<6>[ 0.000000] Booting Linux on physical CPU 0x0000000000 [0x000f0510] <5>[ 0.000000] Linux version 5.19.13-rc1 (tuxmake@tuxmake) (aarch64-linux-gnu-gcc (Debian 11.3.0-3) 11.3.0, GNU ld (GNU Binutils for Debian) 2.38.90.20220713) #1 SMP PREEMPT @1664782420 <6>[ 0.000000] Machine model: linux,dummy-virt <6>[ 0.000000] efi: UEFI not found. <6>[ 0.000000] NUMA: No NUMA configuration found <6>[ 0.000000] NUMA: Faking a node at [mem 0x0000000040000000-0x000000007fffffff] <6>[ 0.000000] NUMA: NODE_DATA [mem 0x7fdffb40-0x7fe01fff] <6>[ 0.000000] Zone ranges: <6>[ 0.000000] DMA [mem 0x0000000040000000-0x000000007fffffff] <6>[ 0.000000] DMA32 empty <6>[ 0.000000] Normal empty <6>[ 0.000000] Movable zone start for each node <6>[ 0.000000] Early memory node ranges <6>[ 0.000000] node 0: [mem 0x0000000040000000-0x000000007fffffff] <6>[ 0.000000] Initmem setup node 0 [mem 0x0000000040000000-0x000000007fffffff] <6>[ 0.000000] cma: Reserved 32 MiB at 0x000000007cc00000 <6>[ 0.000000] kasan: KernelAddressSanitizer initialized (generic) <6>[ 0.000000] psci: probing for conduit method from DT. <6>[ 0.000000] psci: PSCIv1.1 detected in firmware. <6>[ 0.000000] psci: Using standard PSCI v0.2 function IDs <6>[ 0.000000] psci: Trusted OS migration not required <6>[ 0.000000] psci: SMC Calling Convention v1.0 <6>[ 0.000000] percpu: Embedded 30 pages/cpu s83240 r8192 d31448 u122880 <7>[ 0.000000] pcpu-alloc: s83240 r8192 d31448 u122880 alloc=30*4096 <7>[ 0.000000] pcpu-alloc: [0] 0 [0] 1 <6>[ 0.000000] Detected PIPT I-cache on CPU0 <6>[ 0.000000] CPU features: detected: Address authentication (IMP DEF algorithm) <6>[ 0.000000] CPU features: detected: GIC system register CPU interface <6>[ 0.000000] CPU features: detected: Spectre-v2 <6>[ 0.000000] CPU features: detected: Spectre-v4 <6>[ 0.000000] CPU features: kernel page table isolation forced ON by KASLR <6>[ 0.000000] CPU features: detected: Kernel page table isolation (KPTI) <6>[ 0.000000] alternatives: patching kernel code <6>[ 0.000000] Fallback order for Node 0: 0 <6>[ 0.000000] Built 1 zonelists, mobility grouping on. Total pages: 258048 <6>[ 0.000000] Policy zone: DMA <5>[ 0.000000] Kernel command line: console=ttyAMA0,115200 rootwait root=/dev/vda debug verbose console_msg_format=syslog <5>[ 0.000000] Unknown kernel command line parameters \"verbose\", will be passed to user space. <6>[ 0.000000] Dentry cache hash table entries: 131072 (order: 8, 1048576 bytes, linear) <6>[ 0.000000] Inode-cache hash table entries: 65536 (order: 7, 524288 bytes, linear) <6>[ 0.000000] mem auto-init: stack:off, heap alloc:off, heap free:off <6>[ 0.000000] Stack Depot early init allocating hash table with memblock_alloc, 8388608 bytes <6>[ 0.000000] Memory: 737900K/1048576K available (29120K kernel code, 20624K rwdata, 21040K rodata, 30080K init, 1205K bss, 277908K reserved, 32768K cma-reserved) <6>[ 0.000000] SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=2, Nodes=1 <6>[ 0.000000] ftrace: allocating 72326 entries in 283 pages <6>[ 0.000000] ftrace: allocated 283 pages with 5 groups <6>[ 0.000000] trace event string verifier disabled <6>[ 0.000000] rcu: Preemptible hierarchical RCU implementation. <6>[ 0.000000] rcu: RCU event tracing is enabled. <6>[ 0.000000] rcu: RCU restricting CPUs from NR_CPUS=256 to nr_cpu_ids=2. <6>[ 0.000000] Trampoline variant of Tasks RCU enabled. <6>[ 0.000000] Rude variant of Tasks RCU enabled. <6>[ 0.000000] Tracing variant of Tasks RCU enabled. <6>[ 0.000000] rcu: RCU calculated value of scheduler-enlistment delay is 25 jiffies. <6>[ 0.000000] rcu: Adjusting geometry for rcu_fanout_leaf=16, nr_cpu_ids=2 <6>[ 0.000000] NR_IRQS: 64, nr_irqs: 64, preallocated irqs: 0 <6>[ 0.000000] GICv3: 224 SPIs implemented <6>[ 0.000000] GICv3: 0 Extended SPIs implemented <6>[ 0.000000] Root IRQ handler: gic_handle_irq <6>[ 0.000000] GICv3: GICv3 features: 16 PPIs <6>[ 0.000000] GICv3: CPU0: found redistributor 0 region 0:0x00000000080a0000 <6>[ 0.000000] ITS [mem 0x08080000-0x0809ffff] <6>[ 0.000000] ITS@0x0000000008080000: allocated 8192 Devices @47030000 (indirect, esz 8, psz 64K, shr 1) <6>[ 0.000000] ITS@0x0000000008080000: allocated 8192 Interrupt Collections @47040000 (flat, esz 8, psz 64K, shr 1) <6>[ 0.000000] GICv3: using LPI property table @0x0000000047050000 <6>[ 0.000000] GICv3: CPU0: using allocated LPI pending table @0x0000000047060000 <6>[ 0.000000] rcu: srcu_init: Setting srcu_struct sizes based on contention. <6>[ 0.000000] kfence: initialized - using 2097152 bytes for 255 objects at 0x(____ptrval____)-0x(____ptrval____) <6>[ 0.000000] arch_timer: cp15 timer(s) running at 62.50MHz (virt). <6>[ 0.000000] clocksource: arch_sys_counter: mask: 0x1ffffffffffffff max_cycles: 0x1cd42e208c, max_idle_ns: 881590405314 ns <6>[ 0.000102] sched_clock: 57 bits at 63MHz, resolution 16ns, wraps every 4398046511096ns <5>[ 0.003703] random: crng init done <6>[ 0.031225] Console: colour dummy device 80x25 <6>[ 0.041157] Calibrating delay loop (skipped), value calculated using timer frequency.. 125.00 BogoMIPS (lpj=250000) <6>[ 0.043293] pid_max: default: 32768 minimum: 301 <6>[ 0.048068] LSM: Security Framework initializing <6>[ 0.057274] Mount-cache hash table entries: 2048 (order: 2, 16384 bytes, linear) <6>[ 0.057580] Mountpoint-cache hash table entries: 2048 (order: 2, 16384 bytes, linear) <4>[ 0.135156] /cpus/cpu-map: empty cluster <6>[ 0.176807] cblist_init_generic: Setting adjustable number of callback queues. <6>[ 0.177189] cblist_init_generic: Setting shift to 1 and lim to 1. <6>[ 0.186446] cblist_init_generic: Setting shift to 1 and lim to 1. <6>[ 0.189984] cblist_init_generic: Setting shift to 1 and lim to 1. <6>[ 0.198789] rcu: Hierarchical SRCU implementation. <6>[ 0.198966] rcu: Max phase no-delay instances is 1000. <6>[ 0.271478] Platform MSI: its@8080000 domain created <6>[ 0.274373] PCI/MSI: /intc@8000000/its@8080000 domain created <6>[ 0.276996] fsl-mc MSI: its@8080000 domain created <6>[ 0.304913] EFI services will not be available. <6>[ 0.313679] smp: Bringing up secondary CPUs ... <6>[ 0.344043] Detected PIPT I-cache on CPU1 <6>[ 0.353757] GICv3: CPU1: found redistributor 1 