[ 284.115013]
<3>[ 284.115493] CPU: 0 PID: 261 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<3>[ 284.116806] Hardware name: linux,dummy-virt (DT)
<3>[ 284.119353] Call trace:
<3>[ 284.119914] dump_backtrace+0xb8/0x130
<3>[ 284.120784] show_stack+0x20/0x60
<3>[ 284.122342] dump_stack_lvl+0x8c/0xb8
<3>[ 284.123249] print_report+0x2e4/0x620
<3>[ 284.124139] kasan_report+0xa8/0x1dc
<3>[ 284.125015] __asan_store1+0x88/0xb0
<3>[ 284.127645] kmalloc_large_oob_right+0xcc/0x1dc
<3>[ 284.128633] kunit_try_run_case+0x8c/0x124
<3>[ 284.130342] kunit_generic_run_threadfn_adapter+0x38/0x54
<3>[ 284.131529] kthread+0x160/0x170
<3>[ 284.132360] ret_from_fork+0x10/0x20
<3>[ 284.133242]
<3>[ 284.135432] Allocated by task 261:
<4>[ 284.136108] kasan_save_stack+0x2c/0x5c
<4>[ 284.137005] __kasan_kmalloc+0xac/0x104
<4>[ 284.138649] kmem_cache_alloc_trace+0x1f8/0x3b0
<4>[ 284.139627] kmalloc_large_oob_right+0x9c/0x1dc
<4>[ 284.140589] kunit_try_run_case+0x8c/0x124
<4>[ 286.859689] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 286.860953] kthread+0x160/0x170
<4>[ 286.862568] ret_from_fork+0x10/0x20
<3>[ 286.863467]
<3>[ 286.863894] The buggy address belongs to the object at ffff00000c564000
<3>[ 286.863894] which belongs to the cache kmalloc-8k of size 8192
<3>[ 286.867393] The buggy address is located 7936 bytes inside of
<3>[ 286.867393] 8192-byte region [ffff00000c564000, ffff00000c566000)
<3>[ 286.869086]
<3>[ 286.870278] The buggy address belongs to the physical page:
<4>[ 286.871176] page:0000000041b876cd refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4c560
<4>[ 286.872551] head:0000000041b876cd order:3 compound_mapcount:0 compound_pincount:0
<4>[ 286.875419] flags: 0x3fffc0000010200(slab|head|node=0|zone=0|lastcpupid=0xffff)
<4>[ 286.876785] raw: 03fffc0000010200 0000000000000000 dead000000000122 ffff000006802c00
<4>[ 286.878800] raw: 0000000000000000 0000000080020002 00000001ffffffff 0000000000000000
<4>[ 286.879958] page dumped because: kasan: bad access detected
<3>[ 286.880840]
<3>[ 286.881274] Memory state around the buggy address:
<3>[ 286.883865] ffff00000c565e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
<3>[ 286.885112] ffff00000c565e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
<3>[ 286.887103] >ffff00000c565f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 286.888199] ^
<3>[ 286.888890] ffff00000c565f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 286.891781] ffff00000c566000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 286.892885] ==================================================================
<6>[ 286.927544] ok 9 - kmalloc_large_oob_right
<3>[ 286.950366] ==================================================================
<3>[ 286.952497] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x140/0x3a4
<3>[ 286.954998] Write of size 1 at addr ffff00000cbb5eeb by task kunit_try_catch/262
<3>[ 290.138598]
<3>[ 290.139150] CPU: 1 PID: 262 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<3>[ 290.140564] Hardware name: linux,dummy-virt (DT)
<3>[ 290.142215] Call trace:
<3>[ 290.142795] dump_backtrace+0xb8/0x130
<3>[ 290.143682] show_stack+0x20/0x60
<3>[ 290.144477] dump_stack_lvl+0x8c/0xb8
<3>[ 290.146278] print_report+0x2e4/0x620
<3>[ 290.147208] kasan_report+0xa8/0x1dc
<3>[ 290.148086] __asan_store1+0x88/0xb0
<3>[ 290.148969] krealloc_more_oob_helper+0x140/0x3a4
<3>[ 290.150880] krealloc_more_oob+0x18/0x24
<3>[ 290.151793] kunit_try_run_case+0x8c/0x124
<3>[ 290.152743] kunit_generic_run_threadfn_adapter+0x38/0x54
<3>[ 290.154786] kthread+0x160/0x170
<3>[ 290.155642] ret_from_fork+0x10/0x20
<3>[ 290.156525]
<3>[ 290.156952] Allocated by task 262:
<4>[ 290.158488] kasan_save_stack+0x2c/0x5c
<4>[ 290.159409] __kasan_krealloc+0xf8/0x190
<4>[ 290.160317] krealloc+0x170/0x1d0
<4>[ 290.161162] krealloc_more_oob_helper+0xd8/0x3a4
<4>[ 290.163040] krealloc_more_oob+0x18/0x24
<4>[ 290.163934] kunit_try_run_case+0x8c/0x124
<4>[ 290.164874] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 290.166901] kthread+0x160/0x170
<4>[ 290.167736] ret_from_fork+0x10/0x20
<3>[ 290.168599]
<3>[ 290.169023] The buggy address belongs to the object at ffff00000cbb5e00
<3>[ 290.169023] which belongs to the cache kmalloc-256 of size 256
<3>[ 290.171586] The buggy address is located 235 bytes inside of
<3>[ 290.171586] 256-byte region [ffff00000cbb5e00, ffff00000cbb5f00)
<3>[ 293.863129]
<3>[ 293.863645] The buggy address belongs to the physical page:
<4>[ 293.864533] page:0000000071f5b5fc refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4cbb4
<4>[ 293.866805] head:0000000071f5b5fc order:1 compound_mapcount:0 compound_pincount:0
<4>[ 293.867981] flags: 0x3fffc0000010200(slab|head|node=0|zone=0|lastcpupid=0xffff)
<4>[ 293.870183] raw: 03fffc0000010200 0000000000000000 dead000000000122 ffff000006802480
<4>[ 293.871473] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
<4>[ 293.872619] page dumped because: kasan: bad access detected
<3>[ 293.874384]
<3>[ 293.874828] Memory state around the buggy address:
<3>[ 293.875680] ffff00000cbb5d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 293.876835] ffff00000cbb5e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
<3>[ 293.878858] >ffff00000cbb5e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
<3>[ 293.879961] ^
<3>[ 293.881001] ffff00000cbb5f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 293.883024] ffff00000cbb5f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 293.884128] ==================================================================
<3>[ 293.899496] ==================================================================
<3>[ 293.900902] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x174/0x3a4
<3>[ 293.905389] Write of size 1 at addr ffff00000cbb5ef0 by task kunit_try_catch/262
<3>[ 293.906567]
<3>[ 293.907105] CPU: 0 PID: 262 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<3>[ 293.908781] Hardware name: linux,dummy-virt (DT)
<3>[ 293.909848] Call trace:
<3>[ 293.910398] dump_backtrace+0xb8/0x130
<3>[ 293.911268] show_stack+0x20/0x60
<3>[ 293.912060] dump_stack_lvl+0x8c/0xb8
<3>[ 298.097291] print_report+0x2e4/0x620
<3>[ 298.098319] kasan_report+0xa8/0x1dc
<3>[ 298.099226] __asan_store1+0x88/0xb0
<3>[ 298.100295] krealloc_more_oob_helper+0x174/0x3a4
<3>[ 298.101329] krealloc_more_oob+0x18/0x24
<3>[ 298.102238] kunit_try_run_case+0x8c/0x124
<3>[ 298.103189] kunit_generic_run_threadfn_adapter+0x38/0x54
<3>[ 298.104346] kthread+0x160/0x170
<3>[ 298.105176] ret_from_fork+0x10/0x20
<3>[ 298.106111]
<3>[ 298.106541] Allocated by task 262:
<4>[ 298.107208] kasan_save_stack+0x2c/0x5c
<4>[ 298.108104] __kasan_krealloc+0xf8/0x190
<4>[ 298.109013] krealloc+0x170/0x1d0
<4>[ 298.109878] krealloc_more_oob_helper+0xd8/0x3a4
<4>[ 298.110874] krealloc_more_oob+0x18/0x24
<4>[ 298.111763] kunit_try_run_case+0x8c/0x124
<4>[ 298.112702] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 298.113866] kthread+0x160/0x170
<4>[ 298.114696] ret_from_fork+0x10/0x20
<3>[ 298.115561]
<3>[ 298.115986] The buggy address belongs to the object at ffff00000cbb5e00
<3>[ 298.115986] which belongs to the cache kmalloc-256 of size 256
<3>[ 298.117681] The buggy address is located 240 bytes inside of
<3>[ 298.117681] 256-byte region [ffff00000cbb5e00, ffff00000cbb5f00)
<3>[ 298.119332]
<3>[ 298.119763] The buggy address belongs to the physical page:
<4>[ 298.120640] page:0000000071f5b5fc refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4cbb4
<4>[ 298.122024] head:0000000071f5b5fc order:1 compound_mapcount:0 compound_pincount:0
<4>[ 298.123159] flags: 0x3fffc0000010200(slab|head|node=0|zone=0|lastcpupid=0xffff)
<4>[ 298.124504] raw: 03fffc0000010200 0000000000000000 dead000000000122 ffff000006802480
<4>[ 298.125770] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
<4>[ 298.126917] page dumped because: kasan: bad access detected
<3>[ 298.127795]
<3>[ 298.128216] Memory state around the buggy address:
<3>[ 298.129061] ffff00000cbb5d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 302.869824] ffff00000cbb5e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
<3>[ 302.871061] >ffff00000cbb5e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
<3>[ 302.872149] ^
<3>[ 302.873221] ffff00000cbb5f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 302.874402] ffff00000cbb5f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 302.875489] ==================================================================
<6>[ 302.882189] ok 10 - krealloc_more_oob
<3>[ 302.900583] ==================================================================
<3>[ 302.903434] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x114/0x5fc
<3>[ 302.904842] Write of size 1 at addr ffff00000cbb5cc9 by task kunit_try_catch/263
<3>[ 302.908042]
<3>[ 302.908530] CPU: 1 PID: 263 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<3>[ 302.909858] Hardware name: linux,dummy-virt (DT)
<3>[ 302.910663] Call trace:
<3>[ 302.911202] dump_backtrace+0xb8/0x130
<3>[ 302.912073] show_stack+0x20/0x60
<3>[ 302.912866] dump_stack_lvl+0x8c/0xb8
<3>[ 302.915685] print_report+0x2e4/0x620
<3>[ 302.916607] kasan_report+0xa8/0x1dc
<3>[ 302.917500] __asan_store1+0x88/0xb0
<3>[ 302.918392] krealloc_less_oob_helper+0x114/0x5fc
<3>[ 302.919405] krealloc_less_oob+0x18/0x2c
<3>[ 302.920302] kunit_try_run_case+0x8c/0x124
<3>[ 302.921263] kunit_generic_run_threadfn_adapter+0x38/0x54
<3>[ 302.924341] kthread+0x160/0x170
<3>[ 302.925178] ret_from_fork+0x10/0x20
<3>[ 302.926084]
<3>[ 302.926513] Allocated by task 263:
<4>[ 302.927176] kasan_save_stack+0x2c/0x5c
<4>[ 302.928071] __kasan_krealloc+0xf8/0x190
<4>[ 302.928980] krealloc+0x170/0x1d0
<4>[ 302.931735] krealloc_less_oob_helper+0xd4/0x5fc
<4>[ 302.932739] krealloc_less_oob+0x18/0x2c
<4>[ 302.933642] kunit_try_run_case+0x8c/0x124
<4>[ 302.934592] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 308.223745] kthread+0x160/0x170
<4>[ 308.224677] ret_from_fork+0x10/0x20
<3>[ 308.225585]
<3>[ 308.226026] The buggy address belongs to the object at ffff00000cbb5c00
<3>[ 308.226026] which belongs to the cache kmalloc-256 of size 256
<3>[ 308.227713] The buggy address is located 201 bytes inside of
<3>[ 308.227713] 256-byte region [ffff00000cbb5c00, ffff00000cbb5d00)
<3>[ 308.231742]
<3>[ 308.232207] The buggy address belongs to the physical page:
<4>[ 308.233092] page:0000000071f5b5fc refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4cbb4
<4>[ 308.234503] head:0000000071f5b5fc order:1 compound_mapcount:0 compound_pincount:0
<4>[ 308.235636] flags: 0x3fffc0000010200(slab|head|node=0|zone=0|lastcpupid=0xffff)
<4>[ 308.236980] raw: 03fffc0000010200 0000000000000000 dead000000000122 ffff000006802480
<4>[ 308.240483] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
<4>[ 308.241663] page dumped because: kasan: bad access detected
<3>[ 308.242553]
<3>[ 308.242976] Memory state around the buggy address:
<3>[ 308.243823] ffff00000cbb5b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 308.244977] ffff00000cbb5c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
<3>[ 308.248378] >ffff00000cbb5c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
<3>[ 308.249498] ^
<3>[ 308.250444] ffff00000cbb5d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 308.251598] ffff00000cbb5d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 308.252682] ==================================================================
<3>[ 308.320807] ==================================================================
<3>[ 308.326358] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x148/0x5fc
<3>[ 308.328084] Write of size 1 at addr ffff00000cbb5cd0 by task kunit_try_catch/263
<3>[ 308.331414]
<3>[ 308.331899] CPU: 1 PID: 263 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<3>[ 314.195026] Hardware name: linux,dummy-virt (DT)
<3>[ 314.196122] Call trace:
<3>[ 314.196784] dump_backtrace+0xb8/0x130
<3>[ 314.200645] show_stack+0x20/0x60
<3>[ 314.203072] dump_stack_lvl+0x8c/0xb8
<3>[ 314.203986] print_report+0x2e4/0x620
<3>[ 314.204881] kasan_report+0xa8/0x1dc
<3>[ 314.207926] __asan_store1+0x88/0xb0
<3>[ 314.209004] krealloc_less_oob_helper+0x148/0x5fc
<3>[ 314.210248] krealloc_less_oob+0x18/0x2c
<3>[ 314.211288] kunit_try_run_case+0x8c/0x124
<3>[ 314.212241] kunit_generic_run_threadfn_adapter+0x38/0x54
<3>[ 314.215558] kthread+0x160/0x170
<3>[ 314.216417] ret_from_fork+0x10/0x20
<3>[ 314.217315]
<3>[ 314.217749] Allocated by task 263:
<4>[ 314.218421] kasan_save_stack+0x2c/0x5c
<4>[ 314.219315] __kasan_krealloc+0xf8/0x190
<4>[ 314.220222] krealloc+0x170/0x1d0
<4>[ 314.221062] krealloc_less_oob_helper+0xd4/0x5fc
<4>[ 314.224312] krealloc_less_oob+0x18/0x2c
<4>[ 314.225214] kunit_try_run_case+0x8c/0x124
<4>[ 314.226176] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 314.227326] kthread+0x160/0x170
<4>[ 314.228144] ret_from_fork+0x10/0x20
<3>[ 314.229004]
<3>[ 314.231567] The buggy address belongs to the object at ffff00000cbb5c00
<3>[ 314.231567] which belongs to the cache kmalloc-256 of size 256
<3>[ 314.233287] The buggy address is located 208 bytes inside of
<3>[ 314.233287] 256-byte region [ffff00000cbb5c00, ffff00000cbb5d00)
<3>[ 314.234942]
<3>[ 314.235374] The buggy address belongs to the physical page:
<4>[ 314.236251] page:0000000071f5b5fc refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4cbb4
<4>[ 314.239734] head:0000000071f5b5fc order:1 compound_mapcount:0 compound_pincount:0
<4>[ 314.240886] flags: 0x3fffc0000010200(slab|head|node=0|zone=0|lastcpupid=0xffff)
<4>[ 314.242248] raw: 03fffc0000010200 0000000000000000 dead000000000122 ffff000006802480
<4>[ 320.777665] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
<4>[ 320.778885] page dumped because: kasan: bad access detected
<3>[ 320.779770]
<3>[ 320.780193] Memory state around the buggy address:
<3>[ 320.781294] ffff00000cbb5b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 320.782783] ffff00000cbb5c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
<3>[ 320.786509] >ffff00000cbb5c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
<3>[ 320.787937] ^
<3>[ 320.790699] ffff00000cbb5d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 320.791872] ffff00000cbb5d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 320.792957] ==================================================================
<3>[ 320.815418] ==================================================================
<3>[ 320.816540] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x198/0x5fc
<3>[ 320.818548] Write of size 1 at addr ffff00000cbb5cda by task kunit_try_catch/263
<3>[ 320.820050]
<3>[ 320.820585] CPU: 1 PID: 263 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<3>[ 320.823639] Hardware name: linux,dummy-virt (DT)
<3>[ 320.824456] Call trace:
<3>[ 320.824997] dump_backtrace+0xb8/0x130
<3>[ 320.826706] show_stack+0x20/0x60
<3>[ 320.827517] dump_stack_lvl+0x8c/0xb8
<3>[ 320.828398] print_report+0x2e4/0x620
<3>[ 320.829300] kasan_report+0xa8/0x1dc
<3>[ 320.830588] __asan_store1+0x88/0xb0
<3>[ 320.831512] krealloc_less_oob_helper+0x198/0x5fc
<3>[ 320.832618] krealloc_less_oob+0x18/0x2c
<3>[ 320.833918] kunit_try_run_case+0x8c/0x124
<3>[ 320.834902] kunit_generic_run_threadfn_adapter+0x38/0x54
<3>[ 320.836064] kthread+0x160/0x170
<3>[ 320.836895] ret_from_fork+0x10/0x20
<3>[ 320.839617]
<3>[ 320.840061] Allocated by task 263:
<4>[ 320.840726] kasan_save_stack+0x2c/0x5c
<4>[ 320.842013] __kasan_krealloc+0xf8/0x190
<4>[ 328.027746] krealloc+0x170/0x1d0
<4>[ 328.035923] krealloc_less_oob_helper+0xd4/0x5fc
<4>[ 328.037175] krealloc_less_oob+0x18/0x2c
<4>[ 328.038504] kunit_try_run_case+0x8c/0x124
<4>[ 328.039453] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 328.040661] kthread+0x160/0x170
<4>[ 328.042058] ret_from_fork+0x10/0x20
<3>[ 328.042956]
<3>[ 328.043384] The buggy address belongs to the object at ffff00000cbb5c00
<3>[ 328.043384] which belongs to the cache kmalloc-256 of size 256
<3>[ 328.045063] The buggy address is located 218 bytes inside of
<3>[ 328.045063] 256-byte region [ffff00000cbb5c00, ffff00000cbb5d00)
<3>[ 328.047114]
<3>[ 328.047553] The buggy address belongs to the physical page:
<4>[ 328.048435] page:0000000071f5b5fc refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4cbb4
<4>[ 328.050199] head:0000000071f5b5fc order:1 compound_mapcount:0 compound_pincount:0
<4>[ 328.051349] flags: 0x3fffc0000010200(slab|head|node=0|zone=0|lastcpupid=0xffff)
<4>[ 328.052694] raw: 03fffc0000010200 0000000000000000 dead000000000122 ffff000006802480
<4>[ 328.056115] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
<4>[ 328.057288] page dumped because: kasan: bad access detected
<3>[ 328.058562]
<3>[ 328.058990] Memory state around the buggy address:
<3>[ 328.059836] ffff00000cbb5b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 328.060987] ffff00000cbb5c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
<3>[ 328.062542] >ffff00000cbb5c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
<3>[ 328.063641] ^
<3>[ 328.064626] ffff00000cbb5d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 328.066172] ffff00000cbb5d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 328.067278] ==================================================================