region 0:0x00000000080c0000 <6>[ 0.355350] GICv3: CPU1: using allocated LPI pending table @0x0000000047070000 <6>[ 0.359511] CPU1: Booted secondary processor 0x0000000001 [0x000f0510] <6>[ 0.369784] smp: Brought up 1 node, 2 CPUs <6>[ 0.369996] SMP: Total of 2 processors activated. <6>[ 0.370342] CPU features: detected: Branch Target Identification <6>[ 0.370554] CPU features: detected: 32-bit EL0 Support <6>[ 0.370683] CPU features: detected: 32-bit EL1 Support <6>[ 0.372007] CPU features: detected: Common not Private translations <6>[ 0.372157] CPU features: detected: CRC32 instructions <6>[ 0.372371] CPU features: detected: Generic authentication (IMP DEF algorithm) <6>[ 0.372504] CPU features: detected: RCpc load-acquire (LDAPR) <6>[ 0.372628] CPU features: detected: LSE atomic instructions <6>[ 0.372750] CPU features: detected: Privileged Access Never <6>[ 0.372874] CPU features: detected: Random Number Generator <6>[ 0.372994] CPU features: detected: Speculation barrier (SB) <6>[ 0.373118] CPU features: detected: TLB range maintenance instructions <6>[ 0.373331] CPU features: detected: Speculative Store Bypassing Safe (SSBS) <6>[ 0.373471] CPU features: detected: Scalable Vector Extension <6>[ 0.835200] SVE: maximum available vector length 256 bytes per vector <6>[ 0.839284] SVE: default vector length 64 bytes per vector <6>[ 0.869069] CPU: All CPU(s) started at EL1 <6>[ 1.009245] devtmpfs: initialized <6>[ 1.300084] KASLR enabled <6>[ 1.308848] clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 7645041785100000 ns <6>[ 1.310182] futex hash table entries: 512 (order: 3, 32768 bytes, linear) <6>[ 1.351214] pinctrl core: initialized pinctrl subsystem <6>[ 1.431592] DMI not present or invalid. <6>[ 1.465202] NET: Registered PF_NETLINK/PF_ROUTE protocol family <6>[ 1.536141] DMA: preallocated 128 KiB GFP_KERNEL pool for atomic allocations <6>[ 1.542351] DMA: preallocated 128 KiB GFP_KERNEL|GFP_DMA pool for atomic allocations <6>[ 1.548990] DMA: preallocated 128 KiB GFP_KERNEL|GFP_DMA32 pool for atomic allocations <6>[ 1.552716] audit: initializing netlink subsys (disabled) <5>[ 1.563170] audit: type=2000 audit(1.368:1): state=initialized audit_enabled=0 res=1 <6>[ 1.621231] thermal_sys: Registered thermal governor 'step_wise' <6>[ 1.621523] thermal_sys: Registered thermal governor 'power_allocator' <6>[ 1.625600] cpuidle: using governor menu <6>[ 1.635726] hw-breakpoint: found 6 breakpoint and 4 watchpoint registers. <6>[ 1.638323] ASID allocator initialised with 32768 entries <6>[ 1.638713] HugeTLB: can optimize 4095 vmemmap pages for hugepages-1048576kB <6>[ 1.639011] HugeTLB: can optimize 127 vmemmap pages for hugepages-32768kB <6>[ 1.639314] HugeTLB: can optimize 7 vmemmap pages for hugepages-2048kB <6>[ 1.639543] HugeTLB: can optimize 0 vmemmap pages for hugepages-64kB <6>[ 1.726098] Serial: AMBA PL011 UART driver <6>[ 2.483024] 9000000.pl011: ttyAMA0 at MMIO 0x9000000 (irq = 13, base_baud = 0) is a PL011 rev1 <6>[ 2.649542] printk: console [ttyAMA0] enabled <6>[ 4.173689] HugeTLB registered 1.00 GiB page size, pre-allocated 0 pages <6>[ 4.175670] HugeTLB registered 32.0 MiB page size, pre-allocated 0 pages <6>[ 4.176873] HugeTLB registered 2.00 MiB page size, pre-allocated 0 pages <6>[ 4.178083] HugeTLB registered 64.0 KiB page size, pre-allocated 0 pages <6>[ 4.312525] cryptd: max_cpu_qlen set to 1000 <6>[ 4.528442] ACPI: Interpreter disabled. <6>[ 4.902469] iommu: Default domain type: Translated <6>[ 4.906734] iommu: DMA domain TLB invalidation policy: strict mode <5>[ 4.971450] SCSI subsystem initialized <7>[ 5.004354] libata version 3.00 loaded. <6>[ 5.064847] usbcore: registered new interface driver usbfs <6>[ 5.087776] usbcore: registered new interface driver hub <6>[ 5.091950] usbcore: registered new device driver usb <6>[ 5.308625] mc: Linux media interface: v0.10 <6>[ 5.316870] videodev: Linux video capture interface: v2.00 <6>[ 5.331737] pps_core: LinuxPPS API ver. 1 registered <6>[ 5.332879] pps_core: Software ver. 5.3.6 - Copyright 2005-2007 Rodolfo Giometti <6>[ 5.340604] PTP clock support registered <6>[ 5.374829] EDAC MC: Ver: 3.0.0 <6>[ 5.533580] FPGA manager framework <6>[ 5.545477] Advanced Linux Sound Architecture Driver Initialized. <6>[ 5.690482] vgaarb: loaded <6>[ 5.771041] clocksource: Switched to clocksource arch_sys_counter <5>[ 5.916665] VFS: Disk quotas dquot_6.6.0 <6>[ 5.931591] VFS: Dquot-cache hash table entries: 512 (order 0, 4096 bytes) <6>[ 5.984423] pnp: PnP ACPI: disabled <6>[ 6.827452] NET: Registered PF_INET protocol family <6>[ 6.838632] IP idents hash table entries: 16384 (order: 5, 131072 bytes, linear) <6>[ 6.905246] tcp_listen_portaddr_hash hash table entries: 512 (order: 1, 8192 bytes, linear) <6>[ 6.914266] Table-perturb hash table entries: 65536 (order: 6, 262144 bytes, linear) <6>[ 6.916324] TCP established hash table entries: 8192 (order: 4, 65536 bytes, linear) <6>[ 6.931926] TCP bind hash table entries: 8192 (order: 5, 131072 bytes, linear) <6>[ 6.939800] TCP: Hash tables configured (established 8192 bind 8192) <6>[ 6.963587] MPTCP token hash table entries: 1024 (order: 2, 24576 bytes, linear) <6>[ 6.976403] UDP hash table entries: 512 (order: 2, 16384 bytes, linear) <6>[ 6.979700] UDP-Lite hash table entries: 512 (order: 2, 16384 bytes, linear) <6>[ 7.018191] NET: Registered PF_UNIX/PF_LOCAL protocol family <6>[ 7.126579] RPC: Registered named UNIX socket transport module. <6>[ 7.127920] RPC: Registered udp transport module. <6>[ 7.128858] RPC: Registered tcp transport module. <6>[ 7.131347] RPC: Registered tcp NFSv4.1 backchannel transport module. <6>[ 7.132864] PCI: CLS 0 bytes, default 64 <6>[ 7.368465] hw perfevents: enabled with armv8_pmuv3 PMU driver, 5 counters available <6>[ 7.391204] kvm [1]: HYP mode not available <5>[ 7.610824] Initialise system trusted keyrings <6>[ 7.637809] workingset: timestamp_bits=42 max_order=18 bucket_order=0 <6>[ 8.772820] squashfs: version 4.0 (2009/01/31) Phillip Lougher <5>[ 8.899228] NFS: Registering the id_resolver key type <5>[ 8.902018] Key type id_resolver registered <5>[ 8.902985] Key type id_legacy registered <6>[ 8.917292] nfs4filelayout_init: NFSv4 File Layout Driver Registering... <6>[ 8.923114] nfs4flexfilelayout_init: NFSv4 Flexfile Layout Driver Registering... <6>[ 8.959780] 9p: Installing v9fs 9p2000 file system support <6>[ 9.143658] NET: Registered PF_ALG protocol family <5>[ 9.149888] Key type asymmetric registered <5>[ 9.150986] Asymmetric key parser 'x509' registered <6>[ 9.159794] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 244) <6>[ 9.165346] io scheduler mq-deadline registered <6>[ 9.168489] io scheduler kyber registered <6>[ 11.150142] pl061_gpio 9030000.pl061: PL061 GPIO chip registered <6>[ 11.542600] pci-host-generic 4010000000.pcie: host bridge /pcie@10000000 ranges: <6>[ 11.548117] pci-host-generic 4010000000.pcie: IO 0x003eff0000..0x003effffff -> 0x0000000000 <6>[ 11.554155] pci-host-generic 4010000000.pcie: MEM 0x0010000000..0x003efeffff -> 0x0010000000 <6>[ 11.556519] pci-host-generic 4010000000.pcie: MEM 0x8000000000..0xffffffffff -> 0x8000000000 <4>[ 11.561003] pci-host-generic 4010000000.pcie: Memory resource size exceeds max for 32 bits <6>[ 12.925046] pci-host-generic 4010000000.pcie: ECAM at [mem 0x4010000000-0x401fffffff] for [bus 00-ff] <6>[ 12.968139] pci-host-generic 4010000000.pcie: PCI host bridge to bus 0000:00 <6>[ 12.974785] pci_bus 0000:00: root bus resource [bus 00-ff] <6>[ 12.976230] pci_bus 0000:00: root bus resource [io 0x0000-0xffff] <6>[ 12.982124] pci_bus 0000:00: root bus resource [mem 0x10000000-0x3efeffff] <6>[ 12.983751] pci_bus 0000:00: root bus resource [mem 0x8000000000-0xffffffffff] <6>[ 12.999860] pci 0000:00:00.0: [1b36:0008] type 00 class 0x060000 <6>[ 13.395054] EINJ: ACPI disabled. <6>[ 17.324962] Serial: 8250/16550 driver, 4 ports, IRQ sharing enabled <6>[ 17.854694] SuperH (H)SCI(F) driver initialized <6>[ 17.944175] msm_serial: driver initialized <4>[ 18.222144] cacheinfo: Unable to detect cache hierarchy for CPU 0 <6>[ 18.866139] loop: module loaded <6>[ 18.872452] virtio_blk virtio0: 1/0/0 default/read/poll queues <5>[ 18.902454] virtio_blk virtio0: [vda] 2797452 512-byte logical blocks (1.43 GB/1.33 GiB) <6>[ 19.255536] megasas: 07.719.03.00-rc1 <5>[ 19.903938] physmap-flash 0.flash: physmap platform flash device: [mem 0x00000000-0x03ffffff] <6>[ 19.915399] 0.flash: Found 2 x16 devices at 0x0 in 32-bit bank. Manufacturer ID 0x000000 Chip ID 0x000000 <6>[ 19.923403] Intel/Sharp Extended Query Table at 0x0031 <6>[ 19.928164] Using buffer write method <7>[ 19.935382] erase region 0: offset=0x0,size=0x40000,blocks=256 <5>[ 20.509294] physmap-flash 0.flash: physmap platform flash device: [mem 0x04000000-0x07ffffff] <6>[ 20.521810] 0.flash: Found 2 x16 devices at 0x0 in 32-bit bank. Manufacturer ID 0x000000 Chip ID 0x000000 <6>[ 20.527152] Intel/Sharp Extended Query Table at 0x0031 <6>[ 20.534854] Using buffer write method <7>[ 20.536199] erase region 0: offset=0x0,size=0x40000,blocks=256 <5>[ 20.538813] Concatenating MTD devices: <5>[ 20.545833] (0): \"0.flash\" <5>[ 20.546609] (1): \"0.flash\" <5>[ 20.547332] into device \"0.flash\" <6>[ 22.299728] thunder_xcv, ver 1.0 <6>[ 22.304421] thunder_bgx, ver 1.0 <6>[ 22.310710] nicpf, ver 1.0 <6>[ 22.507805] hns3: Hisilicon Ethernet Network Driver for Hip08 Family - version <6>[ 22.513331] hns3: Copyright (c) 2017 Huawei Corporation. <6>[ 22.530321] hclge is initializing <6>[ 22.532509] e1000: Intel(R) PRO/1000 Network Driver <6>[ 22.541936] e1000: Copyright (c) 1999-2006 Intel Corporation. <6>[ 22.555080] e1000e: Intel(R) PRO/1000 Network Driver <6>[ 22.556051] e1000e: Copyright(c) 1999 - 2015 Intel Corporation. <6>[ 22.571771] igb: Intel(R) Gigabit Ethernet Network Driver <6>[ 22.572819] igb: Copyright (c) 2007-2014 Intel Corporation. <6>[ 22.593977] igbvf: Intel(R) Gigabit Virtual Function Network Driver <6>[ 22.595137] igbvf: Copyright (c) 2009 - 2012 Intel Corporation. <6>[ 22.699193] sky2: driver version 1.30 <6>[ 22.708206] QLogic FastLinQ 4xxxx Core Module qed <6>[ 22.713809] qede init: QLogic FastLinQ 4xxxx Ethernet Driver qede <6>[ 22.994678] usbcore: registered new interface driver asix <6>[ 23.002665] usbcore: registered new interface driver ax88179_178a <6>[ 23.034268] VFIO - User Level meta-driver version: 0.3 <6>[ 23.318876] ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver <6>[ 23.320952] ehci-pci: EHCI PCI platform driver <6>[ 23.333958] ehci-platform: EHCI generic platform driver <6>[ 23.359801] ehci-orion: EHCI orion driver <6>[ 23.384940] ehci-exynos: EHCI Exynos driver <6>[ 23.407439] ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver <6>[ 23.413695] ohci-pci: OHCI PCI platform driver <6>[ 23.422534] ohci-platform: OHCI generic platform driver <6>[ 23.446857] ohci-exynos: OHCI Exynos driver <6>[ 23.515235] usbcore: registered new interface driver usb-storage <6>[ 23.931946] rtc-pl031 9010000.pl031: registered as rtc0 <6>[ 23.935470] rtc-pl031 9010000.pl031: setting system clock to 2022-10-03T07:46:36 UTC (1664783196) <6>[ 24.014102] i2c_dev: i2c /dev entries driver <6>[ 25.332992] sdhci: Secure Digital Host Controller Interface driver <6>[ 25.334619] sdhci: Copyright(c) Pierre Ossman <6>[ 25.415733] Synopsys Designware Multimedia Card Interface Driver <6>[ 25.698682] sdhci-pltfm: SDHCI platform and OF driver helper <6>[ 26.025791] ledtrig-cpu: registered to indicate activity on CPUs <6>[ 26.407670] usbcore: registered new interface driver usbhid <6>[ 26.408848] usbhid: USB HID core driver <6>[ 26.840347] cs_system_cfg: CoreSight Configuration manager initialised <6>[ 27.432170] NET: Registered PF_INET6 protocol family <6>[ 27.591988] Segment Routing with IPv6 <6>[ 27.599834] In-situ OAM (IOAM) with IPv6 <6>[ 27.614833] NET: Registered PF_PACKET protocol family <6>[ 27.647783] 9pnet: Installing 9P2000 support <5>[ 27.656375] Key type dns_resolver registered <6>[ 27.788024] registered taskstats version 1 <5>[ 27.791983] Loading compiled-in X.509 certificates <4>[ 28.185597] hrtimer: interrupt took 51928464 ns <6>[ 30.775087] input: gpio-keys as /devices/platform/gpio-keys/input/input0 <6>[ 52.644082] ALSA device list: <6>[ 52.644927] No soundcards found. <6>[ 52.648264] TAP version 14 <6>[ 52.649004] 1..47 <6>[ 