<3>[ 328.086168] ==================================================================
<3>[ 335.980588] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x1c8/0x5fc
<3>[ 335.983629] Write of size 1 at addr ffff00000cbb5cea by task kunit_try_catch/263
<3>[ 335.984822]
<3>[ 335.985678] CPU: 1 PID: 263 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<3>[ 335.987026] Hardware name: linux,dummy-virt (DT)
<3>[ 335.987828] Call trace:
<3>[ 335.988368] dump_backtrace+0xb8/0x130
<3>[ 335.989239] show_stack+0x20/0x60
<3>[ 335.996257] dump_stack_lvl+0x8c/0xb8
<3>[ 335.997145] print_report+0x2e4/0x620
<3>[ 335.998470] kasan_report+0xa8/0x1dc
<3>[ 335.999353] __asan_store1+0x88/0xb0
<3>[ 336.000240] krealloc_less_oob_helper+0x1c8/0x5fc
<3>[ 336.001248] krealloc_less_oob+0x18/0x2c
<3>[ 336.002559] kunit_try_run_case+0x8c/0x124
<3>[ 336.003513] kunit_generic_run_threadfn_adapter+0x38/0x54
<3>[ 336.004670] kthread+0x160/0x170
<3>[ 336.005883] ret_from_fork+0x10/0x20
<3>[ 336.006794]
<3>[ 336.007222] Allocated by task 263:
<4>[ 336.007885] kasan_save_stack+0x2c/0x5c
<4>[ 336.008777] __kasan_krealloc+0xf8/0x190
<4>[ 336.011504] krealloc+0x170/0x1d0
<4>[ 336.012375] krealloc_less_oob_helper+0xd4/0x5fc
<4>[ 336.013741] krealloc_less_oob+0x18/0x2c
<4>[ 336.014664] kunit_try_run_case+0x8c/0x124
<4>[ 336.015608] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 336.016755] kthread+0x160/0x170
<4>[ 336.017960] ret_from_fork+0x10/0x20
<3>[ 336.018856]
<3>[ 336.019282] The buggy address belongs to the object at ffff00000cbb5c00
<3>[ 336.019282] which belongs to the cache kmalloc-256 of size 256
<3>[ 336.020964] The buggy address is located 234 bytes inside of
<3>[ 336.020964] 256-byte region [ffff00000cbb5c00, ffff00000cbb5d00)
<3>[ 336.023009]
<3>[ 336.023453] The buggy address belongs to the physical page:
<4>[ 336.024337] page:0000000071f5b5fc refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4cbb4
<4>[ 336.026102] head:0000000071f5b5fc order:1 compound_mapcount:0 compound_pincount:0
<4>[ 344.662423] flags: 0x3fffc0000010200(slab|head|node=0|zone=0|lastcpupid=0xffff)
<4>[ 344.664201] raw: 03fffc0000010200 0000000000000000 dead000000000122 ffff000006802480
<4>[ 344.667296] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
<4>[ 344.668475] page dumped because: kasan: bad access detected
<3>[ 344.669744]
<3>[ 344.670203] Memory state around the buggy address:
<3>[ 344.671054] ffff00000cbb5b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 344.672210] ffff00000cbb5c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
<3>[ 344.673742] >ffff00000cbb5c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
<3>[ 344.674863] ^
<3>[ 344.675909] ffff00000cbb5d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 344.677062] ffff00000cbb5d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 344.678552] ==================================================================
<3>[ 344.683525] ==================================================================
<3>[ 344.684679] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x1f4/0x5fc
<3>[ 344.686088] Write of size 1 at addr ffff00000cbb5ceb by task kunit_try_catch/263
<3>[ 344.687253]
<3>[ 344.687711] CPU: 0 PID: 263 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<3>[ 344.689404] Hardware name: linux,dummy-virt (DT)
<3>[ 344.690417] Call trace:
<3>[ 344.693187] dump_backtrace+0xb8/0x130
<3>[ 344.697115] show_stack+0x20/0x60
<3>[ 344.697970] dump_stack_lvl+0x8c/0xb8
<3>[ 344.698863] print_report+0x2e4/0x620
<3>[ 344.699917] kasan_report+0xa8/0x1dc
<3>[ 344.700955] __asan_store1+0x88/0xb0
<3>[ 344.702028] krealloc_less_oob_helper+0x1f4/0x5fc
<3>[ 344.704835] krealloc_less_oob+0x18/0x2c
<3>[ 344.706577] kunit_try_run_case+0x8c/0x124
<3>[ 344.707555] kunit_generic_run_threadfn_adapter+0x38/0x54
<3>[ 354.104360] kthread+0x160/0x170
<3>[ 354.110342] ret_from_fork+0x10/0x20
<3>[ 354.110996]
<3>[ 354.111291] Allocated by task 263:
<4>[ 354.111770] kasan_save_stack+0x2c/0x5c
<4>[ 354.112378] __kasan_krealloc+0xf8/0x190
<4>[ 354.112990] krealloc+0x170/0x1d0
<4>[ 354.119295] krealloc_less_oob_helper+0xd4/0x5fc
<4>[ 354.120318] krealloc_less_oob+0x18/0x2c
<4>[ 354.121209] kunit_try_run_case+0x8c/0x124
<4>[ 354.122961] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 354.124115] kthread+0x160/0x170
<4>[ 354.124938] ret_from_fork+0x10/0x20
<3>[ 354.127547]
<3>[ 354.127986] The buggy address belongs to the object at ffff00000cbb5c00
<3>[ 354.127986] which belongs to the cache kmalloc-256 of size 256
<3>[ 354.130426] The buggy address is located 235 bytes inside of
<3>[ 354.130426] 256-byte region [ffff00000cbb5c00, ffff00000cbb5d00)
<3>[ 354.132095]
<3>[ 354.132528] The buggy address belongs to the physical page:
<4>[ 354.135162] page:0000000071f5b5fc refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4cbb4
<4>[ 354.136553] head:0000000071f5b5fc order:1 compound_mapcount:0 compound_pincount:0
<4>[ 354.138442] flags: 0x3fffc0000010200(slab|head|node=0|zone=0|lastcpupid=0xffff)
<4>[ 354.139806] raw: 03fffc0000010200 0000000000000000 dead000000000122 ffff000006802480
<4>[ 354.141062] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
<4>[ 354.143940] page dumped because: kasan: bad access detected
<3>[ 354.144837]
<3>[ 354.145278] Memory state around the buggy address:
<3>[ 354.146880] ffff00000cbb5b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 354.148040] ffff00000cbb5c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
<3>[ 354.149194] >ffff00000cbb5c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
<3>[ 354.152042] ^
<3>[ 354.153092] ffff00000cbb5d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 364.370608] ffff00000cbb5d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 364.371472] ==================================================================
<6>[ 364.385130] ok 11 - krealloc_less_oob
<3>[ 364.398759] ==================================================================
<3>[ 364.400797] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x140/0x3a4
<3>[ 364.403802] Write of size 1 at addr ffff00000ca4e0eb by task kunit_try_catch/264
<3>[ 364.404988]
<3>[ 364.406321] CPU: 0 PID: 264 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<3>[ 364.407658] Hardware name: linux,dummy-virt (DT)
<3>[ 364.408457] Call trace:
<3>[ 364.408995] dump_backtrace+0xb8/0x130
<3>[ 364.411661] show_stack+0x20/0x60
<3>[ 364.412479] dump_stack_lvl+0x8c/0xb8
<3>[ 364.414117] print_report+0x2e4/0x620
<3>[ 364.415042] kasan_report+0xa8/0x1dc
<3>[ 364.415922] __asan_store1+0x88/0xb0
<3>[ 364.416806] krealloc_more_oob_helper+0x140/0x3a4
<3>[ 364.419576] krealloc_pagealloc_more_oob+0x18/0x2c
<3>[ 364.420628] kunit_try_run_case+0x8c/0x124
<3>[ 364.422347] kunit_generic_run_threadfn_adapter+0x38/0x54
<3>[ 364.423533] kthread+0x160/0x170
<3>[ 364.424365] ret_from_fork+0x10/0x20
<3>[ 364.425247]
<3>[ 364.427469] The buggy address belongs to the physical page:
<4>[ 364.428361] page:00000000da707168 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4ca4c
<4>[ 364.430493] head:00000000da707168 order:2 compound_mapcount:0 compound_pincount:0
<4>[ 375.450310] flags: 0x3fffc0000010000(head|node=0|zone=0|lastcpupid=0xffff)
<4>[ 375.451624] raw: 03fffc0000010000 0000000000000000 dead000000000122 0000000000000000
<4>[ 375.452566] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
<4>[ 375.461463] page dumped because: kasan: bad access detected
<3>[ 375.462379]
<3>[ 375.462819] Memory state around the buggy address:
<3>[ 375.463660] ffff00000ca4df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
<3>[ 375.464793] ffff00000ca4e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
<3>[ 375.467732] >ffff00000ca4e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
<3>[ 375.468838] ^
<3>[ 375.470662] ffff00000ca4e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
<3>[ 375.471835] ffff00000ca4e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
<3>[ 375.472921] ==================================================================
<3>[ 375.494442] ==================================================================
<3>[ 375.495532] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x174/0x3a4
<3>[ 375.496886] Write of size 1 at addr ffff00000ca4e0f0 by task kunit_try_catch/264
<3>[ 375.498100]
<3>[ 375.498563] CPU: 0 PID: 264 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<3>[ 375.499873] Hardware name: linux,dummy-virt (DT)
<3>[ 375.500669] Call trace:
<3>[ 375.501208] dump_backtrace+0xb8/0x130
<3>[ 375.502268] show_stack+0x20/0x60
<3>[ 375.503215] dump_stack_lvl+0x8c/0xb8
<3>[ 375.507730] print_report+0x2e4/0x620
<3>[ 375.508649] kasan_report+0xa8/0x1dc
<3>[ 375.512786] __asan_store1+0x88/0xb0
<3>[ 375.513744] krealloc_more_oob_helper+0x174/0x3a4
<3>[ 375.514771] krealloc_pagealloc_more_oob+0x18/0x2c
<3>[ 375.515794] kunit_try_run_case+0x8c/0x124
<3>[ 375.516934] kunit_generic_run_threadfn_adapter+0x38/0x54
<3>[ 387.444513] kthread+0x160/0x170
<3>[ 387.453784] ret_from_fork+0x10/0x20
<3>[ 387.454892]
<3>[ 387.455404] The buggy address belongs to the physical page:
<4>[ 387.456536] page:00000000da707168 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4ca4c
<4>[ 387.460639] head:00000000da707168 order:2 compound_mapcount:0 compound_pincount:0
<4>[ 387.462642] flags: 0x3fffc0000010000(head|node=0|zone=0|lastcpupid=0xffff)
<4>[ 387.463945] raw: 03fffc0000010000 0000000000000000 dead000000000122 0000000000000000
<4>[ 387.465195] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
<4>[ 387.468303] page dumped because: kasan: bad access detected
<3>[ 387.469193]
<3>[ 387.470465] Memory state around the buggy address:
<3>[ 387.471325] ffff00000ca4df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
<3>[ 387.472490] ffff00000ca4e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
<3>[ 387.475624] >ffff00000ca4e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
<3>[ 387.476727] ^
<3>[ 387.478640] ffff00000ca4e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
<3>[ 387.479812] ffff00000ca4e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
<3>[ 387.480898] ==================================================================
<6>[ 387.499418] ok 12 - krealloc_pagealloc_more_oob
<3>[ 387.522421] ==================================================================
<3>[ 387.524717] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x114/0x5fc
<3>[ 387.529468] Write of size 1 at addr ffff00000ca620c9 by task kunit_try_catch/265
<3>[ 387.531354]
<3>[ 387.531912] CPU: 1 PID: 265 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<3>[ 387.536074] Hardware name: linux,dummy-virt (DT)
<3>[ 387.536895] Call trace:
<3>[ 387.538310] dump_backtrace+0xb8/0x130
<3>[ 387.539201] show_stack+0x20/0x60
<3>[ 400.346541] dump_stack_lvl+0x8c/0xb8
<3>[ 400.347508] print_report+0x2e4/0x620
<3>[ 400.348418] kasan_report+0xa8/0x1dc
<3>[ 400.349366] __asan_store1+0x88/0xb0
<3>[ 400.350239] krealloc_less_oob_helper+0x114/0x5fc
<3>[ 400.358209] krealloc_pagealloc_less_oob+0x18/0x24
<3>[ 400.358935] kunit_try_run_case+0x8c/0x124
<3>[ 400.359578] kunit_generic_run_threadfn_adapter+0x38/0x54
<3>[ 400.360365] kthread+0x160/0x170
<3>[ 400.360914] ret_from_fork+0x10/0x20
<3>[ 400.365594]
<3>[ 400.366075] The buggy address belongs to the physical page:
<4>[ 400.366977] page:000000009c787604 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4ca60
<4>[ 400.368352] head:000000009c787604 order:2 compound_mapcount:0 compound_pincount:0
<4>[ 400.369572] flags: 0x3fffc0000010000(head|node=0|zone=0|lastcpupid=0xffff)
<4>[ 400.370922] raw: 03fffc0000010000 0000000000000000 dead000000000122 0000000000000000
<4>[ 400.372187] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
<4>[ 400.373391] page dumped because: kasan: bad access detected
<3>[ 400.374304]
<3>[ 400.374742] Memory state around the buggy address:
<3>[ 400.375618] ffff00000ca61f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
<3>[ 400.376789] ffff00000ca62000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
<3>[ 400.378058] >ffff00000ca62080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
<3>[ 400.379161] ^
<3>[ 400.380103] ffff00000ca62100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
<3>[ 400.381275] ffff00000ca62180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
<3>[ 400.382423] ==================================================================
<3>[ 400.387797] ==================================================================
<3>[ 400.388656] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x148/0x5fc
<3>[ 400.393663] Write of size 1 at addr ffff00000ca620d0 by task kunit_try_catch/265
<3>[ 414.124838]
<3>[ 414.131646] CPU: 0 PID: 265 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<3>[ 414.132980] Hardware name: linux,dummy-virt (DT)
<3>[ 414.133819] Call trace:
<3>[ 414.134391] dump_backtrace+0xb8/0x130
<3>[ 414.135282] show_stack+0x20/0x60
<3>[ 414.136094] dump_stack_lvl+0x8c/0xb8
<3>[ 414.136705] print_report+0x2e4/0x620
<3>[ 414.137342] kasan_report+0xa8/0x1dc
<3>[ 414.138252] __asan_store1+0x88/0xb0
<3>[ 414.139143] krealloc_less_oob_helper+0x148/0x5fc
<3>[ 414.140147] krealloc_pagealloc_less_oob+0x18/0x24
<3>[ 414.141162] kunit_try_run_case+0x8c/0x124
<3>[ 414.142148] kunit_generic_run_threadfn_adapter+0x38/0x54
<3>[ 414.143310] kthread+0x160/0x170
<3>[ 414.144141] ret_from_fork+0x10/0x20
<3>[ 414.145024]
<3>[ 414.145478] The buggy address belongs to the physical page:
<4>[ 414.146375] page:000000009c787604 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4ca60
<4>[ 414.147746] head:000000009c787604 order:2 compound_mapcount:0 compound_pincount:0
<4>[ 414.148874] flags: 0x3fffc0000010000(head|node=0|zone=0|lastcpupid=0xffff)
<4>[ 414.150172] raw: 03fffc0000010000 0000000000000000 dead000000000122 0000000000000000
<4>[ 414.151421] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
<4>[ 414.152562] page dumped because: kasan: bad access detected
<3>[ 414.153454]
<3>[ 414.153878] Memory state around the buggy address:
<3>[ 414.154733] ffff00000ca61f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
<3>[ 414.155888] ffff00000ca62000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
<3>[ 414.157039] >ffff00000ca62080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
<3>[ 414.158143] ^
<3>[ 414.159109] ffff00000ca62100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
<3>[ 414.160262] ffff00000ca62180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
<3>[ 414.161359] ==================================================================
<3>[ 428.864087] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
<3>[ 428.865769] rcu: 1-....: (1 ticks this GP) idle=060/0/0x0 softirq=862/862 fqs=5 (false positive?)
<4>[ 428.867401] (detected by 0, t=10332 jiffies, g=625, q=1 ncpus=2)
<6>[ 428.868497] Task dump for CPU 1:
<6>[ 428.869144] task:swapper/1 state:R running task stack: 0 pid: 0 ppid: 1 flags:0x00000008
<6>[ 428.870982] Call trace:
<6>[ 428.871537] __switch_to+0x140/0x1e0
<6>[ 428.872393] 0xffff122e153fa700
<3>[ 428.873554] rcu: rcu_preempt kthread timer wakeup didn't happen for 7119 jiffies! g625 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402
<3>[ 428.875157] rcu: Possible timer handling issue on cpu=0 timer-softirq=931
<3>[ 428.876354] rcu: rcu_preempt kthread starved for 7120 jiffies! g625 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=0
<3>[ 428.877849] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
<3>[ 428.879103] rcu: RCU grace-period kthread stack dump:
<6>[ 428.879927] task:rcu_preempt state:I stack: 0 pid: 16 ppid: 2 flags:0x00000008
<6>[ 428.881306] Call trace:
<6>[ 428.881840] __switch_to+0x140/0x1e0
<6>[ 428.882692] __schedule+0x4f4/0xc74
<6>[ 428.883506] schedule+0x88/0x13c
<6>[ 428.884315] schedule_timeout+0x104/0x2b0
<6>[ 428.885328] rcu_gp_fqs_loop+0x1a0/0x784
<6>[ 428.886244] rcu_gp_kthread+0x278/0x3a0
<6>[ 428.887136] kthread+0x160/0x170
<6>[ 428.887965] ret_from_fork+0x10/0x20
<3>[ 428.888889] rcu: Stack dump where RCU GP kthread last ran:
<6>[ 428.889766] Task dump for CPU 0:
<6>[ 428.890404] task:kunit_try_catch state:R running task stack: 0 pid: 265 ppid: 2 flags:0x00000008
<6>[ 428.892084] Call trace:
<6>[ 428.892622] dump_backtrace+0xb8/0x130
<6>[ 428.893498] show_stack+0x20/0x60
<6>[ 428.894302] sched_show_task+0x2a0/0x2d4
<6>[ 428.895297] dump_cpu_task+0x64/0x78
<6>[ 444.590961] rcu_check_gp_kthread_starvation+0x16c/0x198
<6>[ 444.596090] rcu_sched_clock_irq+0x12bc/0x14a4
<6>[ 444.600696] update_process_times+0x90/0xec
<6>[ 444.601431] tick_sched_handle+0x70/0xa0
<6>[ 444.602073] tick_sched_timer+0x5c/0xd0
<6>[ 444.602686] __hrtimer_run_queues+0x234/0x5f0
<6>[ 444.603322] hrtimer_interrupt+0x198/0x384
<6>[ 444.603946] arch_timer_handler_virt+0x48/0x60
<6>[ 444.604651] handle_percpu_devid_irq+0xe0/0x300
<6>[ 444.605424] generic_handle_domain_irq+0x50/0x70
<6>[ 444.606547] gic_handle_irq+0x58/0x160
<6>[ 444.607387] call_on_irq_stack+0x2c/0x54
<6>[ 444.608298] do_interrupt_handler+0xc8/0xd0
<6>[ 444.609310] el1_interrupt+0x34/0x60
<6>[ 444.610275] el1h_64_irq_handler+0x18/0x2c
<6>[ 444.611309] el1h_64_irq+0x64/0x68
<6>[ 444.612111] _raw_spin_unlock_irqrestore+0x3c/0x84
<6>[ 444.613197] end_report.part.0+0x34/0x94
<6>[ 444.614269] kasan_report+0xb8/0x1dc
<6>[ 444.615146] __asan_store1+0x88/0xb0
<6>[ 444.616028] krealloc_less_oob_helper+0x148/0x5fc
<6>[ 444.617036] krealloc_pagealloc_less_oob+0x18/0x24
<6>[ 444.618077] kunit_try_run_case+0x8c/0x124
<6>[ 444.619030] kunit_generic_run_threadfn_adapter+0x38/0x54
<6>[ 444.620186] kthread+0x160/0x170
<6>[ 444.621013] ret_from_fork+0x10/0x20
<3>[ 444.625575] ==================================================================
<3>[ 444.629849] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x198/0x5fc
<3>[ 444.631499] Write of size 1 at addr ffff00000ca620da by task kunit_try_catch/265
<3>[ 444.632984]
<3>[ 444.633529] CPU: 0 PID: 265 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<3>[ 444.635376] Hardware name: linux,dummy-virt (DT)
<3>[ 444.636193] Call trace:
<3>[ 444.636731] dump_backtrace+0xb8/0x130
<3>[ 444.637611] show_stack+0x20/0x60
<3>[ 444.638417] dump_stack_lvl+0x8c/0xb8
<3>[ 444.639294] print_report+0x2e4/0x620
<3>[ 444.640183] kasan_report+0xa8/0x1dc
<3>[ 461.355489] __asan_store1+0x88/0xb0
<3>[ 461.365554] krealloc_less_oob_helper+0x198/0x5fc
<3>[ 461.366634] krealloc_pagealloc_less_oob+0x18/0x24
<3>[ 461.367663] kunit_try_run_case+0x8c/0x124
<3>[ 461.368616] kunit_generic_run_threadfn_adapter+0x38/0x54
<3>[ 461.369973] kthread+0x160/0x170
<3>[ 461.370970] ret_from_fork+0x10/0x20
<3>[ 461.372015]
<3>[ 461.373525] The buggy address belongs to the physical page:
<4>[ 461.374442] page:000000009c787604 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4ca60
<4>[ 461.375817] head:000000009c787604 order:2 compound_mapcount:0 compound_pincount:0
<4>[ 461.376949] flags: 0x3fffc0000010000(head|node=0|zone=0|lastcpupid=0xffff)
<4>[ 461.378257] raw: 03fffc0000010000 0000000000000000 dead000000000122 0000000000000000
<4>[ 461.379509] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
<4>[ 461.380653] page dumped because: kasan: bad access detected
<3>[ 461.381546]
<3>[ 461.381971] Memory state around the buggy address:
<3>[ 461.382827] ffff00000ca61f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
<3>[ 461.383982] ffff00000ca62000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
<3>[ 461.385136] >ffff00000ca62080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
<3>[ 461.386242] ^
<3>[ 461.387237] ffff00000ca62100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
<3>[ 461.388393] ffff00000ca62180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
<3>[ 461.389493] ==================================================================
<3>[ 461.404145] ==================================================================
<3>[ 461.405287] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x1c8/0x5fc
<3>[ 461.407304] Write of size 1 at addr ffff00000ca620ea by task kunit_try_catch/265
<3>[ 461.410665]
<3>[ 461.411145] CPU: 0 PID: 265 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<3>[ 479.198598] Hardware name: linux,dummy-virt (DT)
<3>[ 479.199486] Call trace:
<3>[ 479.200024] dump_backtrace+0xb8/0x130
<3>[ 479.200902] show_stack+0x20/0x60
<3>[ 479.201721] dump_stack_lvl+0x8c/0xb8
<3>[ 479.202616] print_report+0x2e4/0x620
<3>[ 479.203508] kasan_report+0xa8/0x1dc
<3>[ 479.204385] __asan_store1+0x88/0xb0
<3>[ 479.205285] krealloc_less_oob_helper+0x1c8/0x5fc
<3>[ 479.206315] krealloc_pagealloc_less_oob+0x18/0x24
<3>[ 479.207338] kunit_try_run_case+0x8c/0x124
<3>[ 479.208289] kunit_generic_run_threadfn_adapter+0x38/0x54
<3>[ 479.209465] kthread+0x160/0x170
<3>[ 479.210309] ret_from_fork+0x10/0x20
<3>[ 479.211195]
<3>[ 479.211627] The buggy address belongs to the physical page:
<4>[ 479.212510] page:000000009c787604 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4ca60
<4>[ 479.213896] head:000000009c787604 order:2 compound_mapcount:0 compound_pincount:0
<4>[ 479.215036] flags: 0x3fffc0000010000(head|node=0|zone=0|lastcpupid=0xffff)
<4>[ 479.216314] raw: 03fffc0000010000 0000000000000000 dead000000000122 0000000000000000
<4>[ 479.217574] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
<4>[ 479.218725] page dumped because: kasan: bad access detected
<3>[ 479.219606]
<3>[ 479.220029] Memory state around the buggy address:
<3>[ 479.220875] ffff00000ca61f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
<3>[ 479.222047] ffff00000ca62000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
<3>[ 479.223206] >ffff00000ca62080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
<3>[ 479.224291] ^
<3>[ 479.225351] ffff00000ca62100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
<3>[ 479.226514] ffff00000ca62180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
<3>[ 479.227598] ==================================================================
<3>[ 479.248101] ==================================================================
<3>[ 498.116221] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x1f4/0x5fc
<3>[ 498.126057] Write of size 1 at addr ffff00000ca620eb by task kunit_try_catch/265
<3>[ 498.127283]
<3>[ 498.127753] CPU: 1 PID: 265 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<3>[ 498.129065] Hardware name: linux,dummy-virt (DT)
<3>[ 498.129890] Call trace:
<3>[ 498.130441] dump_backtrace+0xb8/0x130
<3>[ 498.131319] show_stack+0x20/0x60
<3>[ 498.132116] dump_stack_lvl+0x8c/0xb8
<3>[ 498.132994] print_report+0x2e4/0x620
<3>[ 498.133943] kasan_report+0xa8/0x1dc
<3>[ 498.134832] __asan_store1+0x88/0xb0
<3>[ 498.135721] krealloc_less_oob_helper+0x1f4/0x5fc
<3>[ 498.136737] krealloc_pagealloc_less_oob+0x18/0x24
<3>[ 498.137778] kunit_try_run_case+0x8c/0x124
<3>[ 498.138743] kunit_generic_run_threadfn_adapter+0x38/0x54
<3>[ 498.139908] kthread+0x160/0x170
<3>[ 498.140743] ret_from_fork+0x10/0x20
<3>[ 498.141639]
<3>[ 498.142081] The buggy address belongs to the physical page:
<4>[ 498.142972] page:000000009c787604 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4ca60
<4>[ 498.144349] head:000000009c787604 order:2 compound_mapcount:0 compound_pincount:0
<4>[ 498.145495] flags: 0x3fffc0000010000(head|node=0|zone=0|lastcpupid=0xffff)
<4>[ 498.146785] raw: 03fffc0000010000 0000000000000000 dead000000000122 0000000000000000
<4>[ 498.148043] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
<4>[ 498.149191] page dumped because: kasan: bad access detected
<3>[ 498.150095]
<3>[ 498.150520] Memory state around the buggy address:
<3>[ 498.151373] ffff00000ca61f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
<3>[ 498.152530] ffff00000ca62000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
<3>[ 498.153707] >ffff00000ca62080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
<3>[ 498.154805] ^
<3>[ 518.166325] ffff00000ca62100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
<3>[ 518.169081] ffff00000ca62180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
<3>[ 518.175996] ==================================================================
<6>[ 518.207072] ok 13 - krealloc_pagealloc_less_oob
<3>[ 518.275725] ==================================================================
<3>[ 518.278890] BUG: KASAN: use-after-free in krealloc_uaf+0xe8/0x2e4
<3>[ 518.280080] Read of size 1 at addr ffff00000d4e9200 by task kunit_try_catch/266
<3>[ 518.281231]
<3>[ 518.281708] CPU: 0 PID: 266 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<3>[ 518.283043] Hardware name: linux,dummy-virt (DT)
<3>[ 518.283841] Call trace:
<3>[ 518.284380] dump_backtrace+0xb8/0x130
<3>[ 518.285246] show_stack+0x20/0x60
<3>[ 518.286063] dump_stack_lvl+0x8c/0xb8
<3>[ 518.286944] print_report+0x2e4/0x620
<3>[ 518.287832] kasan_report+0xa8/0x1dc
<3>[ 518.288707] __kasan_check_byte+0x58/0x70
<3>[ 518.289652] krealloc+0x11c/0x1d0
<3>[ 518.290513] krealloc_uaf+0xe8/0x2e4
<3>[ 518.291361] kunit_try_run_case+0x8c/0x124
<3>[ 518.292311] kunit_generic_run_threadfn_adapter+0x38/0x54
<3>[ 518.293480] kthread+0x160/0x170
<3>[ 518.294321] ret_from_fork+0x10/0x20
<3>[ 518.295205]
<3>[ 518.295636] Allocated by task 266:
<4>[ 518.296299] kasan_save_stack+0x2c/0x5c
<4>[ 518.297194] __kasan_kmalloc+0xac/0x104
<4>[ 539.404461] kmem_cache_alloc_trace+0x1f8/0x3b0
<4>[ 539.411198] krealloc_uaf+0xac/0x2e4
<4>[ 539.412071] kunit_try_run_case+0x8c/0x124
<4>[ 539.413019] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 539.414204] kthread+0x160/0x170
<4>[ 539.415016] ret_from_fork+0x10/0x20
<3>[ 539.425613]
<3>[ 539.426082] Freed by task 266:
<4>[ 539.426602] kasan_save_stack+0x2c/0x5c
<4>[ 539.427350] kasan_set_track+0x2c/0x40
<4>[ 539.428073] kasan_set_free_info+0x28/0x50
<4>[ 539.428892] ____kasan_slab_free+0x15c/0x1b4
<4>[ 539.429886] __kasan_slab_free+0x18/0x2c
<4>[ 539.430810] slab_free_freelist_hook+0xbc/0x220
<4>[ 539.431907] kfree+0xe0/0x3f0
<4>[ 539.433314] krealloc_uaf+0xc4/0x2e4
<4>[ 539.434187] kunit_try_run_case+0x8c/0x124
<4>[ 539.435133] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 539.436283] kthread+0x160/0x170
<4>[ 539.437103] ret_from_fork+0x10/0x20
<3>[ 539.438008]
<3>[ 539.438448] The buggy address belongs to the object at ffff00000d4e9200
<3>[ 539.438448] which belongs to the cache kmalloc-256 of size 256
<3>[ 539.440454] The buggy address is located 0 bytes inside of
<3>[ 539.440454] 256-byte region [ffff00000d4e9200, ffff00000d4e9300)
<3>[ 539.442106]
<3>[ 539.442541] The buggy address belongs to the physical page:
<4>[ 539.443435] page:000000002e844232 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff00000d4e9000 pfn:0x4d4e8
<4>[ 539.444976] head:000000002e844232 order:1 compound_mapcount:0 compound_pincount:0
<4>[ 539.446143] flags: 0x3fffc0000010200(slab|head|node=0|zone=0|lastcpupid=0xffff)
<4>[ 539.447498] raw: 03fffc0000010200 0000000000000000 dead000000000122 ffff000006802480
<4>[ 539.448788] raw: ffff00000d4e9000 0000000080100007 00000001ffffffff 0000000000000000
<4>[ 539.449957] page dumped because: kasan: bad access detected
<3>[ 539.450863]
<3>[ 539.451285] Memory state around the buggy address:
<3>[ 539.452133] ffff00000d4e9100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 561.792589] ffff00000d4e9180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 561.793888] >ffff00000d4e9200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
<3>[ 561.795001] ^
<3>[ 561.795708] ffff00000d4e9280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
<3>[ 561.796779] ffff00000d4e9300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 561.797628] ==================================================================
<3>[ 561.915354] ==================================================================
<3>[ 561.916385] BUG: KASAN: use-after-free in krealloc_uaf+0x114/0x2e4
<3>[ 561.917241] Read of size 1 at addr ffff00000d4e9200 by task kunit_try_catch/266
<3>[ 561.922392]
<3>[ 561.922861] CPU: 1 PID: 266 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<3>[ 561.924185] Hardware name: linux,dummy-virt (DT)
<3>[ 561.924989] Call trace:
<3>[ 561.925541] dump_backtrace+0xb8/0x130
<3>[ 561.926429] show_stack+0x20/0x60
<3>[ 561.927225] dump_stack_lvl+0x8c/0xb8
<3>[ 561.928109] print_report+0x2e4/0x620
<3>[ 561.929005] kasan_report+0xa8/0x1dc
<3>[ 561.929904] __asan_load1+0x88/0xb0
<3>[ 561.930784] krealloc_uaf+0x114/0x2e4
<3>[ 561.931650] kunit_try_run_case+0x8c/0x124
<3>[ 561.932606] kunit_generic_run_threadfn_adapter+0x38/0x54
<3>[ 561.933774] kthread+0x160/0x170
<3>[ 561.934626] ret_from_fork+0x10/0x20
<3>[ 561.935508]
<3>[ 561.935938] Allocated by task 266:
<4>[ 561.936611] kasan_save_stack+0x2c/0x5c
<4>[ 561.937519] __kasan_kmalloc+0xac/0x104
<4>[ 561.938425] kmem_cache_alloc_trace+0x1f8/0x3b0
<4>[ 561.939388] krealloc_uaf+0xac/0x2e4
<4>[ 561.940231] kunit_try_run_case+0x8c/0x124
<4>[ 561.941170] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 561.942350] kthread+0x160/0x170
<4>[ 561.943172] ret_from_fork+0x10/0x20
<3>[ 561.944041]
<3>[ 561.944466] Freed by task 266:
<4>[ 561.945089] kasan_save_stack+0x2c/0x5c
<4>[ 585.440772] kasan_set_track+0x2c/0x40
<4>[ 585.441635] kasan_set_free_info+0x28/0x50
<4>[ 585.442468] ____kasan_slab_free+0x15c/0x1b4
<4>[ 585.443258] __kasan_slab_free+0x18/0x2c
<4>[ 585.444020] slab_free_freelist_hook+0xbc/0x220
<4>[ 585.444942] kfree+0xe0/0x3f0
<4>[ 585.445555] krealloc_uaf+0xc4/0x2e4
<4>[ 585.446431] kunit_try_run_case+0x8c/0x124
<4>[ 585.447390] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 585.448537] kthread+0x160/0x170
<4>[ 585.449371] ret_from_fork+0x10/0x20
<3>[ 585.450251]
<3>[ 585.450678] The buggy address belongs to the object at ffff00000d4e9200
<3>[ 585.450678] which belongs to the cache kmalloc-256 of size 256
<3>[ 585.452386] The buggy address is located 0 bytes inside of
<3>[ 585.452386] 256-byte region [ffff00000d4e9200, ffff00000d4e9300)
<3>[ 585.454057]
<3>[ 585.454493] The buggy address belongs to the physical page:
<4>[ 585.455383] page:000000002e844232 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff00000d4e9000 pfn:0x4d4e8
<4>[ 585.456925] head:000000002e844232 order:1 compound_mapcount:0 compound_pincount:0
<4>[ 585.458101] flags: 0x3fffc0000010200(slab|head|node=0|zone=0|lastcpupid=0xffff)
<4>[ 585.459469] raw: 03fffc0000010200 0000000000000000 dead000000000122 ffff000006802480
<4>[ 585.460745] raw: ffff00000d4e9000 0000000080100007 00000001ffffffff 0000000000000000
<4>[ 585.461910] page dumped because: kasan: bad access detected
<3>[ 585.462808]
<3>[ 585.463231] Memory state around the buggy address:
<3>[ 585.464078] ffff00000d4e9100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 585.465248] ffff00000d4e9180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 585.466435] >ffff00000d4e9200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
<3>[ 585.467529] ^
<3>[ 585.468218] ffff00000d4e9280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
<3>[ 585.469392] ffff00000d4e9300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 610.277617] ==================================================================
<6>[ 610.346570] ok 14 - krealloc_uaf
<3>[ 610.356970] ==================================================================
<3>[ 610.360721] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0xf8/0x260
<3>[ 610.362805] Write of size 16 at addr ffff0000073e1700 by task kunit_try_catch/268
<3>[ 610.364004]
<3>[ 610.364463] CPU: 0 PID: 268 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<3>[ 610.367499] Hardware name: linux,dummy-virt (DT)
<3>[ 610.368326] Call trace:
<3>[ 610.368866] dump_backtrace+0xb8/0x130
<3>[ 610.370477] show_stack+0x20/0x60
<3>[ 610.371310] dump_stack_lvl+0x8c/0xb8
<3>[ 610.372189] print_report+0x2e4/0x620
<3>[ 610.373085] kasan_report+0xa8/0x1dc
<3>[ 610.375659] __asan_store16+0x90/0xc0
<3>[ 610.376579] kmalloc_oob_16+0xf8/0x260
<3>[ 610.378176] kunit_try_run_case+0x8c/0x124
<3>[ 610.379163] kunit_generic_run_threadfn_adapter+0x38/0x54
<3>[ 610.380323] kthread+0x160/0x170
<3>[ 610.381160] ret_from_fork+0x10/0x20
<3>[ 610.383736]
<3>[ 610.384176] Allocated by task 268:
<4>[ 610.384841] kasan_save_stack+0x2c/0x5c
<4>[ 610.386488] __kasan_kmalloc+0xac/0x104
<4>[ 610.387408] kmem_cache_alloc_trace+0x1f8/0x3b0
<4>[ 610.388379] kmalloc_oob_16+0xa4/0x260
<4>[ 610.389225] kunit_try_run_case+0x8c/0x124
<4>[ 610.391952] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 610.393115] kthread+0x160/0x170
<4>[ 610.394714] ret_from_fork+0x10/0x20
<3>[ 610.395597]
<3>[ 610.396023] The buggy address belongs to the object at ffff0000073e1700
<3>[ 610.396023] which belongs to the cache kmalloc-128 of size 128
<3>[ 610.399453] The buggy address is located 0 bytes inside of
<3>[ 610.399453] 128-byte region [ffff0000073e1700, ffff0000073e1780)
<3>[ 610.401108]
<3>[ 610.402287] The buggy address belongs to the physical page:
<4>[ 610.403197] page:00000000beb18009 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x473e1
<3>[ 636.505626] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
<4>[ 636.507902] flags: 0x3fffc0000000200(slab|node=0|zone=0|lastcpupid=0xffff)
<4>[ 636.508426] raw: 03fffc0000000200 0000000000000000 dead000000000001 ffff000006802300
<4>[ 636.508739] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
<4>[ 636.508937] page dumped because: kasan: bad access detected
<3>[ 636.509082]
<3>[ 636.509169] Memory state around the buggy address:
<3>[ 636.509379] ffff0000073e1600: 00 00 07 fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 636.509633] ffff0000073e1680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 636.509864] >ffff0000073e1700: 00 05 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 636.517622] rcu: 0-...!: (17 ticks this GP) idle=f53/1/0x4000000000000000 softirq=982/985 fqs=5
<3>[ 636.518384] ^
<4>[ 636.519388] (detected by 1, t=6535 jiffies, g=641, q=3 ncpus=2)
<3>[ 636.519922] ffff0000073e1780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<6>[ 636.521577] Task dump for CPU 0:
<6>[ 636.522233] task:kunit_try_catch state:R running task stack: 0 pid: 268 ppid: 2 flags:0x00000008
<6>[ 636.523958] Call trace:
<6>[ 636.524499] __switch_to+0x140/0x1e0
<6>[ 636.525355] kmalloc_oob_16+0xf8/0x260
<3>[ 636.525462] ffff0000073e1800: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<6>[ 636.525663] kunit_try_run_case+0x8c/0x124
<6>[ 636.526195] kunit_generic_run_threadfn_adapter+0x38/0x54