52.652799] # Subtest: time_test_cases <6>[ 52.654282] 1..1 <6>[ 145.100118] ok 1 - time64_to_tm_test_date_range <6>[ 145.102023] ok 1 - time_test_cases <6>[ 145.110675] # Subtest: resource <6>[ 145.110995] 1..2 <6>[ 145.128770] ok 1 - resource_test_union <6>[ 145.146090] ok 2 - resource_test_intersection <6>[ 145.147172] # resource: pass:2 fail:0 skip:0 total:2 <6>[ 145.148297] # Totals: pass:2 fail:0 skip:0 total:2 <6>[ 145.152185] ok 2 - resource <6>[ 145.160304] # Subtest: sysctl_test <6>[ 145.160627] 1..10 <6>[ 145.182651] ok 1 - sysctl_test_api_dointvec_null_tbl_data <6>[ 145.206041] ok 2 - sysctl_test_api_dointvec_table_maxlen_unset <6>[ 145.230054] ok 3 - sysctl_test_api_dointvec_table_len_is_zero <6>[ 145.252378] ok 4 - sysctl_test_api_dointvec_table_read_but_position_set <6>[ 145.279309] ok 5 - sysctl_test_dointvec_read_happy_single_positive <6>[ 145.298700] ok 6 - sysctl_test_dointvec_read_happy_single_negative <6>[ 145.323330] ok 7 - sysctl_test_dointvec_write_happy_single_positive <6>[ 145.361957] ok 8 - sysctl_test_dointvec_write_happy_single_negative <6>[ 145.413931] ok 9 - sysctl_test_api_dointvec_write_single_less_int_min <6>[ 145.457998] ok 10 - sysctl_test_api_dointvec_write_single_greater_int_max <6>[ 145.459438] # sysctl_test: pass:10 fail:0 skip:0 total:10 <6>[ 145.460757] # Totals: pass:10 fail:0 skip:0 total:10 <6>[ 145.462534] ok 3 - sysctl_test <6>[ 145.482053] # Subtest: kfence <6>[ 145.482975] 1..25 <6>[ 145.505031] # test_out_of_bounds_read: test_alloc: size=128, gfp=cc0, policy=left, cache=0 <3>[ 145.521308] ================================================================== <3>[ 145.524993] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x11c/0x260 <3>[ 145.524993] <3>[ 145.528841] Out-of-bounds read at 0x00000000a541d560 (1B left of kfence-#43): <4>[ 145.543094] test_out_of_bounds_read+0x11c/0x260 <4>[ 145.544333] kunit_try_run_case+0x8c/0x124 <4>[ 145.545356] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 145.546583] kthread+0x160/0x170 <4>[ 145.547448] ret_from_fork+0x10/0x20 <3>[ 145.548394] <4>[ 145.549067] kfence-#43: 0x00000000b43a4815-0x000000000284ca2d, size=128, cache=kmalloc-128 <4>[ 145.549067] <4>[ 145.551274] allocated by task 185 on cpu 0 at 145.517149s: <4>[ 145.552954] test_alloc+0x1ec/0x3f4 <4>[ 145.553990] test_out_of_bounds_read+0x108/0x260 <4>[ 145.555004] kunit_try_run_case+0x8c/0x124 <4>[ 145.555986] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 145.557191] kthread+0x160/0x170 <4>[ 145.560730] ret_from_fork+0x10/0x20 <3>[ 145.561728] <3>[ 145.562423] CPU: 0 PID: 185 Comm: kunit_try_catch Not tainted 5.19.13-rc1 #1 <3>[ 145.563852] Hardware name: linux,dummy-virt (DT) <3>[ 145.564996] ================================================================== <6>[ 145.570745] # test_out_of_bounds_read: test_alloc: size=128, gfp=cc0, policy=right, cache=0 <3>[ 145.621986] ================================================================== <3>[ 145.623232] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x1ac/0x260 <3>[ 145.623232] <3>[ 145.624790] Out-of-bounds read at 0x00000000615dec98 (128B right of kfence-#51): <4>[ 145.626150] test_out_of_bounds_read+0x1ac/0x260 <4>[ 145.627190] kunit_try_run_case+0x8c/0x124 <4>[ 145.628185] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 145.629409] kthread+0x160/0x170 <4>[ 145.630277] ret_from_fork+0x10/0x20 <3>[ 145.631176] <4>[ 145.631624] kfence-#51: 0x0000000087fb6646-0x00000000d0fc8005, size=128, cache=kmalloc-128 <4>[ 145.631624] <4>[ 145.633149] allocated by task 185 on cpu 0 at 145.620042s: <4>[ 145.634372] test_alloc+0x1ec/0x3f4 <4>[ 145.635345] test_out_of_bounds_read+0x198/0x260 <4>[ 145.636339] kunit_try_run_case+0x8c/0x124 <4>[ 145.637328] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 145.638549] kthread+0x160/0x170 <4>[ 145.639397] ret_from_fork+0x10/0x20 <3>[ 145.640285] <3>[ 145.640900] CPU: 0 PID: 185 Comm: kunit_try_catch Tainted: G B 5.19.13-rc1 #1 <3>[ 145.642354] Hardware name: linux,dummy-virt (DT) <3>[ 145.643206] ================================================================== <6>[ 145.658938] ok 1 - test_out_of_bounds_read <6>[ 145.669074] # test_out_of_bounds_read-memcache: setup_test_cache: size=32, ctor=0x0 <6>[ 145.695212] # test_out_of_bounds_read-memcache: test_alloc: size=32, gfp=cc0, policy=left, cache=1 <3>[ 145.857077] ================================================================== <3>[ 145.858808] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x11c/0x260 <3>[ 145.858808] <3>[ 145.860356] Out-of-bounds read at 0x00000000554bc340 (1B left of kfence-#96): <4>[ 145.861618] test_out_of_bounds_read+0x11c/0x260 <4>[ 145.862640] kunit_try_run_case+0x8c/0x124 <4>[ 145.863633] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 145.864844] kthread+0x160/0x170 <4>[ 145.865710] ret_from_fork+0x10/0x20 <3>[ 145.866618] <4>[ 145.867067] kfence-#96: 0x00000000cfb2c818-0x00000000c749c5ae, size=32, cache=test <4>[ 145.867067] <4>[ 145.868504] allocated by task 186 on cpu 0 at 145.855590s: <4>[ 145.869803] test_alloc+0x1dc/0x3f4 <4>[ 145.870797] test_out_of_bounds_read+0x108/0x260 <4>[ 145.871794] kunit_try_run_case+0x8c/0x124 <4>[ 145.872771] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 145.873988] kthread+0x160/0x170 <4>[ 145.874841] ret_from_fork+0x10/0x20 <3>[ 145.875731] <3>[ 145.876205] CPU: 0 PID: 186 Comm: kunit_try_catch Tainted: G B 5.19.13-rc1 #1 <3>[ 145.877631] Hardware name: linux,dummy-virt (DT) <3>[ 145.878495] ================================================================== <6>[ 145.882374] # test_out_of_bounds_read-memcache: test_alloc: size=32, gfp=cc0, policy=right, cache=1 <3>[ 146.186418] ================================================================== <3>[ 146.187712] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x1ac/0x260 <3>[ 146.187712] <3>[ 146.189265] Out-of-bounds read at 0x000000007ae6480b (32B right of kfence-#128): <4>[ 146.191042] test_out_of_bounds_read+0x1ac/0x260 <4>[ 146.192069] kunit_try_run_case+0x8c/0x124 <4>[ 146.193057] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 146.194295] kthread+0x160/0x170 <4>[ 146.195150] ret_from_fork+0x10/0x20 <3>[ 