<3>[ 636.527039] ==================================================================
<6>[ 636.527586] kthread+0x160/0x170
<6>[ 636.529709] ret_from_fork+0x10/0x20
<3>[ 636.530666] rcu: rcu_preempt kthread timer wakeup didn't happen for 6524 jiffies! g641 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402
<3>[ 636.532255] rcu: Possible timer handling issue on cpu=1 timer-softirq=2755
<3>[ 636.533343] rcu: rcu_preempt kthread starved for 6525 jiffies! g641 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=1
<6>[ 663.952374] ok 15 - kmalloc_oob_16
<3>[ 663.958068] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
<3>[ 663.958253] rcu: RCU grace-period kthread stack dump:
<6>[ 663.958357] task:rcu_preempt state:R stack: 0 pid: 16 ppid: 2 flags:0x00000008
<6>[ 663.958683] Call trace:
<6>[ 663.958772] __switch_to+0x140/0x1e0
<6>[ 663.959049] __schedule+0x4f4/0xc74
<6>[ 663.959306] schedule+0x88/0x13c
<6>[ 663.959543] schedule_timeout+0x104/0x2b0
<6>[ 663.959860] rcu_gp_fqs_loop+0x1a0/0x784
<6>[ 663.960479] rcu_gp_kthread+0x278/0x3a0
<6>[ 663.960798] kthread+0x160/0x170
<6>[ 663.961124] ret_from_fork+0x10/0x20
<3>[ 663.961482] rcu: Stack dump where RCU GP kthread last ran:
<6>[ 663.961606] Task dump for CPU 1:
<6>[ 663.961724] task:swapper/1 state:R running task stack: 0 pid: 0 ppid: 1 flags:0x00000008
<6>[ 663.962179] Call trace:
<6>[ 663.962294] dump_backtrace+0xb8/0x130
<6>[ 663.962596] show_stack+0x20/0x60
<6>[ 663.962877] sched_show_task+0x2a0/0x2d4
<6>[ 663.963285] dump_cpu_task+0x64/0x78
<6>[ 663.963675] rcu_check_gp_kthread_starvation+0x16c/0x198
<6>[ 663.964150] rcu_sched_clock_irq+0x12bc/0x14a4
<6>[ 663.964502] update_process_times+0x90/0xec
<6>[ 663.964949] tick_sched_handle+0x70/0xa0
<6>[ 663.965318] tick_sched_timer+0x5c/0xd0
<6>[ 663.965664] __hrtimer_run_queues+0x234/0x5f0
<6>[ 663.965971] hrtimer_interrupt+0x198/0x384
<6>[ 663.966285] arch_timer_handler_virt+0x48/0x60
<6>[ 663.966667] handle_percpu_devid_irq+0xe0/0x300
<6>[ 663.967038] generic_handle_domain_irq+0x50/0x70
<6>[ 663.967479] gic_handle_irq+0x58/0x160
<6>[ 663.967752] call_on_irq_stack+0x2c/0x54
<6>[ 663.968097] do_interrupt_handler+0xc8/0xd0
<6>[ 663.968502] el1_interrupt+0x34/0x60
<6>[ 663.968911] el1h_64_irq_handler+0x18/0x2c
<6>[ 663.977972] el1h_64_irq+0x64/0x68
<6>[ 663.978271] arch_local_irq_enable+0xc/0x20
<6>[ 663.978572] default_idle_call+0x5c/0x248
<6>[ 663.978959] do_idle+0x318/0x3a0
<6>[ 663.979278] cpu_startup_entry+0x2c/0x3c
<6>[ 663.979624] secondary_start_kernel+0x248/0x274
<6>[ 663.980064] __secondary_switched+0xa0/0xa4
<3>[ 692.787834] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
<3>[ 692.801424] rcu: 0-...!: (1 ticks this GP) idle=f53/1/0x4000000000000000 softirq=989/989 fqs=3
<4>[ 692.802918] (detected by 1, t=7196 jiffies, g=645, q=4 ncpus=2)
<6>[ 692.803928] Task dump for CPU 0:
<6>[ 692.804638] task:swapper/0 state:R running task stack: 0 pid: 1 ppid: 0 flags:0x0000000a
<6>[ 692.806821] Call trace:
<6>[ 692.809663] __switch_to+0x140/0x1e0
<6>[ 692.810747] __schedule+0x4f4/0xc74
<6>[ 692.811744] preempt_schedule+0x84/0xe4
<6>[ 692.821744] vprintk_emit+0x144/0x314
<6>[ 692.822718] vprintk_default+0x40/0x4c
<6>[ 692.823667] vprintk+0x110/0x130
<6>[ 692.824530] _printk+0xb0/0xe8
<6>[ 692.825414] kunit_print_ok_not_ok+0xd4/0x178
<6>[ 692.826393] kunit_run_tests+0x42c/0x750
<6>[ 692.827328] __kunit_test_suites_init+0x74/0xa0
<6>[ 692.828333] kunit_run_all_tests+0x160/0x380
<6>[ 692.837709] kernel_init_freeable+0x32c/0x388
<6>[ 692.838768] kernel_init+0x2c/0x150
<6>[ 692.839574] ret_from_fork+0x10/0x20
<3>[ 692.853357] rcu: rcu_preempt kthread timer wakeup didn't happen for 7179 jiffies! g645 f0x2 RCU_GP_WAIT_FQS(5) ->state=0x200
<3>[ 692.855016] rcu: Possible timer handling issue on cpu=1 timer-softirq=2760
<3>[ 692.856068] rcu: rcu_preempt kthread starved for 7180 jiffies! g645 f0x2 RCU_GP_WAIT_FQS(5) ->state=0x200 ->cpu=1
<3>[ 692.857902] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
<3>[ 692.859575] rcu: RCU grace-period kthread stack dump:
<6>[ 692.864966] task:rcu_preempt state:R stack: 0 pid: 16 ppid: 2 flags:0x00000008
<6>[ 692.866433] Call trace:
<6>[ 722.970823] __switch_to+0x140/0x1e0
<6>[ 722.979962] __schedule+0x4f4/0xc74
<6>[ 722.980845] schedule+0x88/0x13c
<6>[ 722.981663] schedule_timeout+0x104/0x2b0
<6>[ 722.982655] rcu_gp_fqs_loop+0x1a0/0x784
<6>[ 722.983547] rcu_gp_kthread+0x278/0x3a0
<6>[ 722.984440] kthread+0x160/0x170
<6>[ 722.985300] ret_from_fork+0x10/0x20
<3>[ 722.986202] rcu: Stack dump where RCU GP kthread last ran:
<6>[ 722.987056] Task dump for CPU 1:
<6>[ 722.987682] task:swapper/1 state:R running task stack: 0 pid: 0 ppid: 1 flags:0x0000000a
<6>[ 722.989539] Call trace:
<6>[ 722.990100] dump_backtrace+0xb8/0x130
<6>[ 722.990974] show_stack+0x20/0x60
<6>[ 722.991772] sched_show_task+0x2a0/0x2d4
<6>[ 722.992766] dump_cpu_task+0x64/0x78
<6>[ 722.993721] rcu_check_gp_kthread_starvation+0x16c/0x198
<6>[ 722.994924] rcu_sched_clock_irq+0x12bc/0x14a4
<6>[ 722.995908] update_process_times+0x90/0xec
<6>[ 722.996954] tick_sched_handle+0x70/0xa0
<6>[ 722.997902] tick_sched_timer+0x5c/0xd0
<6>[ 722.998832] __hrtimer_run_queues+0x234/0x5f0
<6>[ 722.999761] hrtimer_interrupt+0x198/0x384
<6>[ 723.000648] arch_timer_handler_virt+0x48/0x60
<6>[ 723.001675] handle_percpu_devid_irq+0xe0/0x300
<6>[ 723.002686] generic_handle_domain_irq+0x50/0x70
<6>[ 723.003779] gic_handle_irq+0x58/0x160
<6>[ 723.004612] call_on_irq_stack+0x2c/0x54
<6>[ 723.005538] do_interrupt_handler+0xc8/0xd0
<6>[ 723.006556] el1_interrupt+0x34/0x60
<6>[ 723.007499] el1h_64_irq_handler+0x18/0x2c
<6>[ 723.008536] el1h_64_irq+0x64/0x68
<6>[ 723.009343] finish_task_switch.isra.0+0xc0/0x33c
<6>[ 723.010477] __schedule+0x4f8/0xc74
<6>[ 723.011300] schedule_idle+0x38/0x60
<6>[ 723.012150] do_idle+0x278/0x3a0
<6>[ 723.012974] cpu_startup_entry+0x2c/0x3c
<6>[ 723.013902] secondary_start_kernel+0x248/0x274
<6>[ 723.014994] __secondary_switched+0xa0/0xa4
<3>[ 723.104414] ==================================================================
<3>[ 754.602721] BUG: KASAN: use-after-free in kmalloc_uaf_16+0x108/0x260
<3>[ 754.603637] Read of size 16 at addr ffff0000076a4b00 by task kunit_try_catch/269
<3>[ 754.604508]
<3>[ 754.604821] CPU: 0 PID: 269 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<3>[ 754.613119] Hardware name: linux,dummy-virt (DT)
<3>[ 754.615175] Call trace:
<3>[ 754.615739] dump_backtrace+0xb8/0x130
<3>[ 754.616630] show_stack+0x20/0x60
<3>[ 754.619295] dump_stack_lvl+0x8c/0xb8
<3>[ 754.620222] print_report+0x2e4/0x620
<3>[ 754.621113] kasan_report+0xa8/0x1dc
<3>[ 754.622787] __asan_load16+0x8c/0xc0
<3>[ 754.623701] kmalloc_uaf_16+0x108/0x260
<3>[ 754.624570] kunit_try_run_case+0x8c/0x124
<3>[ 754.627291] kunit_generic_run_threadfn_adapter+0x38/0x54
<3>[ 754.628479] kthread+0x160/0x170
<3>[ 754.630072] ret_from_fork+0x10/0x20
<3>[ 754.630993]
<3>[ 754.631432] Allocated by task 269:
<4>[ 754.632106] kasan_save_stack+0x2c/0x5c
<4>[ 754.633004] __kasan_kmalloc+0xac/0x104
<4>[ 754.635764] kmem_cache_alloc_trace+0x1f8/0x3b0
<4>[ 754.636749] kmalloc_uaf_16+0xcc/0x260
<4>[ 754.638380] kunit_try_run_case+0x8c/0x124
<4>[ 754.639350] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 754.640503] kthread+0x160/0x170
<4>[ 754.643091] ret_from_fork+0x10/0x20
<3>[ 754.644003]
<3>[ 754.644433] Freed by task 269:
<4>[ 754.645069] kasan_save_stack+0x2c/0x5c
<4>[ 754.646727] kasan_set_track+0x2c/0x40
<4>[ 754.647618] kasan_set_free_info+0x28/0x50
<4>[ 754.648601] ____kasan_slab_free+0x15c/0x1b4
<4>[ 754.651295] __kasan_slab_free+0x18/0x2c
<4>[ 754.652239] slab_free_freelist_hook+0xbc/0x220
<4>[ 754.654100] kfree+0xe0/0x3f0
<4>[ 754.654865] kmalloc_uaf_16+0xec/0x260
<4>[ 754.655715] kunit_try_run_case+0x8c/0x124
<4>[ 754.656664] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 754.659580] kthread+0x160/0x170
<4>[ 754.660432] ret_from_fork+0x10/0x20
<3>[ 787.654942] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
<3>[ 787.657573]
<3>[ 787.657705] The buggy address belongs to the object at ffff0000076a4b00
<3>[ 787.657705] which belongs to the cache kmalloc-128 of size 128
<3>[ 787.657963] The buggy address is located 0 bytes inside of
<3>[ 787.657963] 128-byte region [ffff0000076a4b00, ffff0000076a4b80)
<3>[ 787.658249]
<3>[ 787.658352] The buggy address belongs to the physical page:
<4>[ 787.658494] page:000000003b08944c refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x476a4
<4>[ 787.658772] flags: 0x3fffc0000000200(slab|node=0|zone=0|lastcpupid=0xffff)
<4>[ 787.659202] raw: 03fffc0000000200 dead000000000100 dead000000000122 ffff000006802300
<4>[ 787.659498] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
<4>[ 787.659673] page dumped because: kasan: bad access detected
<3>[ 787.669751] rcu: 0-...!: (1 GPs behind) idle=f5b/1/0x4000000000000000 softirq=989/990 fqs=6
<3>[ 787.670378]
<3>[ 787.670469] Memory state around the buggy address:
<4>[ 787.671365] (detected by 1, t=8260 jiffies, g=649, q=3 ncpus=2)
<6>[ 787.671669] Task dump for CPU 0:
<3>[ 787.672321] ffff0000076a4a00: 05 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<6>[ 787.672985] task:kunit_try_catch state:R
<3>[ 787.673535] ffff0000076a4a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<4>[ 787.674313] running task
<3>[ 787.674908] >ffff0000076a4b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
<4>[ 787.677098] stack: 0 pid: 269 ppid: 2 flags:0x00000008
<6>[ 787.678109] Call trace:
<6>[ 787.678650] __switch_to+0x140/0x1e0
<6>[ 787.679522] kmalloc_uaf_16+0x108/0x260
<6>[ 787.680399] kunit_try_run_case+0x8c/0x124
<3>[ 787.681389] ^
<6>[ 787.681345] kunit_generic_run_threadfn_adapter+0x38/0x54
<3>[ 787.682058] ffff0000076a4b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<6>[ 787.682666] kthread+0x160/0x170
<3>[ 787.683582] ffff0000076a4c00: 05 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<6>[ 843.703890] ret_from_fork+0x10/0x20
<3>[ 843.704781] rcu: rcu_preempt kthread timer wakeup didn't happen for 8247 jiffies! g649 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402
<3>[ 843.705063] rcu: Possible timer handling issue on cpu=1 timer-softirq=2769
<3>[ 843.705317] rcu: rcu_preempt kthread starved for 8248 jiffies! g649 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=1
<3>[ 843.705600] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
<3>[ 843.705761] rcu: RCU grace-period kthread stack dump:
<6>[ 843.705882] task:rcu_preempt state:I stack: 0 pid: 16 ppid: 2 flags:0x00000008
<6>[ 843.706277] Call trace:
<6>[ 843.706382] __switch_to+0x140/0x1e0
<6>[ 843.706670] __schedule+0x4f4/0xc74
<6>[ 843.707792] schedule+0x88/0x13c
<6>[ 843.708248] schedule_timeout+0x104/0x2b0
<6>[ 843.708931] rcu_gp_fqs_loop+0x1a0/0x784
<6>[ 843.709395] rcu_gp_kthread+0x278/0x3a0
<6>[ 843.709877] kthread+0x160/0x170
<6>[ 843.710353] ret_from_fork+0x10/0x20
<3>[ 843.710837] rcu: Stack dump where RCU GP kthread last ran:
<6>[ 843.711118] Task dump for CPU 1:
<6>[ 843.711251] task:swapper/1 state:R running task stack: 0 pid: 0 ppid: 1 flags:0x00000008
<6>[ 843.711995] Call trace:
<6>[ 843.712117] dump_backtrace+0xb8/0x130
<6>[ 843.712567] show_stack+0x20/0x60
<3>[ 843.715340] ==================================================================
<6>[ 843.717388] sched_show_task+0x2a0/0x2d4
<6>[ 843.717706] dump_cpu_task+0x64/0x78
<6>[ 843.718111] rcu_check_gp_kthread_starvation+0x16c/0x198
<6>[ 843.718590] rcu_sched_clock_irq+0x12bc/0x14a4
<6>[ 843.718936] update_process_times+0x90/0xec
<6>[ 843.719383] tick_sched_handle+0x70/0xa0
<6>[ 843.719743] tick_sched_timer+0x5c/0xd0
<6>[ 843.720084] __hrtimer_run_queues+0x234/0x5f0
<6>[ 843.720387] hrtimer_interrupt+0x198/0x384
<6>[ 843.720675] arch_timer_handler_virt+0x48/0x60
<6>[ 843.721047] handle_percpu_devid_irq+0xe0/0x300
<6>[ 843.721425] generic_handle_domain_irq+0x50/0x70
<6>[ 843.721859] gic_handle_irq+0x58/0x160
<6>[ 843.722144] call_on_irq_stack+0x2c/0x54
<6>[ 843.722487] do_interrupt_handler+0xc8/0xd0
<6>[ 843.722880] el1_interrupt+0x34/0x60
<6>[ 843.723285] el1h_64_irq_handler+0x18/0x2c
<6>[ 843.723727] el1h_64_irq+0x64/0x68
<6>[ 843.723997] arch_local_irq_enable+0xc/0x20
<6>[ 843.724308] default_idle_call+0x5c/0x248
<6>[ 843.724692] do_idle+0x318/0x3a0
<6>[ 843.725008] cpu_startup_entry+0x30/0x3c
<6>[ 843.746230] ok 16 - kmalloc_uaf_16
<6>[ 879.843310] secondary_start_kernel+0x248/0x274
<6>[ 879.844977] __secondary_switched+0xa0/0xa4
<3>[ 879.890433] ==================================================================
<3>[ 879.891656] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0xd8/0x1e0
<3>[ 879.892974] Write of size 128 at addr ffff00000769d700 by task kunit_try_catch/270
<3>[ 879.894220]
<3>[ 879.894687] CPU: 0 PID: 270 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<3>[ 879.896019] Hardware name: linux,dummy-virt (DT)
<3>[ 879.897055] Call trace:
<3>[ 879.897721] dump_backtrace+0xb8/0x130
<3>[ 879.898785] show_stack+0x20/0x60
<3>[ 879.902615] dump_stack_lvl+0x8c/0xb8
<3>[ 879.903710] print_report+0x2e4/0x620
<3>[ 879.904776] kasan_report+0xa8/0x1dc
<3>[ 879.906647] kasan_check_range+0xf8/0x1a0
<3>[ 917.394071] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
<3>[ 917.405615] memset+0x54/0x90
<3>[ 917.406455] rcu: 0-...!: (4 ticks this GP) idle=f73/1/0x4000000000000000 softirq=994/997 fqs=1
<3>[ 917.406873] kmalloc_oob_in_memset+0xd8/0x1e0
<4>[ 917.407889] (detected by 1, t=9376 jiffies, g=661, q=1 ncpus=2)
<3>[ 917.408433] kunit_try_run_case+0x8c/0x124
<6>[ 917.409181] Task dump for CPU 0:
<3>[ 917.409724] kunit_generic_run_threadfn_adapter+0x38/0x54
<6>[ 917.410304] task:kunit_try_catch state:R running task
<3>[ 917.411000] kthread+0x160/0x170
<4>[ 917.411836] stack: 0 pid: 270 ppid: 2 flags:0x00000008
<3>[ 917.412291] ret_from_fork+0x10/0x20
<6>[ 917.413027] Call trace:
<3>[ 917.413557]
<3>[ 917.413657] Allocated by task 270:
<4>[ 917.413810] kasan_save_stack+0x2c/0x5c
<4>[ 917.414159] __kasan_kmalloc+0xac/0x104
<4>[ 917.414481] kmem_cache_alloc_trace+0x1f8/0x3b0
<4>[ 917.414812] kmalloc_oob_in_memset+0xa0/0x1e0
<4>[ 917.415147] kunit_try_run_case+0x8c/0x124
<4>[ 917.415495] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 917.415919] kthread+0x160/0x170
<4>[ 917.416224] ret_from_fork+0x10/0x20
<3>[ 917.416545]
<3>[ 917.416640] The buggy address belongs to the object at ffff00000769d700
<3>[ 917.416640] which belongs to the cache kmalloc-128 of size 128
<3>[ 917.416882] The buggy address is located 0 bytes inside of
<3>[ 917.416882] 128-byte region [ffff00000769d700, ffff00000769d780)
<3>[ 917.417171]
<3>[ 917.417274] The buggy address belongs to the physical page:
<4>[ 917.417406] page:00000000ffd3bac3 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4769d
<4>[ 917.417675] flags: 0x3fffc0000000200(slab|node=0|zone=0|lastcpupid=0xffff)
<4>[ 917.418115] raw: 03fffc0000000200 fffffc00001da440 dead000000000004 ffff000006802300
<4>[ 917.418417] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
<4>[ 917.418601] page dumped because: kasan: bad access detected
<3>[ 917.418746]
<3>[ 917.418830] Memory state around the buggy address:
<3>[ 917.419018] ffff00000769d600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc
<3>[ 917.419274] ffff00000769d680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 917.419530] >ffff00000769d700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
<3>[ 917.419724] ^
<3>[ 917.419932] ffff00000769d780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 917.420193] ffff00000769d800: 00 00 07 fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 917.420386] ==================================================================
<6>[ 917.425955] ok 17 - kmalloc_oob_in_memset
<6>[ 917.429346] __switch_to+0x140/0x1e0
<6>[ 917.429668] __schedule+0x4f4/0xc74
<6>[ 917.429951] preempt_schedule+0x84/0xe4
<6>[ 956.565200] _raw_spin_unlock_irqrestore+0x74/0x84
<3>[ 956.567045] rcu: rcu_preempt kthread timer wakeup didn't happen for 19165 jiffies! g661 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402
<3>[ 956.568648] rcu: Possible timer handling issue on cpu=1 timer-softirq=2771
<3>[ 956.570322] rcu: rcu_preempt kthread starved for 19167 jiffies! g661 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=1
<3>[ 956.571855] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
<3>[ 956.573115] rcu: RCU grace-period kthread stack dump:
<6>[ 956.574401] task:rcu_preempt state:I stack: 0 pid: 16 ppid: 2 flags:0x00000008
<6>[ 956.575831] Call trace:
<6>[ 956.576368] __switch_to+0x140/0x1e0
<6>[ 956.577231] __schedule+0x4f4/0xc74
<6>[ 956.578549] schedule+0x88/0x13c
<6>[ 956.579351] schedule_timeout+0x104/0x2b0
<6>[ 956.580311] rcu_gp_fqs_loop+0x1a0/0x784
<6>[ 956.581209] rcu_gp_kthread+0x278/0x3a0
<6>[ 956.582583] kthread+0x160/0x170
<6>[ 956.583420] ret_from_fork+0x10/0x20
<3>[ 956.584304] rcu: Stack dump where RCU GP kthread last ran:
<6>[ 997.308036] Task dump for CPU 1:
<6>[ 997.308746] task:swapper/1 state:R running task stack: 0 pid: 0 ppid: 1 flags:0x0000000a
<6>[ 997.311379] Call trace:
<6>[ 997.311940] dump_backtrace+0xb8/0x130
<6>[ 997.312832] show_stack+0x20/0x60
<6>[ 997.315299] sched_show_task+0x2a0/0x2d4
<6>[ 997.316323] dump_cpu_task+0x64/0x78
<6>[ 997.317275] rcu_check_gp_kthread_starvation+0x16c/0x198
<6>[ 997.318939] rcu_sched_clock_irq+0x12bc/0x14a4
<6>[ 997.319923] update_process_times+0x90/0xec
<6>[ 997.320972] tick_sched_handle+0x70/0xa0
<6>[ 997.323565] tick_sched_timer+0x5c/0xd0
<6>[ 997.324503] __hrtimer_run_queues+0x234/0x5f0
<6>[ 997.325898] hrtimer_interrupt+0x198/0x384
<6>[ 997.326824] arch_timer_handler_virt+0x48/0x60
<6>[ 997.327847] handle_percpu_devid_irq+0xe0/0x300
<6>[ 997.328849] generic_handle_domain_irq+0x50/0x70
<6>[ 997.331532] gic_handle_irq+0x58/0x160
<6>[ 997.332387] call_on_irq_stack+0x2c/0x54
<6>[ 997.333753] do_interrupt_handler+0xc8/0xd0
<6>[ 997.334808] el1_interrupt+0x34/0x60
<6>[ 997.335768] el1h_64_irq_handler+0x18/0x2c
<6>[ 997.336807] el1h_64_irq+0x64/0x68
<6>[ 997.339160] arch_local_irq_enable+0xc/0x20
<6>[ 997.340106] default_idle_call+0x5c/0x248
<6>[ 997.341072] do_idle+0x318/0x3a0
<6>[ 997.342364] cpu_startup_entry+0x2c/0x3c
<6>[ 997.343294] secondary_start_kernel+0x248/0x274
<6>[ 997.344374] __secondary_switched+0xa0/0xa4
<3>[ 997.380374] ==================================================================
<3>[ 997.383701] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0xdc/0x1e0
<3>[ 997.385039] Write of size 2 at addr ffff000007691e77 by task kunit_try_catch/271
<3>[ 997.390608]
<3>[ 997.391158] CPU: 0 PID: 271 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<3>[ 997.395095] Hardware name: linux,dummy-virt (DT)
<3>[ 997.395932] Call trace:
<3>[ 997.396483] dump_backtrace+0xb8/0x130
<3>[ 1039.694374] show_stack+0x20/0x60
<3>[ 1039.694505] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
<3>[ 1039.694702] dump_stack_lvl+0x8c/0xb8
<3>[ 1039.695260] rcu: 0-...!: (1 GPs behind) idle=fd7/1/0x4000000000000000 softirq=1016/1017 fqs=2
<3>[ 1039.695973] print_report+0x2e4/0x620
<4>[ 1039.696511] (detected by 1, t=10579 jiffies, g=673, q=2 ncpus=2)
<3>[ 1039.697475] kasan_report+0xa8/0x1dc
<6>[ 1039.698016] Task dump for CPU 0:
<3>[ 1039.698726] kasan_check_range+0xf8/0x1a0
<3>[ 1039.699259] memset+0x54/0x90
<3>[ 1039.699746] kmalloc_oob_memset_2+0xdc/0x1e0
<3>[ 1039.700258] kunit_try_run_case+0x8c/0x124
<3>[ 1039.700750] kunit_generic_run_threadfn_adapter+0x38/0x54
<6>[ 1039.703971] task:kunit_try_catch state:R running task stack: 0 pid: 271 ppid: 2 flags:0x00000008
<3>[ 1039.704721] kthread+0x160/0x170
<6>[ 1039.705441] Call trace:
<3>[ 1039.706517] ret_from_fork+0x10/0x20
<3>[ 1039.707015]
<6>[ 1039.707370] __switch_to+0x140/0x1e0
<3>[ 1039.707870] Allocated by task 271:
<6>[ 1039.708225] 0x1300dc342ef10c00
<4>[ 1039.708657] kasan_save_stack+0x2c/0x5c
<4>[ 1039.709146] __kasan_kmalloc+0xac/0x104
<3>[ 1039.709655] rcu: rcu_preempt kthread timer wakeup didn't happen for 10574 jiffies! g673 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402
<4>[ 1039.710159] kmem_cache_alloc_trace+0x1f8/0x3b0
<3>[ 1039.710698] rcu: Possible timer handling issue on cpu=1 timer-softirq=2775
<4>[ 1039.711918] kmalloc_oob_memset_2+0xa0/0x1e0
<3>[ 1039.712521] rcu: rcu_preempt kthread starved for 10575 jiffies! g673 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=1
<4>[ 1039.713352] kunit_try_run_case+0x8c/0x124
<4>[ 1039.714905] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 1039.717183] kthread+0x160/0x170
<4>[ 1039.718867] ret_from_fork+0x10/0x20
<3>[ 1039.720805]
<3>[ 1039.721471] The buggy address belongs to the object at ffff000007691e00
<3>[ 1039.721471] which belongs to the cache kmalloc-128 of size 128
<3>[ 1039.723138] The buggy address is located 119 bytes inside of
<3>[ 1039.723138] 128-byte region [ffff000007691e00, ffff000007691e80)
<3>[ 1039.733732] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
<3>[ 1039.734875]
<3>[ 1039.734973] The buggy address belongs to the physical page:
<3>[ 1039.735431] rcu: RCU grace-period kthread stack dump:
<4>[ 1039.736113] page:00000000af33b75c refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x47691
<6>[ 1039.736561] task:rcu_preempt state:I
<4>[ 1039.737047] flags: 0x3fffc0000000200(slab|node=0|zone=0|lastcpupid=0xffff)
<4>[ 1039.737600] raw: 03fffc0000000200 fffffc00001cfcc0 dead000000000003 ffff000006802300
<4>[ 1039.738770] stack: 0 pid: 16 ppid: 2 flags:0x00000008
<4>[ 1112.371401] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
<4>[ 1112.372352] page dumped because: kasan: bad access detected
<3>[ 1112.373175]
<3>[ 1112.373285] Memory state around the buggy address:
<3>[ 1112.373481] ffff000007691d00: 00 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 1112.373776] ffff000007691d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 1112.374040] >ffff000007691e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
<3>[ 1112.374272] ^
<3>[ 1112.374483] ffff000007691e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 1112.374772] ffff000007691f00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
<3>[ 1112.374965] ==================================================================
<6>[ 1112.383879] ok 18 - kmalloc_oob_memset_2
<6>[ 1112.384766] Call trace:
<6>[ 1112.385201] __switch_to+0x140/0x1e0
<6>[ 1112.406928] __schedule+0x4f4/0xc74
<6>[ 1112.407991] schedule+0x88/0x13c
<6>[ 1112.409814] schedule_timeout+0x104/0x2b0
<6>[ 1112.410823] rcu_gp_fqs_loop+0x1a0/0x784
<6>[ 1112.411711] rcu_gp_kthread+0x278/0x3a0
<6>[ 1112.412605] kthread+0x160/0x170
<6>[ 1158.176452] ret_from_fork+0x10/0x20
<3>[ 1158.182111] rcu: Stack dump where RCU GP kthread last ran:
<6>[ 1158.185656] Task dump for CPU 1:
<6>[ 1158.194136] task:swapper/1 state:R running task stack: 0 pid: 0 ppid: 1 flags:0x0000000a
<6>[ 1158.195866] Call trace:
<6>[ 1158.196408] dump_backtrace+0xb8/0x130
<6>[ 1158.197755] show_stack+0x20/0x60
<6>[ 1158.198609] sched_show_task+0x2a0/0x2d4
<6>[ 1158.199610] dump_cpu_task+0x64/0x78
<6>[ 1158.200545] rcu_check_gp_kthread_starvation+0x16c/0x198
<6>[ 1158.202249] rcu_sched_clock_irq+0x12bc/0x14a4
<6>[ 1158.203253] update_process_times+0x90/0xec
<6>[ 1158.204305] tick_sched_handle+0x70/0xa0
<6>[ 1158.205240] tick_sched_timer+0x5c/0xd0
<6>[ 1158.206647] __hrtimer_run_queues+0x234/0x5f0
<6>[ 1158.207582] hrtimer_interrupt+0x198/0x384
<6>[ 1158.208481] arch_timer_handler_virt+0x48/0x60
<6>[ 1158.209951] handle_percpu_devid_irq+0xe0/0x300
<6>[ 1158.210986] generic_handle_domain_irq+0x50/0x70
<6>[ 1158.212091] gic_handle_irq+0x58/0x160
<6>[ 1158.212935] call_on_irq_stack+0x2c/0x54
<6>[ 1158.214334] do_interrupt_handler+0xc8/0xd0
<6>[ 1158.215363] el1_interrupt+0x34/0x60
<6>[ 1158.216309] el1h_64_irq_handler+0x18/0x2c
<6>[ 1158.217793] el1h_64_irq+0x64/0x68
<6>[ 1158.218638] arch_local_irq_enable+0xc/0x20
<6>[ 1158.219553] default_idle_call+0x5c/0x248
<6>[ 1158.220518] do_idle+0x318/0x3a0
<6>[ 1158.221796] cpu_startup_entry+0x2c/0x3c
<6>[ 1158.222760] secondary_start_kernel+0x248/0x274
<6>[ 1158.223841] __secondary_switched+0xa0/0xa4
<3>[ 1158.301121] ==================================================================
<3>[ 1158.303863] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0xdc/0x1e0
<3>[ 1158.310412] Write of size 4 at addr ffff0000076a1075 by task kunit_try_catch/272
<3>[ 1158.311609]
<3>[ 1158.312071] CPU: 0 PID: 272 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<3>[ 1158.313414] Hardware name: linux,dummy-virt (DT)
<3>[ 1205.751516] Call trace:
<3>[ 1205.751581] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
<common> <3>[ 1205.751778] rcu: 0-...!: (0 ticks this GP) idle=017/1/0x4000000000000000 softirq=1019/1019 fqs=0
<common> <4>[ 1205.752150] (detected by 1, t=11863 jiffies, g=677, q=4 ncpus=2)
<common> <3>[ 1205.752833] dump_backtrace+0xb8/0x130
<common> <6>[ 1205.753888] Task dump for CPU 0:
<common> <3>[ 1205.754607] show_stack+0x20/0x60
<common> <6>[ 1205.755135] task:kunit_try_catch state:R
<common> <3>[ 1205.755582] dump_stack_lvl+0x8c/0xb8
<common> <3>[ 1205.756062] print_report+0x2e4/0x620
<common> <4>[ 1205.756603] running task
<common> <3>[ 1205.757096] kasan_report+0xa8/0x1dc
<common> <3>[ 1205.757623] kasan_check_range+0xf8/0x1a0
<common> <3>[ 1205.758148] memset+0x54/0x90
<common> <3>[ 1205.758659] kmalloc_oob_memset_4+0xdc/0x1e0
<common> <3>[ 1205.759172] kunit_try_run_case+0x8c/0x124
<common> <3>[ 1205.759662] kunit_generic_run_threadfn_adapter+0x38/0x54
<common> <4>[ 1205.760688] stack: 0 pid: 272 ppid: 2 flags:0x00000008
<common> <3>[ 1205.761341] kthread+0x160/0x170
<common> <3>[ 1205.761624] ret_from_fork+0x10/0x20
<common> <3>[ 1205.761911]
<common> <3>[ 1205.762108] Allocated by task 272:
<common> <4>[ 1205.762244] kasan_save_stack+0x2c/0x5c
<common> <4>[ 1205.764638] __kasan_kmalloc+0xac/0x104
<common> <4>[ 1205.766406] kmem_cache_alloc_trace+0x1f8/0x3b0
<common> <4>[ 1205.768907] kmalloc_oob_memset_4+0xa0/0x1e0
<common> <6>[ 1205.771378] Call trace:
<common> <4>[ 1205.771840] kunit_try_run_case+0x8c/0x124
<common> <4>[ 1205.772353] kunit_generic_run_threadfn_adapter+0x38/0x54
<common> <6>[ 1205.773135] __switch_to+0x140/0x1e0
<common> <4>[ 1205.773673] kthread+0x160/0x170
<common> <6>[ 1205.774225] 0xffff480693ab4500
<common> <4>[ 1205.774804] ret_from_fork+0x10/0x20
<common> <3>[ 1205.775411] rcu: rcu_preempt kthread timer wakeup didn't happen for 11862 jiffies! g677 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402
<common> <3>[ 1205.775770]
<common> <3>[ 1205.776300] rcu: Possible timer handling issue on cpu=0 timer-softirq=962
<common> <3>[ 1205.776961] The buggy address belongs to the object at ffff0000076a1000
<common> <3>[ 1205.776961] which belongs to the cache kmalloc-128 of size 128
<common> <3>[ 1205.798058] rcu: rcu_preempt kthread starved for 11863 jiffies! g677 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=0
<common> <3>[ 1205.798469] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
<common> <3>[ 1205.798730] rcu: RCU grace-period kthread stack dump:
<common> <6>[ 1205.798866] task:rcu_preempt state:I stack: 0 pid: 16 ppid: 2 flags:0x00000008
<common> <6>[ 1205.799245] Call trace:
<common> <6>[ 1205.799353] __switch_to+0x140/0x1e0
<common> <6>[ 1205.799669] __schedule+0x4f4/0xc74
<common> <6>[ 1205.799965] schedule+0x88/0x13c
<common> <6>[ 1205.800250] schedule_timeout+0x104/0x2b0
<common> <6>[ 1205.800614] rcu_gp_fqs_loop+0x1a0/0x784
<common> <6>[ 1205.800925] rcu_gp_kthread+0x278/0x3a0
<common> <6>[ 1205.801247] kthread+0x160/0x170
<common> <6>[ 1205.801579] ret_from_fork+0x10/0x20
<common> <3>[ 1205.801909] rcu: Stack dump where RCU GP kthread last ran:
<common> <6>[ 1205.802038] Task dump for CPU 0:
<common> <6>[ 1205.802155] task:kunit_try_catch state:R running task stack: 0 pid: 272 ppid: 2 flags:0x00000008
<common> <6>[ 1205.802595] Call trace:
<common> <6>[ 1205.802700] __switch_to+0x140/0x1e0
<common> <6>[ 1205.803000] 0xffff480693ab4500
<common> <3>[ 1255.138631] The buggy address is located 117 bytes inside of
<common> <3>[ 1255.138631] 128-byte region [ffff0000076a1000, ffff0000076a1080)
<common> <3>[ 1255.140350]
<common> <3>[ 1255.140782] The buggy address belongs to the physical page:
<common> <4>[ 1255.143732] page:00000000c43a6e75 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x476a1
<common> <4>[ 1255.145175] flags: 0x3fffc0000000200(slab|node=0|zone=0|lastcpupid=0xffff)
<common> <4>[ 1255.146506] raw: 03fffc0000000200 0000000000000000 dead000000000001 ffff000006802300
<common> <4>[ 1255.147778] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
<common> <4>[ 1255.148937] page dumped because: kasan: bad access detected
<common> <3>[ 1255.151969]
<common> <3>[ 1255.152425] Memory state around the buggy address:
<common> <3>[ 1255.153311] ffff0000076a0f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
<common> <3>[ 1255.154492] ffff0000076a0f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<common> <3>[ 1306.226237] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
<common> <3>[ 1306.240532] >ffff0000076a1000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
<common> <3>[ 1306.240780] ^
<common> <3>[ 1306.240991] ffff0000076a1080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<common> <3>[ 1306.241247] ffff0000076a1100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
<common> <3>[ 1306.241454] ==================================================================
<common> <4>[ 1306.252116] (detected by 1, t=36987 jiffies, g=680, q=2 ncpus=2)
<common> <3>[ 1306.253223] rcu: INFO: Stall ended before state dump start
<common> <6>[ 1306.261069] ok 19 - kmalloc_oob_memset_4
<common> <3>[ 1306.282426] ==================================================================
<common> <3>[ 1306.284710] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0xdc/0x1e0
<common> <3>[ 1306.289710] Write of size 8 at addr ffff00000789ac71 by task kunit_try_catch/273
<common> <3>[ 1306.291223]
<common> <3>[ 1306.291772] CPU: 1 PID: 273 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<common> <3>[ 1306.295700] Hardware name: linux,dummy-virt (DT)
<common> <3>[ 1306.296743] Call trace:
<common> <3>[ 1306.297427] dump_backtrace+0xb8/0x130
<common> <3>[ 1306.298524] show_stack+0x20/0x60
<common> <3>[ 1306.299337] dump_stack_lvl+0x8c/0xb8
<common> <3>[ 1306.300224] print_report+0x2e4/0x620
<common> <3>[ 1306.301123] kasan_report+0xa8/0x1dc
<common> <3>[ 1306.304201] kasan_check_range+0xf8/0x1a0
<common> <3>[ 1306.305193] memset+0x54/0x90
<common> <3>[ 1306.306060] kmalloc_oob_memset_8+0xdc/0x1e0
<common> <3>[ 1306.307015] kunit_try_run_case+0x8c/0x124
<common> <3>[ 1306.307968] kunit_generic_run_threadfn_adapter+0x38/0x54
<common> <3>[ 1306.309142] kthread+0x160/0x170
<common> <3>[ 1306.312249] ret_from_fork+0x10/0x20
<common> <3>[ 1306.313143]
<common> <3>[ 1306.313596] Allocated by task 273:
<common> <4>[ 1306.314274] kasan_save_stack+0x2c/0x5c
<common> <4>[ 1306.315186] __kasan_kmalloc+0xac/0x104
<common> <4>[ 1306.316069] kmem_cache_alloc_trace+0x1f8/0x3b0
<common> <4>[ 1306.317039] kmalloc_oob_memset_8+0xa0/0x1e0
<common> <4>[ 1306.320187] kunit_try_run_case+0x8c/0x124
<common> <3>[ 1359.275068] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
<common> <4>[ 1359.290335] kunit_generic_run_threadfn_adapter+0x38/0x54
<common> <4>[ 1359.290879] kthread+0x160/0x170
<common> <4>[ 1359.291202] ret_from_fork+0x10/0x20
<common> <3>[ 1359.291530]
<common> <3>[ 1359.291621] The buggy address belongs to the object at ffff00000789ac00
<common> <3>[ 1359.291621] which belongs to the cache kmalloc-128 of size 128
<common> <3>[ 1359.291879] The buggy address is located 113 bytes inside of
<common> <3>[ 1359.291879] 128-byte region [ffff00000789ac00, ffff00000789ac80)
<common> <3>[ 1359.292163]
<common> <3>[ 1359.292265] The buggy address belongs to the physical page:
<common> <4>[ 1359.292418] page:00000000fce45ea4 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4789a
<common> <4>[ 1359.292696] flags: 0x3fffc0000000200(slab|node=0|zone=0|lastcpupid=0xffff)
<common> <4>[ 1359.293122] raw: 03fffc0000000200 0000000000000000 dead000000000001 ffff000006802300
<common> <3>[ 1359.309524] rcu: 1-...!: (1 GPs behind) idle=155/1/0x4000000000000000 softirq=891/892 fqs=4
<common> <4>[ 1359.309943] (detected by 0, t=13247 jiffies, g=685, q=3 ncpus=2)
<common> <6>[ 1359.310189] Task dump for CPU 1:
<common> <6>[ 1359.310310] task:kunit_try_catch state:R running task stack: 0 pid: 273 ppid: 2 flags:0x0000000a
<common> <6>[ 1359.310777] Call trace:
<common> <6>[ 1359.310886] __switch_to+0x140/0x1e0
<common> <6>[ 1359.311210] 0xffff9fa911a61800
<common> <3>[ 1359.311485] rcu: rcu_preempt kthread timer wakeup didn't happen for 13238 jiffies! g685 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402
<common> <3>[ 1359.311772] rcu: Possible timer handling issue on cpu=0 timer-softirq=969
<common> <3>[ 1359.311937] rcu: rcu_preempt kthread starved for 13239 jiffies! g685 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=0
<common> <3>[ 1359.312217] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
<common> <3>[ 1359.312383] rcu: RCU grace-period kthread stack dump:
<common> <6>[ 1359.312506] task:rcu_preempt state:I stack: 0 pid: 16 ppid: 2 flags:0x00000008
<common> <6>[ 1359.312844] Call trace:
<common> <6>[ 1359.312957] __switch_to+0x140/0x1e0
<common> <6>[ 1359.313271] __schedule+0x4f4/0xc74
<common> <6>[ 1359.313577] schedule+0x88/0x13c
<common> <6>[ 1359.313854] schedule_timeout+0x104/0x2b0
<common> <6>[ 1359.314247] rcu_gp_fqs_loop+0x1a0/0x784
<common> <6>[ 1359.314548] rcu_gp_kthread+0x278/0x3a0
<common> <6>[ 1359.314872] kthread+0x160/0x170
<common> <6>[ 1359.315198] ret_from_fork+0x10/0x20
<common> <3>[ 1359.315536] rcu: Stack dump where RCU GP kthread last ran:
<common> <6>[ 1359.315658] Task dump for CPU 0:
<common> <6>[ 1359.315784] task:swapper/0 state:R running task stack: 0 pid: 0 ppid: 0 flags:0x00000008
<common> <6>[ 1359.316224] Call trace:
<common> <6>[ 1359.316337] dump_backtrace+0xb8/0x130
<common> <6>[ 1359.316642] show_stack+0x20/0x60
<common> <6>[ 1359.316923] sched_show_task+0x2a0/0x2d4
<common> <4>[ 1359.326342] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
<common> <4>[ 1359.326581] page dumped because: kasan: bad access detected
<common> <3>[ 1359.326730]
<common> <3>[ 1359.326816] Memory state around the buggy address:
<common> <3>[ 1359.327009] ffff00000789ab00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