146.196048] <4>[ 146.196497] kfence-#128: 0x00000000a622f8df-0x000000002a926c42, size=32, cache=test <4>[ 146.196497] <4>[ 146.197954] allocated by task 186 on cpu 0 at 146.184476s: <4>[ 146.199169] test_alloc+0x1dc/0x3f4 <4>[ 146.200137] test_out_of_bounds_read+0x198/0x260 <4>[ 146.201130] kunit_try_run_case+0x8c/0x124 <4>[ 146.202127] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 146.203334] kthread+0x160/0x170 <4>[ 146.204174] ret_from_fork+0x10/0x20 <3>[ 146.205056] <3>[ 146.205543] CPU: 0 PID: 186 Comm: kunit_try_catch Tainted: G B 5.19.13-rc1 #1 <3>[ 146.206973] Hardware name: linux,dummy-virt (DT) <3>[ 146.207819] ================================================================== <6>[ 146.308532] ok 2 - test_out_of_bounds_read-memcache <6>[ 146.331361] # test_out_of_bounds_write: test_alloc: size=32, gfp=cc0, policy=left, cache=0 <3>[ 146.510722] ================================================================== <3>[ 146.512067] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0xec/0x1a4 <3>[ 146.512067] <3>[ 146.513718] Out-of-bounds write at 0x0000000096373cb7 (1B left of kfence-#139): <4>[ 146.515034] test_out_of_bounds_write+0xec/0x1a4 <4>[ 146.516067] kunit_try_run_case+0x8c/0x124 <4>[ 146.517114] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 146.518490] kthread+0x160/0x170 <4>[ 146.519372] ret_from_fork+0x10/0x20 <3>[ 146.520290] <4>[ 146.520745] kfence-#139: 0x0000000060778e4f-0x00000000ed903925, size=32, cache=kmalloc-128 <4>[ 146.520745] <4>[ 146.522319] allocated by task 187 on cpu 1 at 146.508136s: <4>[ 146.523540] test_alloc+0x1ec/0x3f4 <4>[ 146.524524] test_out_of_bounds_write+0xd8/0x1a4 <4>[ 146.525540] kunit_try_run_case+0x8c/0x124 <4>[ 146.526544] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 146.527765] kthread+0x160/0x170 <4>[ 146.528648] ret_from_fork+0x10/0x20 <3>[ 146.529557] <3>[ 146.530054] CPU: 1 PID: 187 Comm: kunit_try_catch Tainted: G B 5.19.13-rc1 #1 <3>[ 146.531503] Hardware name: linux,dummy-virt (DT) <3>[ 146.532366] ================================================================== <6>[ 146.564765] ok 3 - test_out_of_bounds_write <6>[ 146.577134] # test_out_of_bounds_write-memcache: setup_test_cache: size=32, ctor=0x0 <6>[ 146.592675] # test_out_of_bounds_write-memcache: test_alloc: size=32, gfp=cc0, policy=left, cache=1 <3>[ 156.602992] # test_out_of_bounds_write-memcache: ASSERTION FAILED at mm/kfence/kfence_test.c:312 <3>[ 156.602992] Expected false to be true, but is false <3>[ 156.602992] <3>[ 156.602992] failed to allocate from KFENCE <6>[ 156.864670] not ok 4 - test_out_of_bounds_write-memcache <6>[ 156.883110] # test_use_after_free_read: test_alloc: size=32, gfp=cc0, policy=any, cache=0 <3>[ 156.920306] ================================================================== <3>[ 156.921649] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x108/0x1a0 <3>[ 156.921649] <3>[ 156.923309] Use-after-free read at 0x00000000caed40f2 (in kfence-#161): <4>[ 156.924510] test_use_after_free_read+0x108/0x1a0 <4>[ 156.925576] kunit_try_run_case+0x8c/0x124 <4>[ 156.926604] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 156.927837] kthread+0x160/0x170 <4>[ 156.928704] ret_from_fork+0x10/0x20 <3>[ 156.929633] <4>[ 156.930097] kfence-#161: 0x00000000caed40f2-0x00000000cfe1dfed, size=32, cache=kmalloc-128 <4>[ 156.930097] <4>[ 156.931655] allocated by task 189 on cpu 1 at 156.916196s: <4>[ 156.932866] test_alloc+0x1ec/0x3f4 <4>[ 156.933866] test_use_after_free_read+0xd8/0x1a0 <4>[ 156.934880] kunit_try_run_case+0x8c/0x124 <4>[ 156.935869] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 156.937087] kthread+0x160/0x170 <4>[ 156.937954] ret_from_fork+0x10/0x20 <4>[ 156.938876] <4>[ 156.939397] freed by task 189 on cpu 1 at 156.918656s: <4>[ 156.940804] test_use_after_free_read+0x100/0x1a0 <4>[ 156.941846] kunit_try_run_case+0x8c/0x124 <4>[ 156.942846] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 156.944067] kthread+0x160/0x170 <4>[ 156.944953] ret_from_fork+0x10/0x20 <3>[ 156.945999] <3>[ 156.946508] CPU: 1 PID: 189 Comm: kunit_try_catch Tainted: G B 5.19.13-rc1 #1 <3>[ 156.947958] Hardware name: linux,dummy-virt (DT) <3>[ 156.948819] ================================================================== <6>[ 156.966907] ok 5 - test_use_after_free_read <6>[ 156.976859] # test_use_after_free_read-memcache: setup_test_cache: size=32, ctor=0x0 <6>[ 156.992569] # test_use_after_free_read-memcache: test_alloc: size=32, gfp=cc0, policy=any, cache=1 <3>[ 157.027293] ================================================================== <3>[ 157.028504] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x108/0x1a0 <3>[ 157.028504] <3>[ 157.030132] Use-after-free read at 0x00000000c829ce1f (in kfence-#163): <4>[ 157.031322] test_use_after_free_read+0x108/0x1a0 <4>[ 157.032362] kunit_try_run_case+0x8c/0x124 <4>[ 157.033393] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 157.034632] kthread+0x160/0x170 <4>[ 157.035502] ret_from_fork+0x10/0x20 <3>[ 157.036413] <4>[ 157.036866] kfence-#163: 0x00000000c829ce1f-0x000000005e59ddd5, size=32, cache=test <4>[ 157.036866] <4>[ 157.038360] allocated by task 190 on cpu 0 at 157.023569s: <4>[ 157.039585] test_alloc+0x1dc/0x3f4 <4>[ 157.040565] test_use_after_free_read+0xd8/0x1a0 <4>[ 157.041582] kunit_try_run_case+0x8c/0x124 <4>[ 157.042580] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 157.043799] kthread+0x160/0x170 <4>[ 157.044649] ret_from_fork+0x10/0x20 <4>[ 157.045599] <4>[ 157.046134] freed by task 190 on cpu 0 at 157.024953s: <4>[ 157.047551] test_use_after_free_read+0xf8/0x1a0 <4>[ 157.048566] kunit_try_run_case+0x8c/0x124 <4>[ 157.049568] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 157.050796] kthread+0x160/0x170 <4>[ 157.051649] ret_from_fork+0x10/0x20 <3>[ 157.052548] <3>[ 157.053031] CPU: 0 PID: 190 Comm: kunit_try_catch Tainted: G B 5.19.13-rc1 #1 <3>[ 157.054498] Hardware name: linux,dummy-virt (DT) <3>[ 157.055359] ================================================================== <6>[ 157.104441] ok 6 - test_use_after_free_read-memcache <6>[ 157.119372] # test_double_free: test_alloc: size=32, gfp=cc0, policy=any, cache=0 <3>[ 157.135669] ================================================================== <3>[ 157.137221] BUG: KFENCE: invalid free in test_double_free+0x11c/0x1b0 <3>[ 157.137221] <3>[ 157.140413] Invalid free of 0x00000000625d21b8 (in kfence-#169): <4>[ 157.142747] test_double_free+0x11c/0x1b0 <4>[ 157.143701] kunit_try_run_case+0x8c/0x124 <4>[ 157.144704] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 157.146066] kthread+0x160/0x170 <4>[ 157.146950] ret_from_fork+0x10/0x20 <3>[ 157.147863] <4>[ 157.148317] kfence-#169: 0x00000000625d21b8-0x000000006be93155, size=32, cache=kmalloc-128 <4>[ 157.148317] <4>[ 157.149883] allocated by task 191 on cpu 0 at 157.128703s: <4>[ 157.151092] test_alloc+0x1ec/0x3f4 <4>[ 157.152074] test_double_free+0xdc/0x1b0 <4>[ 157.152968] kunit_try_run_case+0x8c/0x124 <4>[ 157.153970] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 157.155197] kthread+0x160/0x170 <4>[ 157.156047] ret_from_fork+0x10/0x20 <4>[ 157.156944] <4>[ 157.157401] freed by task 191 on cpu 0 at 157.132322s: <4>[ 157.158734] test_double_free+0x100/0x1b0 <4>[ 157.159642] kunit_try_run_case+0x8c/0x124 <4>[ 157.160630] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 157.161858] kthread+0x160/0x170 <4>[ 157.162718] ret_from_fork+0x10/0x20 <3>[ 157.163618] <3>[ 157.164098] CPU: 0 PID: 191 Comm: kunit_try_catch Tainted: G B 5.19.13-rc1 #1 <3>[ 157.165554] Hardware name: linux,dummy-virt (DT) <3>[ 157.166420] ================================================================== <6>[ 157.184528] ok 7 - test_double_free <6>[ 157.192238] # test_double_free-memcache: setup_test_cache: size=32, ctor=0x0 <6>[ 157.207952] # test_double_free-memcache: test_alloc: size=32, gfp=cc0, policy=any, cache=1 <3>[ 157.247737] ================================================================== <3>[ 157.248996] BUG: KFENCE: invalid free in test_double_free+0x110/0x1b0 <3>[ 157.248996] <3>[ 157.250434] Invalid free of 0x0000000089e10b56 (in kfence-#175): <4>[ 157.251576] test_double_free+0x110/0x1b0 <4>[ 157.252516] kunit_try_run_case+0x8c/0x124 <4>[ 157.253549] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 157.254803] kthread+0x160/0x170 <4>[ 157.255677] ret_from_fork+0x10/0x20 <3>[ 157.256598] <4>[ 157.257056] kfence-#175: 0x0000000089e10b56-0x000000007f292b81, size=32, cache=test <4>[ 157.257056] <4>[ 157.258578] allocated by task 192 on cpu 1 at 157.243891s: <4>[ 157.259806] test_alloc+0x1dc/0x3f4 <4>[ 157.260795] test_double_free+0xdc/0x1b0 <4>[ 157.261710] kunit_try_run_case+0x8c/0x124 <4>[ 157.262716] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 157.263947] kthread+0x160/0x170 <4>[ 157.264806] ret_from_fork+0x10/0x20 <4>[ 157.265726] <4>[ 157.266183] freed by task 192 on cpu 1 at 157.245330s: <4>[ 157.267559] test_double_free+0xf8/0x1b0 <4>[ 157.268546] kunit_try_run_case+0x8c/0x124 <4>[ 157.269559] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 157.270802] kthread+0x160/0x170 <4>[ 157.271662] ret_from_fork+0x10/0x20 <3>[ 157.272570] <3>[ 157.273058] CPU: 1 PID: 192 Comm: kunit_try_catch Tainted: G B 5.19.13-rc1 #1 <3>[ 157.274541] Hardware name: linux,dummy-virt (DT) <3>[ 157.275413] ================================================================== <6>[ 157.328503] ok 8 - test_double_free-memcache <6>[ 157.344877] # test_invalid_addr_free: test_alloc: size=32, gfp=cc0, policy=any, cache=0 <3>[ 157.453043] ================================================================== <3>[ 157.455019] BUG: KFENCE: invalid free in test_invalid_addr_free+0x100/0x1b0 <3>[ 157.455019] <3>[ 157.456502] Invalid free of 0x0000000076a0b334 (in kfence-#192): <4>[ 157.457644] test_invalid_addr_free+0x100/0x1b0 <4>[ 157.458665] kunit_try_run_case+0x8c/0x124 <4>[ 157.459674] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 157.460904] kthread+0x160/0x170 <4>[ 157.461785] ret_from_fork+0x10/0x20 <3>[ 157.462710] <4>[ 157.463165] kfence-#192: 0x0000000043e4eba2-0x00000000f7ba355c, size=32, cache=kmalloc-128 <4>[ 157.463165] <4>[ 157.464725] allocated by task 193 on cpu 1 at 157.451146s: <4>[ 157.465938] test_alloc+0x1ec/0x3f4 <4>[ 157.466932] test_invalid_addr_free+0xdc/0x1b0 <4>[ 157.467908] kunit_try_run_case+0x8c/0x124 <4>[ 157.468895] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 157.470135] kthread+0x160/0x170 <4>[ 157.470990] ret_from_fork+0x10/0x20 <3>[ 157.471891] <3>[ 157.472376] CPU: 1 PID: 193 Comm: kunit_try_catch Tainted: G B 5.19.13-rc1 #1 <3>[ 157.473835] Hardware name: linux,dummy-virt (DT) <3>[ 157.474709] ================================================================== <6>[ 157.493162] ok 9 - test_invalid_addr_free <6>[ 157.503607] # test_invalid_addr_free-memcache: setup_test_cache: size=32, ctor=0x0 <6>[ 157.519752] # test_invalid_addr_free-memcache: test_alloc: size=32, gfp=cc0, policy=any, cache=1 <3>[ 157.561604] ================================================================== <3>[ 157.562850] BUG: KFENCE: invalid free in test_invalid_addr_free+0xf4/0x1b0 <3>[ 157.562850] <3>[ 157.564286] Invalid free of 0x000000007575d443 (in kfence-#196): <4>[ 157.568831] test_invalid_addr_free+0xf4/0x1b0 <4>[ 157.573273] kunit_try_run_case+0x8c/0x124 <4>[ 157.574305] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 157.575538] kthread+0x160/0x170 <4>[ 157.576400] ret_from_fork+0x10/0x20 <3>[ 157.577327] <4>[ 157.577786] kfence-#196: 0x00000000249aef65-0x0000000016504c7f, size=32, cache=test <4>[ 157.577786] <4>[ 157.579271] allocated by task 194 on cpu 0 at 157.559725s: <4>[ 157.580493] test_alloc+0x1dc/0x3f4 <4>[ 157.581490] test_invalid_addr_free+0xdc/0x1b0 <4>[ 157.582477] kunit_try_run_case+0x8c/0x124 <4>[ 157.583468] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 157.585416] kthread+0x160/0x170 <4>[ 157.586294] ret_from_fork+0x10/0x20 <3>[ 157.587200] <3>[ 157.587683] CPU: 0 PID: 194 Comm: kunit_try_catch Tainted: G B 5.19.13-rc1 #1 <3>[ 157.589128] Hardware name: linux,dummy-virt (DT) <3>[ 157.590009] ================================================================== <6>[ 157.650109] ok 10 - test_invalid_addr_free-memcache <6>[ 157.660487] # test_corruption: test_alloc: size=32, gfp=cc0, policy=left, cache=0 <3>[ 157.770968] ================================================================== <3>[ 157.772253] BUG: KFENCE: memory corruption in test_corruption+0x110/0x228 <3>[ 157.772253] <3>[ 157.773875] Corrupted memory at 0x000000004b7c28a2 [ ! . . . . . . . . . . . . . . . ] (in kfence-#214): <4>[ 157.779193] test_corruption+0x110/0x228 <4>[ 157.780272] kunit_try_run_case+0x8c/0x124 <4>[ 157.781276] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 157.782513] kthread+0x160/0x170 <4>[ 157.783376] ret_from_fork+0x10/0x20 <3>[ 157.784277] <4>[ 157.784727] kfence-#214: 0x00000000d6acd214-0x000000006c8b3e7d, size=32, cache=kmalloc-128 <4>[ 157.784727] <4>[ 157.786281] allocated by task 195 on cpu 0 at 157.767848s: <4>[ 157.787467] test_alloc+0x1ec/0x3f4 <4>[ 157.788433] test_corruption+0xdc/0x228 <4>[ 157.789468] kunit_try_run_case+0x8c/0x124 <4>[ 157.790463] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 157.791669] kthread+0x160/0x170 <4>[ 157.792509] ret_from_fork+0x10/0x20 <4>[ 157.793410] <4>[ 157.793853] freed by task 195 on cpu 0 at 157.769287s: <4>[ 157.795175] test_corruption+0x110/0x228 <4>[ 157.796215] kunit_try_run_case+0x8c/0x124 <4>[ 157.797190] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 157.798421] kthread+0x160/0x170 <4>[ 157.799265] ret_from_fork+0x10/0x20 <3>[ 157.800154] <3>[ 157.800633] CPU: 0 PID: 195 Comm: kunit_try_catch Tainted: G B 5.19.13-rc1 #1 <3>[ 157.802070] Hardware name: linux,dummy-virt (DT) <3>[ 157.802920] ================================================================== <6>[ 157.807905] # test_corruption: test_alloc: size=32, gfp=cc0, policy=right, cache=0 <3>[ 157.875686] ================================================================== <3>[ 157.876952] BUG: KFENCE: memory corruption in test_corruption+0x19c/0x228 <3>[ 157.876952] <3>[ 157.878568] Corrupted memory at 0x00000000ef92165d [ ! ] (in kfence-#69): <4>[ 157.880281] test_corruption+0x19c/0x228 <4>[ 157.881357] kunit_try_run_case+0x8c/0x124 <4>[ 157.882367] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 157.883592] kthread+0x160/0x170 <4>[ 157.884446] ret_from_fork+0x10/0x20 <3>[ 157.885356] <4>[ 157.885807] kfence-#69: 0x000000006d1452b9-0x000000007ecd8566, size=32, cache=kmalloc-128 <4>[ 157.885807] <4>[ 157.887331] allocated by task 195 on cpu 0 at 157.871996s: <4>[ 157.888514] test_alloc+0x1ec/0x3f4 <4>[ 157.889491] test_corruption+0x168/0x228 <4>[ 157.890543] kunit_try_run_case+0x8c/0x124 <4>[ 157.891527] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 157.892732] kthread+0x160/0x170 <4>[ 157.893585] ret_from_fork+0x10/0x20 <4>[ 157.894501] <4>[ 157.894944] freed by task 195 on cpu 0 at 157.873844s: <4>[ 157.896253] test_corruption+0x19c/0x228 <4>[ 157.897304] kunit_try_run_case+0x8c/0x124 <4>[ 157.898301] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 157.899508] kthread+0x160/0x170 <4>[ 157.900351] ret_from_fork+0x10/0x20 <3>[ 157.901239] <3>[ 157.901725] CPU: 0 PID: 195 Comm: kunit_try_catch Tainted: G B 5.19.13-rc1 #1 <3>[ 157.903151] Hardware name: linux,dummy-virt (DT) <3>[ 157.903997] ================================================================== <6>[ 157.920805] ok 11 - test_corruption <6>[ 157.935536] # test_corruption-memcache: setup_test_cache: size=32, ctor=0x0 <6>[ 157.955155] # test_corruption-memcache: test_alloc: size=32, gfp=cc0, policy=left, cache=1 <3>[ 158.004366] ================================================================== <3>[ 158.005682] BUG: KFENCE: memory corruption in test_corruption+0x104/0x228 <3>[ 158.005682] <3>[ 158.007295] Corrupted memory at 0x000000001c5968bc [ ! . . . . . . . . . . . . . . . ] (in kfence-#227): <4>[ 158.011480] test_corruption+0x104/0x228 <4>[ 158.012576] kunit_try_run_case+0x8c/0x124 <4>[ 158.013630] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 158.014887] kthread+0x160/0x170 <4>[ 158.015764] ret_from_fork+0x10/0x20 <3>[ 158.016685] <4>[ 158.017144] kfence-#227: 0x000000004fd9acd3-0x00000000933444bb, size=32, cache=test <4>[ 158.017144] <4>[ 158.018677] allocated by task 196 on cpu 1 at 158.002424s: <4>[ 158.019939] test_alloc+0x1dc/0x3f4 <4>[ 158.020936] test_corruption+0xdc/0x228 <4>[ 158.022000] kunit_try_run_case+0x8c/0x124 <4>[ 158.023007] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 158.024242] kthread+0x160/0x170 <4>[ 158.025101] ret_from_fork+0x10/0x20 <4>[ 158.026031] <4>[ 158.026485] freed by task 196 on cpu 1 at 158.003823s: <4>[ 158.027854] test_corruption+0x104/0x228 <4>[ 158.028912] kunit_try_run_case+0x8c/0x124 <4>[ 158.029928] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 158.031170] kthread+0x160/0x170 <4>[ 158.032029] ret_from_fork+0x10/0x20 <3>[ 158.032936] <3>[ 158.033448] CPU: 1 PID: 196 Comm: kunit_try_catch Tainted: G B 5.19.13-rc1 #1 <3>[ 158.034918] Hardware name: linux,dummy-virt (DT) <3>[ 158.035795] ================================================================== <6>[ 158.042188] # test_corruption-memcache: test_alloc: size=32, gfp=cc0, policy=right, cache=1 <3>[ 158.110495] ================================================================== <3>[ 158.111824] BUG: KFENCE: memory corruption in test_corruption+0x190/0x228 <3>[ 158.111824] <3>[ 158.113469] Corrupted memory at 0x0000000033b0c4d1 [ ! ] (in kfence-#228): <4>[ 158.115252] test_corruption+0x190/0x228 <4>[ 159.161394] kunit_try_run_case+0x8c/0x124 <4>[ 159.162566] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 159.163819] kthread+0x160/0x170 <4>[ 159.164690] ret_from_fork+0x10/0x20 <3>[ 159.165639] <4>[ 159.166113] kfence-#228: 0x000000008994cb38-0x00000000c2596400, size=32, cache=test <4>[ 159.166113] <4>[ 159.167623] allocated by task 196 on cpu 1 at 158.106887s: <4>[ 159.168861] test_alloc+0x1dc/0x3f4 <4>[ 159.169870] test_corruption+0x168/0x228 <4>[ 159.170942] kunit_try_run_case+0x8c/0x124 <4>[ 159.171942] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 159.173174] kthread+0x160/0x170 <4>[ 159.174066] ret_from_fork+0x10/0x20 <4>[ 159.174981] <4>[ 159.175432] freed by task 196 on cpu 1 at 158.108234s: <4>[ 159.176809] test_corruption+0x190/0x228 <4>[ 159.177887] kunit_try_run_case+0x8c/0x124 <4>[ 