<common> <3>[ 1359.327266] ffff00000789ab80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<common> <3>[ 1359.327521] >ffff00000789ac00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
<common> <3>[ 1359.327708] ^
<common> <3>[ 1359.327914] ffff00000789ac80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<common> <3>[ 1359.328169] ffff00000789ad00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
<common> <3>[ 1359.328364] ==================================================================
<common> <3>[ 1414.192806] rcu: INFO: rcu_preempt self-detected stall on CPU
<common> <6>[ 1414.205331] dump_cpu_task+0x64/0x78
<common> <3>[ 1414.206335] rcu: 1-...!: (1 ticks this GP) idle=15f/0/0x1 softirq=896/896 fqs=0
<common> <6>[ 1414.207366] rcu_check_gp_kthread_starvation+0x16c/0x198
<common> <4>[ 1414.208648] (t=13729 jiffies g=689 q=1 ncpus=2)
<common> <6>[ 1414.209036] rcu_sched_clock_irq+0x12bc/0x14a4
<common> <3>[ 1414.210023] rcu: rcu_preempt kthread timer wakeup didn't happen for 13728 jiffies! g689 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402
<common> <3>[ 1414.210431] rcu: Possible timer handling issue on cpu=1 timer-softirq=2784
<common> <6>[ 1414.210899] update_process_times+0x90/0xec
<common> <3>[ 1414.211412] rcu: rcu_preempt kthread starved for 13729 jiffies! g689 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=1
<common> <6>[ 1414.211868] tick_sched_handle+0x70/0xa0
<common> <3>[ 1414.212411] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
<common> <6>[ 1414.212935] tick_sched_timer+0x5c/0xd0
<common> <6>[ 1414.221316] __hrtimer_run_queues+0x234/0x5f0
<common> <3>[ 1414.222139] rcu: RCU grace-period kthread stack dump:
<common> <6>[ 1414.222974] hrtimer_interrupt+0x198/0x384
<common> <6>[ 1414.223818] task:rcu_preempt state:I
<common> <6>[ 1414.224630] arch_timer_handler_virt+0x48/0x60
<common> <4>[ 1414.225495] stack: 0 pid: 16 ppid: 2 flags:0x00000008
<common> <6>[ 1414.226323] handle_percpu_devid_irq+0xe0/0x300
<common> <6>[ 1507.290991] Call trace:
<common> <6>[ 1507.291164] __switch_to+0x140/0x1e0
<common> <6>[ 1507.294659] __schedule+0x4f4/0xc74
<common> <6>[ 1507.294959] schedule+0x88/0x13c
<common> <6>[ 1507.295244] schedule_timeout+0x104/0x2b0
<common> <6>[ 1507.295608] rcu_gp_fqs_loop+0x1a0/0x784
<common> <6>[ 1507.295898] rcu_gp_kthread+0x278/0x3a0
<common> <6>[ 1507.296220] kthread+0x160/0x170
<common> <6>[ 1507.297296] ret_from_fork+0x10/0x20
<common> <3>[ 1507.298799] rcu: Stack dump where RCU GP kthread last ran:
<common> <6>[ 1507.298907] Task dump for CPU 1:
<common> <6>[ 1507.298995] task:swapper/1 state:R running task stack: 0 pid: 0 ppid: 1 flags:0x00000008
<common> <6>[ 1507.299244] Call trace:
<common> <6>[ 1507.299301] dump_backtrace+0xb8/0x130
<common> <6>[ 1507.299462] show_stack+0x20/0x60
<common> <6>[ 1507.299600] sched_show_task+0x2a0/0x2d4
<common> <6>[ 1507.299802] dump_cpu_task+0x64/0x78
<common> <6>[ 1507.299990] rcu_check_gp_kthread_starvation+0x16c/0x198
<common> <6>[ 1507.300219] rcu_sched_clock_irq+0xf9c/0x14a4
<common> <6>[ 1507.300387] update_process_times+0x90/0xec
<common> <6>[ 1507.300599] tick_sched_handle+0x70/0xa0
<common> <6>[ 1507.300770] tick_sched_timer+0x5c/0xd0
<common> <6>[ 1507.300944] __hrtimer_run_queues+0x234/0x5f0
<common> <6>[ 1507.301093] hrtimer_interrupt+0x198/0x384
<common> <6>[ 1507.301245] arch_timer_handler_virt+0x48/0x60
<common> <6>[ 1507.302080] generic_handle_domain_irq+0x50/0x70
<common> <6>[ 1507.302698] gic_handle_irq+0x58/0x160
<common> <6>[ 1507.303471] handle_percpu_devid_irq+0xe0/0x300
<common> <6>[ 1507.304140] call_on_irq_stack+0x2c/0x54
<common> <6>[ 1507.304744] generic_handle_domain_irq+0x50/0x70
<common> <6>[ 1507.305370] do_interrupt_handler+0xc8/0xd0
<common> <6>[ 1507.305789] el1_interrupt+0x34/0x60
<common> <6>[ 1507.306213] el1h_64_irq_handler+0x18/0x2c
<common> <6>[ 1507.306650] el1h_64_irq+0x64/0x68
<common> <6>[ 1507.306930] arch_local_irq_enable+0xc/0x20
<common> <6>[ 1507.307231] default_idle_call+0x5c/0x248
<common> <6>[ 1507.307618] do_idle+0x318/0x3a0
<common> <6>[ 1507.307936] cpu_startup_entry+0x30/0x3c
<common> <6>[ 1507.308278] kernel_init+0x0/0x150
<common> <6>[ 1507.308536] arch_post_acpi_subsys_init+0x0/0x28
<common> <6>[ 1507.308946] start_kernel+0x3b0/0x3e4
<common> <6>[ 1507.309316] __primary_switched+0xc4/0xcc
<common> <6>[ 1507.318894] ok 20 - kmalloc_oob_memset_8
<common> <6>[ 1507.325782] gic_handle_irq+0x58/0x160
<common> <6>[ 1507.326106] call_on_irq_stack+0x2c/0x54
<common> <6>[ 1566.060799] do_interrupt_handler+0xc8/0xd0
<common> <6>[ 1566.062629] el1_interrupt+0x34/0x60
<common> <6>[ 1566.063618] el1h_64_irq_handler+0x18/0x2c
<common> <6>[ 1566.064652] el1h_64_irq+0x64/0x68
<common> <6>[ 1566.066189] arch_local_irq_enable+0xc/0x20
<common> <6>[ 1566.067119] default_idle_call+0x5c/0x248
<common> <6>[ 1566.068104] do_idle+0x318/0x3a0
<common> <6>[ 1566.068922] cpu_startup_entry+0x30/0x3c
<common> <6>[ 1626.749412] secondary_start_kernel+0x248/0x274
<common> <6>[ 1626.750479] __secondary_switched+0xa0/0xa4
<common> <6>[ 1626.751195] Task dump for CPU 1:
<common> <6>[ 1626.751657] task:swapper/1 state:R running task stack: 0 pid: 0 ppid: 1 flags:0x0000000a
<common> <6>[ 1626.752893] Call trace:
<common> <6>[ 1626.753334] dump_backtrace+0xb8/0x130
<common> <6>[ 1626.754317] show_stack+0x20/0x60
<common> <6>[ 1626.755135] sched_show_task+0x2a0/0x2d4
<common> <6>[ 1626.756133] dump_cpu_task+0x64/0x78
<common> <6>[ 1626.757057] rcu_dump_cpu_stacks+0x144/0x18c
<common> <6>[ 1626.758852] rcu_sched_clock_irq+0xfbc/0x14a4
<common> <6>[ 1626.759831] update_process_times+0x90/0xec
<common> <6>[ 1626.760881] tick_sched_handle+0x70/0xa0
<common> <6>[ 1626.762543] tick_sched_timer+0x5c/0xd0
<common> <6>[ 1626.763485] __hrtimer_run_queues+0x234/0x5f0
<common> <6>[ 1626.764417] hrtimer_interrupt+0x198/0x384
<common> <6>[ 1626.766012] arch_timer_handler_virt+0x48/0x60
<common> <6>[ 1626.767060] handle_percpu_devid_irq+0xe0/0x300
<common> <6>[ 1626.768073] generic_handle_domain_irq+0x50/0x70
<common> <6>[ 1626.769168] gic_handle_irq+0x58/0x160
<common> <6>[ 1626.770760] call_on_irq_stack+0x2c/0x54
<common> <6>[ 1626.771694] do_interrupt_handler+0xc8/0xd0
<common> <6>[ 1626.772708] el1_interrupt+0x34/0x60
<common> <6>[ 1626.774392] el1h_64_irq_handler+0x18/0x2c
<common> <6>[ 1626.775461] el1h_64_irq+0x64/0x68
<common> <6>[ 1626.776270] arch_local_irq_enable+0xc/0x20
<common> <6>[ 1626.777181] default_idle_call+0x5c/0x248
<common> <6>[ 1626.778906] do_idle+0x318/0x3a0
<common> <6>[ 1626.779740] cpu_startup_entry+0x30/0x3c
<common> <6>[ 1626.780666] secondary_start_kernel+0x248/0x274
<common> <6>[ 1626.782469] __secondary_switched+0xa0/0xa4
<common> <3>[ 1626.838848] ==================================================================
<common> <3>[ 1626.840392] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0xdc/0x1e0
<common> <3>[ 1626.844138] Write of size 16 at addr ffff00000769a569 by task kunit_try_catch/274
<common> <3>[ 1626.845397]
<common> <3>[ 1626.845865] CPU: 0 PID: 274 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<common> <3>[ 1626.847201] Hardware name: linux,dummy-virt (DT)
<common> <3>[ 1626.847999] Call trace:
<common> <3>[ 1689.456414] dump_backtrace+0xb8/0x130
<common> <3>[ 1689.459737] show_stack+0x20/0x60
<common> <3>[ 1689.460598] dump_stack_lvl+0x8c/0xb8
<common> <3>[ 1689.461531] print_report+0x2e4/0x620
<common> <3>[ 1689.462437] kasan_report+0xa8/0x1dc
<common> <3>[ 1689.463317] kasan_check_range+0xf8/0x1a0
<common> <3>[ 1689.464291] memset+0x54/0x90
<common> <3>[ 1689.465145] kmalloc_oob_memset_16+0xdc/0x1e0
<common> <3>[ 1689.466154] kunit_try_run_case+0x8c/0x124
<common> <3>[ 1689.467119] kunit_generic_run_threadfn_adapter+0x38/0x54
<common> <3>[ 1689.468455] kthread+0x160/0x170
<common> <3>[ 1689.469349] ret_from_fork+0x10/0x20
<common> <3>[ 1689.470260]
<common> <3>[ 1689.470691] Allocated by task 274:
<common> <4>[ 1689.471368] kasan_save_stack+0x2c/0x5c
<common> <4>[ 1689.472268] __kasan_kmalloc+0xac/0x104
<common> <4>[ 1689.473160] kmem_cache_alloc_trace+0x1f8/0x3b0
<common> <4>[ 1689.474180] kmalloc_oob_memset_16+0xa0/0x1e0
<common> <4>[ 1689.475135] kunit_try_run_case+0x8c/0x124
<common> <4>[ 1689.476085] kunit_generic_run_threadfn_adapter+0x38/0x54
<common> <4>[ 1689.477233] kthread+0x160/0x170
<common> <4>[ 1689.478086] ret_from_fork+0x10/0x20
<common> <3>[ 1689.478955]
<common> <3>[ 1689.479379] The buggy address belongs to the object at ffff00000769a500
<common> <3>[ 1689.479379] which belongs to the cache kmalloc-128 of size 128
<common> <3>[ 1689.481081] The buggy address is located 105 bytes inside of
<common> <3>[ 1689.481081] 128-byte region [ffff00000769a500, ffff00000769a580)
<common> <3>[ 1689.482760]
<common> <3>[ 1689.483203] The buggy address belongs to the physical page:
<common> <4>[ 1689.484084] page:0000000096b3938d refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4769a
<common> <4>[ 1689.485502] flags: 0x3fffc0000000200(slab|node=0|zone=0|lastcpupid=0xffff)
<common> <4>[ 1689.486832] raw: 03fffc0000000200 dead000000000100 dead000000000122 ffff000006802300
<common> <4>[ 1689.488107] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
<common> <4>[ 1689.489280] page dumped because: kasan: bad access detected
<common> <3>[ 1689.490179]
<common> <3>[ 1689.490605] Memory state around the buggy address:
<common> <3>[ 1689.491478] ffff00000769a400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
<common> <3>[ 1754.138789] ffff00000769a480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<common> <3>[ 1754.140005] >ffff00000769a500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
<common> <3>[ 1754.141193] ^
<common> <3>[ 1754.143569] ffff00000769a580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<common> <3>[ 1754.146925] ffff00000769a600: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
<common> <3>[ 1754.150175] ==================================================================
<common> <6>[ 1754.260968] ok 21 - kmalloc_oob_memset_16
<common> <3>[ 1754.287068] ==================================================================
<common> <3>[ 1754.288874] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0xe8/0x1f0
<common> <3>[ 1754.291813] Read of size 18446744073709551614 at addr ffff00000769a404 by task kunit_try_catch/275
<common> <3>[ 1754.293244]
<common> <3>[ 1754.295268] CPU: 0 PID: 275 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<common> <3>[ 1754.296585] Hardware name: linux,dummy-virt (DT)
<common> <3>[ 1754.297926] Call trace:
<common> <3>[ 1754.298497] dump_backtrace+0xb8/0x130
<common> <3>[ 1754.299369] show_stack+0x20/0x60
<common> <3>[ 1754.300162] dump_stack_lvl+0x8c/0xb8
<common> <3>[ 1754.301037] print_report+0x2e4/0x620
<common> <3>[ 1754.302345] kasan_report+0xa8/0x1dc
<common> <3>[ 1754.303234] kasan_check_range+0xf8/0x1a0
<common> <3>[ 1754.304195] memmove+0x5c/0x110
<common> <3>[ 1754.305051] kmalloc_memmove_negative_size+0xe8/0x1f0
<common> <3>[ 1754.307976] kunit_try_run_case+0x8c/0x124
<common> <3>[ 1754.308931] kunit_generic_run_threadfn_adapter+0x38/0x54
<common> <3>[ 1754.310519] kthread+0x160/0x170
<common> <3>[ 1754.311366] ret_from_fork+0x10/0x20
<common> <3>[ 1754.312241]
<common> <3>[ 1754.312664] Allocated by task 275:
<common> <4>[ 1754.313704] kasan_save_stack+0x2c/0x5c
<common> <4>[ 1754.314634] __kasan_kmalloc+0xac/0x104
<common> <4>[ 1754.315510] kmem_cache_alloc_trace+0x1f8/0x3b0
<common> <4>[ 1754.316459] kmalloc_memmove_negative_size+0xa0/0x1f0
<common> <4>[ 1754.317889] kunit_try_run_case+0x8c/0x124
<common> <4>[ 1754.318864] kunit_generic_run_threadfn_adapter+0x38/0x54
<common> <4>[ 1795.535092] kthread+0x160/0x170
<common> <4>[ 1795.535770] ret_from_fork+0x10/0x20
<common> <3>[ 1795.536418]
<common> <3>[ 1795.536762] The buggy address belongs to the object at ffff00000769a400
<common> <3>[ 1795.536762] which belongs to the cache kmalloc-128 of size 128
<common> <3>[ 1795.537699] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
<common> <3>[ 1795.557807] The buggy address is located 4 bytes inside of
<common> <3>[ 1795.557807] 128-byte region [ffff00000769a400, ffff00000769a480)
<common> <3>[ 1795.564075] rcu: 0-...!: (1 GPs behind) idle=08f/1/0x4000000000000000 softirq=1030/1031 fqs=1
<common> <4>[ 1795.564728] (detected by 1, t=10314 jiffies, g=701, q=3 ncpus=2)
<common> <3>[ 1795.572176]
<common> <3>[ 1795.572289] The buggy address belongs to the physical page:
<common> <6>[ 1795.573202] Task dump for CPU 0:
<common> <4>[ 1795.573981] page:0000000096b3938d refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4769a
<common> <4>[ 1795.574340] flags: 0x3fffc0000000200(slab|node=0|zone=0|lastcpupid=0xffff)
<common> <6>[ 1795.574976] task:kunit_try_catch state:R
<common> <4>[ 1795.575596] raw: 03fffc0000000200 dead000000000100 dead000000000122 ffff000006802300
<common> <4>[ 1795.576468] running task
<common> <4>[ 1795.577386] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
<common> <4>[ 1795.589462] stack: 0 pid: 275 ppid: 2 flags:0x00000008
<common> <4>[ 1795.590369] page dumped because: kasan: bad access detected
<common> <6>[ 1795.590830] Call trace:
<common> <3>[ 1795.591693]
<common> <3>[ 1795.591782] Memory state around the buggy address:
<common> <6>[ 1795.592414] __switch_to+0x140/0x1e0
<common> <3>[ 1795.593166] ffff00000769a300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
<common> <6>[ 1795.593517] 0xa300bdfd3d933100
<common> <3>[ 1795.593884] ffff00000769a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<common> <3>[ 1795.594481] rcu: rcu_preempt kthread timer wakeup didn't happen for 10307 jiffies! g701 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402
<common> <3>[ 1795.595013] >ffff00000769a400: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
<common> <3>[ 1795.595790] rcu: Possible timer handling issue on cpu=1 timer-softirq=2789
<common> <3>[ 1795.596242] ^
<common> <3>[ 1795.597071] rcu: rcu_preempt kthread starved for 10308 jiffies! g701 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=1
<common> <3>[ 1795.612428] ffff00000769a480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<common> <3>[ 1795.613170] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
<common> <3>[ 1795.613727] ffff00000769a500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
<common> <3>[ 1795.614788] rcu: RCU grace-period kthread stack dump:
<common> <3>[ 1795.615616] ==================================================================
<common> <6>[ 1795.616627] task:rcu_preempt state:I stack: 0 pid: 16 ppid: 2 flags:0x00000008
<common> <6>[ 1795.635130] Call trace:
<common> <6>[ 1795.635698] __switch_to+0x140/0x1e0
<common> <6>[ 1795.636527] __schedule+0x4f4/0xc74
<common> <6>[ 1795.636738] ok 22 - kmalloc_memmove_negative_size
<common> <6>[ 1795.637339] schedule+0x88/0x13c
<common> <6>[ 1795.637616] schedule_timeout+0x104/0x2b0
<common> <6>[ 1795.639418] rcu_gp_fqs_loop+0x1a0/0x784
<common> <6>[ 1795.640294] rcu_gp_kthread+0x278/0x3a0
<common> <6>[ 1795.641130] kthread+0x160/0x170
<common> <6>[ 1795.655016] ret_from_fork+0x10/0x20
<common> <3>[ 1795.655928] rcu: Stack dump where RCU GP kthread last ran:
<common> <6>[ 1795.656755] Task dump for CPU 1:
<common> <6>[ 1795.661660] task:swapper/1 state:R running task stack: 0 pid: 0 ppid: 1 flags:0x0000000a
<common> <6>[ 1795.663280] Call trace:
<common> <6>[ 1795.663809] dump_backtrace+0xb8/0x130
<common> <6>[ 1795.664645] show_stack+0x20/0x60
<common> <6>[ 1795.665339] sched_show_task+0x2a0/0x2d4
<common> <6>[ 1795.666296] dump_cpu_task+0x64/0x78
<common> <6>[ 1795.666944] rcu_check_gp_kthread_starvation+0x16c/0x198
<common> <6>[ 1795.667742] rcu_sched_clock_irq+0x12bc/0x14a4
<common> <6>[ 1795.668407] update_process_times+0x90/0xec
<common> <6>[ 1795.669089] tick_sched_handle+0x70/0xa0
<common> <6>[ 1795.670077] tick_sched_timer+0x5c/0xd0
<common> <6>[ 1795.671787] __hrtimer_run_queues+0x234/0x5f0
<common> <6>[ 1795.673161] hrtimer_interrupt+0x198/0x384
<common> <6>[ 1795.675365] arch_timer_handler_virt+0x48/0x60
<common> <6>[ 1795.676852] handle_percpu_devid_irq+0xe0/0x300
<common> <6>[ 1795.678930] generic_handle_domain_irq+0x50/0x70
<common> <6>[ 1795.680649] gic_handle_irq+0x58/0x160
<common> <6>[ 1795.682565] call_on_irq_stack+0x2c/0x54
<common> <6>[ 1795.683792] do_interrupt_handler+0xc8/0xd0
<common> <6>[ 1795.685237] el1_interrupt+0x34/0x60
<common> <6>[ 1795.687417] el1h_64_irq_handler+0x18/0x2c
<common> <6>[ 1795.688879] el1h_64_irq+0x64/0x68
<common> <6>[ 1795.691311] arch_local_irq_enable+0xc/0x20
<common> <6>[ 1795.692528] default_idle_call+0x5c/0x248
<common> <6>[ 1795.694570] do_idle+0x318/0x3a0
<common> <6>[ 1795.695854] cpu_startup_entry+0x2c/0x3c
<common> <6>[ 1795.697233] secondary_start_kernel+0x248/0x274
<common> <6>[ 1795.699361] __secondary_switched+0xa0/0xa4
<common> <3>[ 1795.735781] ==================================================================
<common> <3>[ 1795.739804] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0xe8/0x1f0
<common> <3>[ 1795.741085] Read of size 64 at addr ffff00000769aa04 by task kunit_try_catch/276
<common> <3>[ 1795.742569]
<common> <3>[ 1795.743175] CPU: 0 PID: 276 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<common> <3>[ 1795.744678] Hardware name: linux,dummy-virt (DT)
<common> <3>[ 1795.745817] Call trace:
<common> <3>[ 1795.746492] dump_backtrace+0xb8/0x130
<common> <3>[ 1795.747652] show_stack+0x20/0x60
<common> <3>[ 1795.748582] dump_stack_lvl+0x8c/0xb8
<common> <3>[ 1795.749758] print_report+0x2e4/0x620
<common> <3>[ 1795.750801] kasan_report+0xa8/0x1dc
<common> <3>[ 1795.751922] kasan_check_range+0xf8/0x1a0
<common> <3>[ 1795.753151] memmove+0x5c/0x110
<common> <3>[ 1795.754186] kmalloc_memmove_invalid_size+0xe8/0x1f0
<common> <3>[ 1795.755558] kunit_try_run_case+0x8c/0x124
<common> <3>[ 1795.756747] kunit_generic_run_threadfn_adapter+0x38/0x54
<common> <3>[ 1795.758155] kthread+0x160/0x170
<common> <3>[ 1795.759116] ret_from_fork+0x10/0x20
<common> <3>[ 1795.760332]
<common> <3>[ 1795.760950] Allocated by task 276:
<common> <4>[ 1795.761790] kasan_save_stack+0x2c/0x5c
<common> <4>[ 1795.763023] __kasan_kmalloc+0xac/0x104
<common> <4>[ 1795.764152] kmem_cache_alloc_trace+0x1f8/0x3b0
<common> <4>[ 1795.765420] kmalloc_memmove_invalid_size+0xa4/0x1f0
<common> <4>[ 1795.766754] kunit_try_run_case+0x8c/0x124
<common> <4>[ 1795.767979] kunit_generic_run_threadfn_adapter+0x38/0x54
<common> <4>[ 1795.769380] kthread+0x160/0x170
<common> <4>[ 1795.770363] ret_from_fork+0x10/0x20
<common> <3>[ 1795.771544]
<common> <3>[ 1795.772144] The buggy address belongs to the object at ffff00000769aa00
<common> <3>[ 1795.772144] which belongs to the cache kmalloc-128 of size 128
<common> <3>[ 1795.774206] The buggy address is located 4 bytes inside of
<common> <3>[ 1795.774206] 128-byte region [ffff00000769aa00, ffff00000769aa80)
<common> <3>[ 1795.776177]
<common> <3>[ 1795.776777] The buggy address belongs to the physical page:
<common> <4>[ 1795.777844] page:0000000096b3938d refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4769a
<common> <4>[ 1795.779580] flags: 0x3fffc0000000200(slab|node=0|zone=0|lastcpupid=0xffff)
<common> <4>[ 1795.781092] raw: 03fffc0000000200 dead000000000100 dead000000000122 ffff000006802300
<common> <4>[ 1795.782745] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
<common> <4>[ 1795.784099] page dumped because: kasan: bad access detected
<common> <3>[ 1795.785234]
<common> <3>[ 1795.785837] Memory state around the buggy address:
<common> <3>[ 1795.786917] ffff00000769a900: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<common> <3>[ 1795.788267] ffff00000769a980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<common> <3>[ 1795.789663] >ffff00000769aa00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
<common> <3>[ 1795.790955] ^
<common> <3>[ 1795.792137] ffff00000769aa80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<common> <3>[ 1795.793491] ffff00000769ab00: 00 06 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<common> <3>[ 1795.794783] ==================================================================
<common> <6>[ 1795.799563] ok 23 - kmalloc_memmove_invalid_size
<common> <3>[ 1795.803907] ==================================================================
<common> <3>[ 1795.806013] BUG: KASAN: use-after-free in kmalloc_uaf+0xd0/0x1c4
<common> <3>[ 1795.808342] Read of size 1 at addr ffff00000789a808 by task kunit_try_catch/278
<common> <3>[ 1795.810205]
<common> <3>[ 1795.811942] CPU: 1 PID: 278 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<common> <3>[ 1795.813483] Hardware name: linux,dummy-virt (DT)
<common> <3>[ 1795.815543] Call trace:
<common> <3>[ 1795.816444] dump_backtrace+0xb8/0x130
<common> <3>[ 1795.819226] show_stack+0x20/0x60
<common> <3>[ 1795.820073] dump_stack_lvl+0x8c/0xb8
<common> <3>[ 1795.821216] print_report+0x2e4/0x620
<common> <3>[ 1795.823334] kasan_report+0xa8/0x1dc
<common> <3>[ 1795.824429] __asan_load1+0x88/0xb0
<common> <3>[ 1795.826691] kmalloc_uaf+0xd0/0x1c4
<common> <3>[ 1795.827809] kunit_try_run_case+0x8c/0x124
<common> <3>[ 1795.829011] kunit_generic_run_threadfn_adapter+0x38/0x54
<common> <3>[ 1795.831550] kthread+0x160/0x170
<common> <3>[ 1795.832504] ret_from_fork+0x10/0x20
<common> <3>[ 1795.834798]
<common> <3>[ 1795.835375] Allocated by task 278:
<common> <4>[ 1795.836140] kasan_save_stack+0x2c/0x5c
<common> <4>[ 1795.838646] __kasan_kmalloc+0xac/0x104
<common> <4>[ 1795.839404] kmem_cache_alloc_trace+0x1f8/0x3b0
<common> <4>[ 1795.840582] kmalloc_uaf+0x9c/0x1c4
<common> <4>[ 1795.842760] kunit_try_run_case+0x8c/0x124
<common> <4>[ 1795.843758] kunit_generic_run_threadfn_adapter+0x38/0x54
<common> <4>[ 1795.845377] kthread+0x160/0x170
<common> <4>[ 1795.847503] ret_from_fork+0x10/0x20
<common> <3>[ 1795.848566]
<common> <3>[ 1795.849138] Freed by task 278:
<common> <4>[ 1795.851069] kasan_save_stack+0x2c/0x5c
<common> <4>[ 1795.852163] kasan_set_track+0x2c/0x40
<common> <4>[ 1795.853243] kasan_set_free_info+0x28/0x50
<common> <4>[ 1795.855463] ____kasan_slab_free+0x15c/0x1b4
<common> <4>[ 1795.856637] __kasan_slab_free+0x18/0x2c
<common> <4>[ 1795.858758] slab_free_freelist_hook+0xbc/0x220
<common> <4>[ 1795.860330] kfree+0xe0/0x3f0
<common> <4>[ 1795.861165] kmalloc_uaf+0xbc/0x1c4
<common> <4>[ 1795.863233] kunit_try_run_case+0x8c/0x124
<common> <4>[ 1795.864377] kunit_generic_run_threadfn_adapter+0x38/0x54
<common> <4>[ 1795.866950] kthread+0x160/0x170
<common> <4>[ 1795.868001] ret_from_fork+0x10/0x20
<common> <3>[ 1795.869086]
<common> <3>[ 1795.870817] The buggy address belongs to the object at ffff00000789a800
<common> <3>[ 1795.870817] which belongs to the cache kmalloc-128 of size 128
<common> <3>[ 1795.872776] The buggy address is located 8 bytes inside of
<common> <3>[ 1795.872776] 128-byte region [ffff00000789a800, ffff00000789a880)
<common> <3>[ 1795.875701]
<common> <3>[ 1795.876476] The buggy address belongs to the physical page:
<common> <4>[ 1795.878543] page:00000000fce45ea4 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4789a
<common> <4>[ 1795.880045] flags: 0x3fffc0000000200(slab|node=0|zone=0|lastcpupid=0xffff)
<common> <4>[ 1795.882782] raw: 03fffc0000000200 0000000000000000 dead000000000001 ffff000006802300
<common> <4>[ 1795.884068] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
<common> <4>[ 1795.886600] page dumped because: kasan: bad access detected
<common> <3>[ 1795.887730]
<common> <3>[ 1795.888279] Memory state around the buggy address:
<common> <3>[ 1795.890568] ffff00000789a700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
<common> <3>[ 1795.892022] ffff00000789a780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<common> <3>[ 1795.894560] >ffff00000789a800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
<common> <3>[ 1795.895939] ^
<common> <3>[ 1795.896744] ffff00000789a880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<common> <3>[ 1795.899262] ffff00000789a900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
<common> <3>[ 1795.900545] ==================================================================
<common> <6>[ 1795.907822] ok 24 - kmalloc_uaf
<common> <3>[ 1795.916693] ==================================================================
<common> <3>[ 1795.918440] BUG: KASAN: use-after-free in kmalloc_uaf_memset+0xd8/0x1cc
<common> <3>[ 1795.919987] Write of size 33 at addr ffff0000076bf100 by task kunit_try_catch/279
<common> <3>[ 1795.921415]
<common> <3>[ 1795.922044] CPU: 0 PID: 279 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<common> <3>[ 1795.923641] Hardware name: linux,dummy-virt (DT)
<common> <3>[ 1795.924600] Call trace:
<common> <3>[ 1795.925297] dump_backtrace+0xb8/0x130
<common> <3>[ 1795.926399] show_stack+0x20/0x60
<common> <3>[ 1795.927296] dump_stack_lvl+0x8c/0xb8
<common> <3>[ 1795.928396] print_report+0x2e4/0x620
<common> <3>[ 1795.929446] kasan_report+0xa8/0x1dc
<common> <3>[ 1795.930548] kasan_check_range+0xf8/0x1a0
<common> <3>[ 1795.931667] memset+0x54/0x90
<common> <3>[ 1795.932572] kmalloc_uaf_memset+0xd8/0x1cc
<common> <3>[ 1795.933769] kunit_try_run_case+0x8c/0x124
<common> <3>[ 1795.934946] kunit_generic_run_threadfn_adapter+0x38/0x54
<common> <3>[ 1795.936326] kthread+0x160/0x170
<common> <3>[ 1795.937331] ret_from_fork+0x10/0x20
<common> <3>[ 1795.938451]
<common> <3>[ 1795.939026] Allocated by task 279:
<common> <4>[ 1795.939790] kasan_save_stack+0x2c/0x5c
<common> <4>[ 1795.940797] __kasan_kmalloc+0xac/0x104
<common> <4>[ 1795.941999] kmem_cache_alloc_trace+0x1f8/0x3b0
<common> <4>[ 1795.943215] kmalloc_uaf_memset+0x9c/0x1cc
<common> <4>[ 1795.944263] kunit_try_run_case+0x8c/0x124
<common> <4>[ 1795.945487] kunit_generic_run_threadfn_adapter+0x38/0x54
<common> <4>[ 1795.946883] kthread+0x160/0x170
<common> <4>[ 1795.947856] ret_from_fork+0x10/0x20
<common> <3>[ 1795.948947]
<common> <3>[ 1795.949546] Freed by task 279:
<common> <4>[ 1795.950312] kasan_save_stack+0x2c/0x5c
<common> <4>[ 1795.951313] kasan_set_track+0x2c/0x40
<common> <4>[ 1795.952406] kasan_set_free_info+0x28/0x50
<common> <4>[ 1795.953587] ____kasan_slab_free+0x15c/0x1b4
<common> <4>[ 1795.954649] __kasan_slab_free+0x18/0x2c
<common> <4>[ 1795.955770] slab_free_freelist_hook+0xbc/0x220
<common> <4>[ 1795.957104] kfree+0xe0/0x3f0
<common> <4>[ 1795.957936] kmalloc_uaf_memset+0xbc/0x1cc
<common> <4>[ 1795.959070] kunit_try_run_case+0x8c/0x124
<common> <4>[ 1795.960155] kunit_generic_run_threadfn_adapter+0x38/0x54
<common> <4>[ 1795.961441] kthread+0x160/0x170
<common> <4>[ 1795.962388] ret_from_fork+0x10/0x20
<common> <3>[ 1795.963455]
<common> <3>[ 1795.964022] The buggy address belongs to the object at ffff0000076bf100
<common> <3>[ 1795.964022] which belongs to the cache kmalloc-128 of size 128
<common> <3>[ 1795.966055] The buggy address is located 0 bytes inside of
<common> <3>[ 1795.966055] 128-byte region [ffff0000076bf100, ffff0000076bf180)
<common> <3>[ 1795.967849]
<common> <3>[ 1795.968398] The buggy address belongs to the physical page:
<common> <4>[ 1795.969430] page:000000000012f197 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x476bf
<common> <4>[ 1795.970963] flags: 0x3fffc0000000200(slab|node=0|zone=0|lastcpupid=0xffff)
<common> <4>[ 1795.972652] raw: 03fffc0000000200 fffffc00001dac00 dead000000000004 ffff000006802300
<common> <4>[ 1795.973903] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
<common> <4>[ 1795.975235] page dumped because: kasan: bad access detected
<common> <3>[ 1795.976254]
<common> <3>[ 1795.976802] Memory state around the buggy address:
<common> <3>[ 1795.977835] ffff0000076bf000: 00 00 07 fc fc fc fc fc fc fc fc fc fc fc fc fc
<common> <3>[ 1795.979187] ffff0000076bf080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<common> <3>[ 1795.980547] >ffff0000076bf100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
<common> <3>[ 1795.981862] ^
<common> <3>[ 1795.982651] ffff0000076bf180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<common> <3>[ 1795.983976] ffff0000076bf200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
<common> <3>[ 1795.985277] ==================================================================
<common> <6>[ 1795.991899] ok 25 - kmalloc_uaf_memset
<common> <3>[ 1796.002358] ==================================================================
<common> <3>[ 1796.008667] BUG: KASAN: use-after-free in kmalloc_uaf2+0x10c/0x29c
<common> <3>[ 1796.010425] Read of size 1 at addr ffff00000789a528 by task kunit_try_catch/280
<common> <3>[ 1796.012144]
<common> <3>[ 1796.012839] CPU: 1 PID: 280 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<common> <3>[ 1796.014700] Hardware name: linux,dummy-virt (DT)
<common> <3>[ 1796.015890] Call trace:
<common> <3>[ 1796.016813] dump_backtrace+0xb8/0x130
<common> <3>[ 1796.018121] show_stack+0x20/0x60
<common> <3>[ 1796.019110] dump_stack_lvl+0x8c/0xb8
<common> <3>[ 1796.020409] print_report+0x2e4/0x620
<common> <3>[ 1796.021777] kasan_report+0xa8/0x1dc
<common> <3>[ 1796.023061] __asan_load1+0x88/0xb0
<common> <3>[ 1796.024355] kmalloc_uaf2+0x10c/0x29c
<common> <3>[ 1796.025625] kunit_try_run_case+0x8c/0x124
<common> <3>[ 1796.027043] kunit_generic_run_threadfn_adapter+0x38/0x54
<common> <3>[ 1796.028404] kthread+0x160/0x170
<common> <3>[ 1796.029551] ret_from_fork+0x10/0x20
<common> <3>[ 1796.030589]
<common> <3>[ 1796.031438] Allocated by task 280:
<common> <4>[ 1796.032306] kasan_save_stack+0x2c/0x5c
<common> <4>[ 1796.033188] __kasan_kmalloc+0xac/0x104
<common> <4>[ 1796.034549] kmem_cache_alloc_trace+0x1f8/0x3b0
<common> <4>[ 1796.035969] kmalloc_uaf2+0xb0/0x29c
<common> <4>[ 1796.037010] kunit_try_run_case+0x8c/0x124
<common> <4>[ 1796.038141] kunit_generic_run_threadfn_adapter+0x38/0x54
<common> <4>[ 1796.039448] kthread+0x160/0x170
<common> <4>[ 1796.040710] ret_from_fork+0x10/0x20
<common> <3>[ 1796.042004]
<common> <3>[ 1796.042636] Freed by task 280:
<common> <4>[ 1796.043426] kasan_save_stack+0x2c/0x5c
<common> <4>[ 1796.044281] kasan_set_track+0x2c/0x40
<common> <4>[ 1796.045793] kasan_set_free_info+0x28/0x50
<common> <4>[ 1796.046982] ____kasan_slab_free+0x15c/0x1b4
<common> <4>[ 1796.048083] __kasan_slab_free+0x18/0x2c
<common> <4>[ 1796.049502] slab_free_freelist_hook+0xbc/0x220
<common> <4>[ 1796.050994] kfree+0xe0/0x3f0
<common> <4>[ 1796.051980] kmalloc_uaf2+0xc8/0x29c
<common> <4>[ 1796.052768] kunit_try_run_case+0x8c/0x124
<common> <4>[ 1796.054234] kunit_generic_run_threadfn_adapter+0x38/0x54
<common> <4>[ 1796.055788] kthread+0x160/0x170
<common> <4>[ 1796.056786] ret_from_fork+0x10/0x20
<common> <3>[ 1796.058943]
<common> <3>[ 1796.059311] The buggy address belongs to the object at ffff00000789a500
<common> <3>[ 1796.059311] which belongs to the cache kmalloc-128 of size 128
<common> <3>[ 1796.064763] The buggy address is located 40 bytes inside of
<common> <3>[ 1796.064763] 128-byte region [ffff00000789a500, ffff00000789a580)
<common> <3>[ 1796.067757]
<common> <3>[ 1796.068530] The buggy address belongs to the physical page:
<common> <4>[ 1796.070439] page:00000000fce45ea4 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4789a
<common> <4>[ 1796.072743] flags: 0x3fffc0000000200(slab|node=0|zone=0|lastcpupid=0xffff)
<common> <4>[ 1796.075352] raw: 03fffc0000000200 0000000000000000 dead000000000001 ffff000006802300
<common> <4>[ 1796.077246] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
<common> <4>[ 1796.079320] page dumped because: kasan: bad access detected
<common> <3>[ 1796.080518]
<common> <3>[ 1796.081248] Memory state around the buggy address:
<common> <3>[ 1796.083118] ffff00000789a400: 00 00 00 00 00 03 fc fc fc fc fc fc fc fc fc fc
<common> <3>[ 1796.085198] ffff00000789a480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<common> <3>[ 1796.086724] >ffff00000789a500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
<common> <3>[ 1796.088744] ^
<common> <3>[ 1796.090294] ffff00000789a580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<common> <3>[ 1796.092063] ffff00000789a600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
<common> <3>[ 1796.093795] ==================================================================
<common> <6>[ 1796.099778] ok 26 - kmalloc_uaf2
<common> <6>[ 1796.109002] ok 27 - kfree_via_page
<common> <6>[ 1796.119444] ok 28 - kfree_via_phys
<common> <3>[ 1796.131855] ==================================================================
<common> <3>[ 1796.133533] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0xe0/0x250
<common> <3>[ 1796.135097] Read of size 1 at addr ffff00000e2e90c8 by task kunit_try_catch/283
<common> <3>[ 1796.136464]
<common> <3>[ 1796.137038] CPU: 0 PID: 283 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<common> <3>[ 1796.138611] Hardware name: linux,dummy-virt (DT)
<common> <3>[ 1796.139574] Call trace:
<common> <3>[ 1796.140266] dump_backtrace+0xb8/0x130
<common> <3>[ 1796.141445] show_stack+0x20/0x60
<common> <3>[ 1796.142370] dump_stack_lvl+0x8c/0xb8
<common> <3>[ 1796.143527] print_report+0x2e4/0x620
<common> <3>[ 1796.144563] kasan_report+0xa8/0x1dc
<common> <3>[ 1796.145738] __asan_load1+0x88/0xb0
<common> <3>[ 1796.146757] kmem_cache_oob+0xe0/0x250
<common> <3>[ 1796.147912] kunit_try_run_case+0x8c/0x124
<common> <3>[ 1796.148997] kunit_generic_run_threadfn_adapter+0x38/0x54
<common> <3>[ 1796.150423] kthread+0x160/0x170
<common> <3>[ 1796.151388] ret_from_fork+0x10/0x20
<common> <3>[ 1796.152385]
<common> <3>[ 1796.152828] Allocated by task 283:
<common> <4>[ 1796.153819] kasan_save_stack+0x2c/0x5c
<common> <4>[ 1796.155188] __kasan_slab_alloc+0xc0/0xd0
<common> <4>[ 1796.157130] kmem_cache_alloc+0x180/0x3a0
<common> <4>[ 1796.158259] kmem_cache_oob+0xbc/0x250
<common> <4>[ 1796.160568] kunit_try_run_case+0x8c/0x124
<common> <4>[ 1796.161728] kunit_generic_run_threadfn_adapter+0x38/0x54
<common> <4>[ 1796.162997] kthread+0x160/0x170
<common> <4>[ 1796.163929] ret_from_fork+0x10/0x20
<common> <3>[ 1796.165044]
<common> <3>[ 1796.167053] The buggy address belongs to the object at ffff00000e2e9000
<common> <3>[ 1796.167053] which belongs to the cache test_cache of size 200
<common> <3>[ 1796.168981] The buggy address is located 0 bytes to the right of
<common> <3>[ 1796.168981] 200-byte region [ffff00000e2e9000, ffff00000e2e90c8)
<common> <3>[ 1796.170825]
<common> <3>[ 1796.171355] The buggy address belongs to the physical page:
<common> <4>[ 1796.172346] page:000000003ac1b269 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4e2e9
<common> <4>[ 1796.175377] flags: 0x3fffc0000000200(slab|node=0|zone=0|lastcpupid=0xffff)
<common> <4>[ 1796.176978] raw: 03fffc0000000200 0000000000000000 dead000000000122 ffff00000759be00
<common> <4>[ 1796.178294] raw: 0000000000000000 00000000800f000f 00000001ffffffff 0000000000000000
<common> <4>[ 1796.179592] page dumped because: kasan: bad access detected
<common> <3>[ 1796.180626]
<common> <3>[ 1796.181197] Memory state around the buggy address:
<common> <3>[ 1796.183724] ffff00000e2e8f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
<common> <3>[ 1796.184952] ffff00000e2e9000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
<common> <3>[ 1796.186310] >ffff00000e2e9080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc
<common> <3>[ 1796.187604] ^
<common> <3>[ 1796.188633] ffff00000e2e9100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<common> <3>[ 1796.191686] ffff00000e2e9180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<common> <3>[ 1796.192842] ==================================================================
<common> <6>[ 1796.219525] ok 29 - kmem_cache_oob
<common> <1>[ 1796.227625] Unable to handle kernel paging request at virtual address dead0000000000c2
<common> <1>[ 1796.232172] Mem abort info:
<common> <1>[ 1796.233183] ESR = 0x0000000096000004
<common> <1>[ 1796.236146] EC = 0x25: DABT (current EL), IL = 32 bits
<common> <1>[ 1796.240846] SET = 0, FnV = 0
<common> <1>[ 1796.243243] EA = 0, S1PTW = 0
<common> <1>[ 1796.244314] FSC = 0x04: level 0 translation fault
<common> <1>[ 1796.247460] Data abort info:
<common> <1>[ 1796.248719] ISV = 0, ISS = 0x00000004
<common> <1>[ 1796.251536] CM = 0, WnR = 0
<common> <1>[ 1796.252357] [dead0000000000c2] address between user and kernel address ranges
<common> <0>[ 1796.256274] Internal error: Oops: 96000004 [#1] PREEMPT SMP
<common> <4>[ 1796.257789] Modules linked in:
<common> <4>[ 1796.258667] CPU: 0 PID: 284 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<common> <4>[ 1796.260117] Hardware name: linux,dummy-virt (DT)
<common> <4>[ 1796.261058] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
<common> <4>[ 1796.263815] pc : find_mergeable+0x108/0x1dc
<common> <4>[ 1796.265047] lr : find_mergeable+0x110/0x1dc
<common> <4>[ 1796.266146] sp : ffff8000088b7c50
<common> <4>[ 1796.266960] x29: ffff8000088b7c50 x28: 0000000000000000 x27: 000000000000011b
<common> <4>[ 1796.268640] x26: ffffb5ed1da38220 x25: ffffb5ed1ecf5800 x24: 000000000402c000
<common> <4>[ 1796.271606] x23: 0000000000a90c00 x22: 0000000004000000 x21: 00000000fffffff8
<common> <4>[ 1796.273241] x20: 00000000000000c8 x19: dead0000000000ba x18: 0000000010ac2324
<common> <4>[ 1796.274904] x17: 0000000000000000 x16: 0000000000000000 x15: 00000000000c8000
<common> <4>[ 1796.276554] x14: 00000000000c8000 x13: 6461657268745f68 x12: ffff700001116f95
<common> <4>[ 1796.279510] x11: 1ffff00001116f94 x10: ffff700001116f94 x9 : ffffb5ed18df9378
<common> <4>[ 1796.281188] x8 : ffff8000088b7ca7 x7 : 0000000000000001 x6 : ffff700001116f94
<common> <4>[ 1796.282856] x5 : 0000000000000000 x4 : 0000000000000002 x3 : 0000000000000000
<common> <4>[ 1796.284463] x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000108
<common> <4>[ 1796.287497] Call trace:
<common> <4>[ 1796.288400] find_mergeable+0x108/0x1dc
<common> <4>[ 1796.289619] __kmem_cache_alias+0x38/0xc0
<common> <4>[ 1796.290624] kmem_cache_create_usercopy+0x130/0x2bc
<common> <4>[ 1796.291862] kmem_cache_create+0x24/0x30
<common> <4>[ 1796.293027] kmem_cache_accounted+0x90/0x160
<common> <4>[ 1796.295491] kunit_try_run_case+0x8c/0x124
<common> <4>[ 1796.296677] kunit_generic_run_threadfn_adapter+0x38/0x54
<common> <4>[ 1796.298432] kthread+0x160/0x170
<common> <4>[ 1796.299499] ret_from_fork+0x10/0x20
<common> <0>[ 1796.301148] Code: eb1a003f 54000480 39400321 35ffff61 (b9400a7b)
<common> <4>[ 1796.303569] ---[ end trace 0000000000000000 ]---
poweroff
next prev parent reply other threads:[~2022-10-06 7:46 UTC|newest]
Thread overview: 119+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-03 7:09 [PATCH 5.19 000/101] 5.19.13-rc1 review Greg Kroah-Hartman
2022-10-03 7:09 ` [PATCH 5.19 001/101] riscv: make t-head erratas depend on MMU Greg Kroah-Hartman
2022-10-03 7:09 ` [PATCH 5.19 002/101] tools/perf: Fix out of bound access to cpu mask array Greg Kroah-Hartman
2022-10-03 7:09 ` Greg Kroah-Hartman
2022-10-03 7:09 ` [PATCH 5.19 003/101] perf record: Fix cpu mask bit setting for mixed mmaps Greg Kroah-Hartman
2022-10-03 7:10 ` [PATCH 5.19 004/101] counter: 104-quad-8: Utilize iomap interface Greg Kroah-Hartman
2022-10-03 7:10 ` [PATCH 5.19 005/101] counter: 104-quad-8: Implement and utilize register structures Greg Kroah-Hartman
2022-10-03 7:10 ` [PATCH 5.19 006/101] counter: 104-quad-8: Fix skipped IRQ lines during events configuration Greg Kroah-Hartman
2022-10-03 7:10 ` [PATCH 5.19 007/101] uas: add no-uas quirk for Hiksemi usb_disk Greg Kroah-Hartman
2022-10-03 7:10 ` [PATCH 5.19 008/101] usb-storage: Add Hiksemi USB3-FW to IGNORE_UAS Greg Kroah-Hartman
2022-10-03 7:10 ` [PATCH 5.19 009/101] uas: ignore UAS for Thinkplus chips Greg Kroah-Hartman
2022-10-03 7:10 ` [PATCH 5.19 010/101] usb: typec: ucsi: Remove incorrect warning Greg Kroah-Hartman
2022-10-03 7:10 ` [PATCH 5.19 011/101] thunderbolt: Explicitly reset plug events delay back to USB4 spec value Greg Kroah-Hartman
2022-10-03 7:10 ` [PATCH 5.19 012/101] net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455 Greg Kroah-Hartman
2022-10-03 7:10 ` [PATCH 5.19 013/101] Input: snvs_pwrkey - fix SNVS_HPVIDR1 register address Greg Kroah-Hartman
2022-10-03 7:10 ` [PATCH 5.19 014/101] can: c_can: dont cache TX messages for C_CAN cores Greg Kroah-Hartman
2022-10-03 7:10 ` [PATCH 5.19 015/101] clk: ingenic-tcu: Properly enable registers before accessing timers Greg Kroah-Hartman
2022-10-03 7:10 ` [PATCH 5.19 016/101] wifi: mac80211: ensure vif queues are operational after start Greg Kroah-Hartman
2022-10-03 7:10 ` [PATCH 5.19 017/101] x86/sgx: Do not fail on incomplete sanitization on premature stop of ksgxd Greg Kroah-Hartman
2022-10-03 7:10 ` [PATCH 5.19 018/101] frontswap: dont call ->init if no ops are registered Greg Kroah-Hartman
2022-10-03 7:10 ` [PATCH 5.19 019/101] ARM: dts: integrator: Tag PCI host with device_type Greg Kroah-Hartman
2022-10-03 7:10 ` [PATCH 5.19 020/101] ntfs: fix BUG_ON in ntfs_lookup_inode_by_name() Greg Kroah-Hartman
2022-10-03 7:10 ` [PATCH 5.19 021/101] x86/uaccess: avoid check_object_size() in copy_from_user_nmi() Greg Kroah-Hartman
2022-10-03 7:10 ` [PATCH 5.19 022/101] mm/damon/dbgfs: fix memory leak when using debugfs_lookup() Greg Kroah-Hartman
2022-10-03 7:10 ` [PATCH 5.19 023/101] net: mt7531: only do PLL once after the reset Greg Kroah-Hartman
2022-10-03 7:10 ` [PATCH 5.19 024/101] Revert "firmware: arm_scmi: Add clock management to the SCMI power domain" Greg Kroah-Hartman
2022-10-03 7:10 ` [PATCH 5.19 025/101] powerpc/64s/radix: dont need to broadcast IPI for radix pmd collapse flush Greg Kroah-Hartman
2022-10-03 7:10 ` [PATCH 5.19 026/101] drm/i915/gt: Restrict forced preemption to the active context Greg Kroah-Hartman
2022-10-03 7:10 ` [PATCH 5.19 027/101] drm/amdgpu: Add amdgpu suspend-resume code path under SRIOV Greg Kroah-Hartman
2022-10-03 7:10 ` [PATCH 5.19 028/101] vduse: prevent uninitialized memory accesses Greg Kroah-Hartman
2022-10-03 7:10 ` [PATCH 5.19 029/101] libata: add ATA_HORKAGE_NOLPM for Pioneer BDR-207M and BDR-205 Greg Kroah-Hartman
2022-10-03 7:10 ` [PATCH 5.19 030/101] mm: fix BUG splat with kvmalloc + GFP_ATOMIC Greg Kroah-Hartman
2022-10-03 7:10 ` [PATCH 5.19 031/101] mptcp: factor out __mptcp_close() without socket lock Greg Kroah-Hartman
2022-10-03 7:10 ` [PATCH 5.19 032/101] mptcp: fix unreleased socket in accept queue Greg Kroah-Hartman
2022-10-03 7:10 ` [PATCH 5.19 033/101] mmc: moxart: fix 4-bit bus width and remove 8-bit bus width Greg Kroah-Hartman
2022-10-03 7:10 ` [PATCH 5.19 034/101] mmc: hsq: Fix data stomping during mmc recovery Greg Kroah-Hartman
2022-10-03 7:10 ` [PATCH 5.19 035/101] mm: gup: fix the fast GUP race against THP collapse Greg Kroah-Hartman
2022-10-03 7:10 ` [PATCH 5.19 036/101] mm/page_alloc: fix race condition between build_all_zonelists and page allocation Greg Kroah-Hartman
2022-10-03 7:10 ` [PATCH 5.19 037/101] mm: prevent page_frag_alloc() from corrupting the memory Greg Kroah-Hartman
2022-10-03 7:10 ` [PATCH 5.19 038/101] mm/page_isolation: fix isolate_single_pageblock() isolation behavior Greg Kroah-Hartman
2022-10-03 7:10 ` [PATCH 5.19 039/101] mm: fix dereferencing possible ERR_PTR Greg Kroah-Hartman
2022-10-03 7:10 ` [PATCH 5.19 040/101] mm/migrate_device.c: flush TLB while holding PTL Greg Kroah-Hartman
2022-10-03 7:10 ` [PATCH 5.19 041/101] mm/migrate_device.c: add missing flush_cache_page() Greg Kroah-Hartman
2022-10-03 7:10 ` [PATCH 5.19 042/101] mm/migrate_device.c: copy pte dirty bit to page Greg Kroah-Hartman
2022-10-03 7:10 ` [PATCH 5.19 043/101] mm: fix madivse_pageout mishandling on non-LRU page Greg Kroah-Hartman
2022-10-03 7:10 ` [PATCH 5.19 044/101] mm: bring back update_mmu_cache() to finish_fault() Greg Kroah-Hartman
2022-10-03 7:10 ` [PATCH 5.19 045/101] mm/hugetlb: correct demote page offset logic Greg Kroah-Hartman
2022-10-03 7:10 ` [PATCH 5.19 046/101] mm,hwpoison: check mm when killing accessing process Greg Kroah-Hartman
2022-10-03 7:10 ` [PATCH 5.19 047/101] media: dvb_vb2: fix possible out of bound access Greg Kroah-Hartman
2022-10-03 7:10 ` [PATCH 5.19 048/101] media: rkvdec: Disable H.264 error detection Greg Kroah-Hartman
2022-10-03 7:10 ` [PATCH 5.19 049/101] media: mediatek: vcodec: Drop platform_get_resource(IORESOURCE_IRQ) Greg Kroah-Hartman
2022-10-03 7:10 ` [PATCH 5.19 050/101] media: v4l2-compat-ioctl32.c: zero buffer passed to v4l2_compat_get_array_args() Greg Kroah-Hartman
2022-10-03 7:10 ` [PATCH 5.19 051/101] ARM: dts: am33xx: Fix MMCHS0 dma properties Greg Kroah-Hartman
2022-10-03 7:10 ` [PATCH 5.19 052/101] reset: imx7: Fix the iMX8MP PCIe PHY PERST support Greg Kroah-Hartman
2022-10-03 7:10 ` [PATCH 5.19 053/101] ARM: dts: am5748: keep usb4_tm disabled Greg Kroah-Hartman
2022-10-03 7:10 ` [PATCH 5.19 054/101] soc: sunxi: sram: Actually claim SRAM regions Greg Kroah-Hartman
2022-10-03 7:10 ` [PATCH 5.19 055/101] soc: sunxi: sram: Prevent the driver from being unbound Greg Kroah-Hartman
2022-10-03 7:10 ` [PATCH 5.19 056/101] soc: sunxi: sram: Fix probe function ordering issues Greg Kroah-Hartman
2022-10-03 7:10 ` [PATCH 5.19 057/101] soc: sunxi: sram: Fix debugfs info for A64 SRAM C Greg Kroah-Hartman
2022-10-03 7:10 ` [PATCH 5.19 058/101] ASoC: imx-card: Fix refcount issue with of_node_put Greg Kroah-Hartman
2022-10-03 7:10 ` [PATCH 5.19 059/101] clk: microchip: mpfs: fix clk_cfg array bounds violation Greg Kroah-Hartman
2022-10-03 7:10 ` [PATCH 5.19 060/101] clk: microchip: mpfs: make the rtcs ahb clock critical Greg Kroah-Hartman
2022-10-03 7:10 ` [PATCH 5.19 061/101] arm64: dts: qcom: sm8350: fix UFS PHY serdes size Greg Kroah-Hartman
2022-10-03 7:10 ` [PATCH 5.19 062/101] ASoC: tas2770: Reinit regcache on reset Greg Kroah-Hartman
2022-10-03 7:10 ` [PATCH 5.19 063/101] drm/bridge: lt8912b: add vsync hsync Greg Kroah-Hartman
2022-10-03 7:11 ` [PATCH 5.19 064/101] drm/bridge: lt8912b: set hdmi or dvi mode Greg Kroah-Hartman
2022-10-03 7:11 ` [PATCH 5.19 065/101] drm/bridge: lt8912b: fix corrupted image output Greg Kroah-Hartman
2022-10-03 7:11 ` [PATCH 5.19 066/101] net: macb: Fix ZynqMP SGMII non-wakeup source resume failure Greg Kroah-Hartman
2022-10-03 7:11 ` [PATCH 5.19 067/101] Revert "drm: bridge: analogix/dp: add panel prepare/unprepare in suspend/resume time" Greg Kroah-Hartman
2022-10-03 7:11 ` [PATCH 5.19 068/101] Input: melfas_mip4 - fix return value check in mip4_probe() Greg Kroah-Hartman
2022-10-03 7:11 ` [PATCH 5.19 069/101] gpio: mvebu: Fix check for pwm support on non-A8K platforms Greg Kroah-Hartman
2022-10-03 7:11 ` [PATCH 5.19 070/101] perf parse-events: Break out tracepoint and printing Greg Kroah-Hartman
2022-10-03 7:11 ` [PATCH 5.19 071/101] perf print-events: Fix "perf list" can not display the PMU prefix for some hybrid cache events Greg Kroah-Hartman
2022-10-03 7:11 ` [PATCH 5.19 072/101] perf parse-events: Remove "not supported" " Greg Kroah-Hartman
2022-10-03 7:11 ` [PATCH 5.19 073/101] usbnet: Fix memory leak in usbnet_disconnect() Greg Kroah-Hartman
2022-10-03 7:11 ` [PATCH 5.19 074/101] net: sched: act_ct: fix possible refcount leak in tcf_ct_init() Greg Kroah-Hartman
2022-10-03 7:11 ` [PATCH 5.19 075/101] cxgb4: fix missing unlock on ETHOFLD desc collect fail path Greg Kroah-Hartman
2022-10-03 7:11 ` [PATCH 5.19 076/101] net/mlxbf_gige: Fix an IS_ERR() vs NULL bug in mlxbf_gige_mdio_probe Greg Kroah-Hartman
2022-10-03 7:11 ` [PATCH 5.19 077/101] nvme: Fix IOC_PR_CLEAR and IOC_PR_RELEASE ioctls for nvme devices Greg Kroah-Hartman
2022-10-03 7:11 ` [PATCH 5.19 078/101] wifi: cfg80211: fix MCS divisor value Greg Kroah-Hartman
2022-10-03 7:11 ` [PATCH 5.19 079/101] wifi: mac80211: fix regression with non-QoS drivers Greg Kroah-Hartman
2022-10-03 7:11 ` [PATCH 5.19 080/101] wifi: mac80211: fix memory corruption in minstrel_ht_update_rates() Greg Kroah-Hartman
2022-10-03 7:11 ` [PATCH 5.19 081/101] net: stmmac: power up/down serdes in stmmac_open/release Greg Kroah-Hartman
2022-10-03 7:11 ` [PATCH 5.19 082/101] net: phy: Dont WARN for PHY_UP state in mdio_bus_phy_resume() Greg Kroah-Hartman
2022-10-03 7:11 ` [PATCH 5.19 083/101] selftests: Fix the if conditions of in test_extra_filter() Greg Kroah-Hartman
2022-10-03 7:11 ` [PATCH 5.19 084/101] ice: xsk: change batched Tx descriptor cleaning Greg Kroah-Hartman
2022-10-03 7:11 ` [PATCH 5.19 085/101] ice: xsk: drop power of 2 ring size restriction for AF_XDP Greg Kroah-Hartman
2022-10-03 7:11 ` [PATCH 5.19 086/101] vdpa/ifcvf: fix the calculation of queuepair Greg Kroah-Hartman
2022-10-03 7:11 ` [PATCH 5.19 087/101] virtio-blk: Fix WARN_ON_ONCE in virtio_queue_rq() Greg Kroah-Hartman
2022-10-03 7:11 ` [PATCH 5.19 088/101] vdpa/mlx5: Fix MQ to support non power of two num queues Greg Kroah-Hartman
2022-10-03 7:11 ` [PATCH 5.19 089/101] dont use __kernel_write() on kmap_local_page() Greg Kroah-Hartman
2022-10-03 9:09 ` Geert Uytterhoeven
2022-10-04 17:47 ` Greg Kroah-Hartman
2022-10-03 7:11 ` [PATCH 5.19 090/101] clk: imx: imx6sx: remove the SET_RATE_PARENT flag for QSPI clocks Greg Kroah-Hartman
2022-10-03 7:11 ` [PATCH 5.19 091/101] drm/i915/gt: Perf_limit_reasons are only available for Gen11+ Greg Kroah-Hartman
2022-10-03 7:11 ` [PATCH 5.19 092/101] clk: iproc: Do not rely on node name for correct PLL setup Greg Kroah-Hartman
2022-10-03 7:11 ` [PATCH 5.19 093/101] clk: imx93: drop of_match_ptr Greg Kroah-Hartman
2022-10-03 7:11 ` [PATCH 5.19 094/101] net: mscc: ocelot: fix tagged VLAN refusal while under a VLAN-unaware bridge Greg Kroah-Hartman
2022-10-03 7:11 ` [PATCH 5.19 095/101] net: ethernet: mtk_eth_soc: fix mask of RX_DMA_GET_SPORT{,_V2} Greg Kroah-Hartman
2022-10-03 7:11 ` [PATCH 5.19 096/101] perf test: Fix test case 87 ("perf record tests") for hybrid systems Greg Kroah-Hartman
2022-10-03 7:11 ` [PATCH 5.19 097/101] perf tests record: Fail the test if the errs counter is not zero Greg Kroah-Hartman
2022-10-03 7:11 ` [PATCH 5.19 098/101] KVM: x86: Hide IA32_PLATFORM_DCA_CAP[31:0] from the guest Greg Kroah-Hartman
2022-10-03 7:11 ` [PATCH 5.19 099/101] x86/cacheinfo: Add a cpu_llc_shared_mask() UP variant Greg Kroah-Hartman
2022-10-03 7:11 ` [PATCH 5.19 100/101] x86/alternative: Fix race in try_get_desc() Greg Kroah-Hartman
2022-10-03 7:11 ` [PATCH 5.19 101/101] damon/sysfs: fix possible memleak on damon_sysfs_add_target Greg Kroah-Hartman
2022-10-03 17:51 ` [PATCH 5.19 000/101] 5.19.13-rc1 review Guenter Roeck
2022-10-03 18:50 ` Florian Fainelli
2022-10-03 19:02 ` Justin Forbes
2022-10-03 20:39 ` Slade Watkins
2022-10-03 21:28 ` Shuah Khan
2022-10-03 23:24 ` Zan Aziz
2022-10-04 6:06 ` Ron Economos
2022-10-04 6:48 ` Naresh Kamboju
2022-10-05 9:38 ` Feng Tang
2022-10-06 7:45 ` Naresh Kamboju [this message]
2022-10-05 10:50 ` Hyeonggon Yoo
2022-10-04 7:27 ` Bagas Sanjaya
2022-10-04 11:47 ` Sudip Mukherjee (Codethink)
2022-10-04 13:40 ` Fenil Jain
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CA+G9fYuzs=tVXBzDuYMp6YpCg5_OOgVjjPC+=CdVsVb45bM-3g@mail.gmail.com' \
--to=naresh.kamboju@linaro.org \
--cc=42.hyeyoo@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=f.fainelli@gmail.com \
--cc=feng.tang@intel.com \
--cc=gregkh@linuxfoundation.org \
--cc=jonathanh@nvidia.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@roeck-us.net \
--cc=lkft-triage@lists.linaro.org \
--cc=longman@redhat.com \
--cc=patches@kernelci.org \
--cc=pavel@denx.de \
--cc=shuah@kernel.org \
--cc=srw@sladewatkins.net \
--cc=stable@vger.kernel.org \
--cc=sudipm.mukherjee@gmail.com \
--cc=torvalds@linux-foundation.org \
--cc=vbabka@suse.cz \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.