159.178898] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 159.180137] kthread+0x160/0x170 <4>[ 159.181000] ret_from_fork+0x10/0x20 <3>[ 159.181927] <3>[ 159.182425] CPU: 1 PID: 196 Comm: kunit_try_catch Tainted: G B 5.19.13-rc1 #1 <3>[ 159.183897] Hardware name: linux,dummy-virt (DT) <3>[ 159.184770] ================================================================== <6>[ 159.282905] ok 12 - test_corruption-memcache <6>[ 159.295095] # test_free_bulk: test_alloc: size=97, gfp=cc0, policy=right, cache=0 <6>[ 159.303452] # test_free_bulk: test_alloc: size=97, gfp=cc0, policy=none, cache=0 <6>[ 159.305291] # test_free_bulk: test_alloc: size=97, gfp=cc0, policy=left, cache=0 <6>[ 159.512685] # test_free_bulk: test_alloc: size=97, gfp=cc0, policy=none, cache=0 <6>[ 159.515515] # test_free_bulk: test_alloc: size=97, gfp=cc0, policy=none, cache=0 <6>[ 159.521918] # test_free_bulk: test_alloc: size=245, gfp=cc0, policy=right, cache=0 <6>[ 159.628833] # test_free_bulk: test_alloc: size=245, gfp=cc0, policy=none, cache=0 <6>[ 162.531844] # test_free_bulk: test_alloc: size=245, gfp=cc0, policy=left, cache=0 <6>[ 162.829039] # test_free_bulk: test_alloc: size=245, gfp=cc0, policy=none, cache=0 <6>[ 162.831288] # test_free_bulk: test_alloc: size=245, gfp=cc0, policy=none, cache=0 <6>[ 162.836448] # test_free_bulk: test_alloc: size=54, gfp=cc0, policy=right, cache=0 <6>[ 162.933225] # test_free_bulk: test_alloc: size=54, gfp=cc0, policy=none, cache=0 <6>[ 162.935541] # test_free_bulk: test_alloc: size=54, gfp=cc0, policy=left, cache=0 <6>[ 163.037933] # test_free_bulk: test_alloc: size=54, gfp=cc0, policy=none, cache=0 <6>[ 163.039762] # test_free_bulk: test_alloc: size=54, gfp=cc0, policy=none, cache=0 <6>[ 163.047287] # test_free_bulk: test_alloc: size=109, gfp=cc0, policy=right, cache=0 <6>[ 163.349825] # test_free_bulk: test_alloc: size=109, gfp=cc0, policy=none, cache=0 <6>[ 163.351653] # test_free_bulk: test_alloc: size=109, gfp=cc0, policy=left, cache=0 <6>[ 163.453225] # test_free_bulk: test_alloc: size=109, gfp=cc0, policy=none, cache=0 <6>[ 163.455650] # test_free_bulk: test_alloc: size=109, gfp=cc0, policy=none, cache=0 <6>[ 163.460892] # test_free_bulk: test_alloc: size=126, gfp=cc0, policy=right, cache=0 <6>[ 163.765793] # test_free_bulk: test_alloc: size=126, gfp=cc0, policy=none, cache=0 <6>[ 163.767619] # test_free_bulk: test_alloc: size=126, gfp=cc0, policy=left, cache=0 <6>[ 163.869857] # test_free_bulk: test_alloc: size=126, gfp=cc0, policy=none, cache=0 <6>[ 163.871694] # test_free_bulk: test_alloc: size=126, gfp=cc0, policy=none, cache=0 <6>[ 163.892894] ok 13 - test_free_bulk <6>[ 163.904684] # test_free_bulk-memcache: setup_test_cache: size=223, ctor=0x0 <6>[ 163.927257] # test_free_bulk-memcache: test_alloc: size=223, gfp=cc0, policy=right, cache=1 <6>[ 163.992279] # test_free_bulk-memcache: test_alloc: size=223, gfp=cc0, policy=none, cache=1 <6>[ 164.007799] # test_free_bulk-memcache: test_alloc: size=223, gfp=cc0, policy=left, cache=1 <3>[ 176.777879] # test_free_bulk-memcache: ASSERTION FAILED at mm/kfence/kfence_test.c:312 <3>[ 176.777879] Expected false to be true, but is false <3>[ 176.777879] <3>[ 176.777879] failed to allocate from KFENCE <3>[ 177.604811] ============================================================================= <3>[ 177.608387] BUG test (Tainted: G B ): Objects remaining in test on __kmem_cache_shutdown() <3>[ 177.609927] ----------------------------------------------------------------------------- <3>[ 177.609927] <3>[ 177.611424] Slab 0x000000009535baed objects=14 used=1 fp=0x00000000e8649a76 flags=0x3fffc0000000200(slab|node=0|zone=0|lastcpupid=0xffff) <4>[ 177.613882] CPU: 0 PID: 1 Comm: swapper/0 Tainted: G B 5.19.13-rc1 #1 <4>[ 177.615231] Hardware name: linux,dummy-virt (DT) <4>[ 177.616197] Call trace: <4>[ 177.616788] dump_backtrace+0xb8/0x130 <4>[ 177.617792] show_stack+0x20/0x60 <4>[ 177.618630] dump_stack_lvl+0x8c/0xb8 <4>[ 177.619548] dump_stack+0x1c/0x38 <4>[ 177.620396] slab_err+0xa0/0xf0 <4>[ 177.621180] __kmem_cache_shutdown+0x140/0x3c0 <4>[ 177.622230] kmem_cache_destroy+0x9c/0x20c <4>[ 177.623242] test_exit+0x28/0x40 <4>[ 177.624172] kunit_catch_run_case+0x5c/0x120 <4>[ 177.625189] kunit_try_catch_run+0x144/0x26c <4>[ 177.626251] kunit_run_case_catch_errors+0x158/0x1e0 <4>[ 177.627359] kunit_run_tests+0x374/0x750 <4>[ 177.628316] __kunit_test_suites_init+0x74/0xa0 <4>[ 177.629376] kunit_run_all_tests+0x160/0x380 <4>[ 177.630440] kernel_init_freeable+0x32c/0x388 <4>[ 177.631517] kernel_init+0x2c/0x150 <4>[ 177.632351] ret_from_fork+0x10/0x20 <4>[ 177.633506] Disabling lock debugging due to kernel taint <3>[ 177.634724] Object 0x00000000a1747116 @offset=2880 <4>[ 177.651182] ------------[ cut here ]------------ <4>[ 177.652217] kmem_cache_destroy test: Slab cache still has objects when called from test_exit+0x28/0x40 <4>[ 177.654849] WARNING: CPU: 0 PID: 1 at mm/slab_common.c:520 kmem_cache_destroy+0x1e8/0x20c <4>[ 177.666237] Modules linked in: <4>[ 177.667325] CPU: 0 PID: 1 Comm: swapper/0 Tainted: G B 5.19.13-rc1 #1 <4>[ 177.668666] Hardware name: linux,dummy-virt (DT) <4>[ 177.669783] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) <4>[ 177.671120] pc : kmem_cache_destroy+0x1e8/0x20c <4>[ 177.672217] lr : kmem_cache_destroy+0x1e8/0x20c <4>[ 177.673302] sp : ffff8000080876f0 <4>[ 177.674013] x29: ffff8000080876f0 x28: ffffb5ed1da56f38 x27: ffffb5ed1a87b480 <4>[ 177.676478] x26: ffff800008087aa0 x25: ffff800008087ac8 x24: ffff00000c73b480 <4>[ 177.678215] x23: 000000004c800000 x22: ffffb5ed1eca3000 x21: ffffb5ed1da381f0 <4>[ 177.679873] x20: fdecb5ed18ea3a78 x19: ffff00000759be00 x18: 00000000ffffffff <4>[ 177.681540] x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000 <4>[ 177.683139] x14: 0000000000000000 x13: 206d6f7266206465 x12: ffff700001010e63 <4>[ 177.684776] x11: 1ffff00001010e62 x10: ffff700001010e62 x9 : ffffb5ed18b89514 <4>[ 177.686554] x8 : ffff800008087317 x7 : 0000000000000001 x6 : 0000000000000001 <4>[ 177.688238] x5 : ffffb5ed1d893000 x4 : dfff800000000000 x3 : ffffb5ed18b89520 <4>[ 177.689912] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff000007150000 <4>[ 177.691598] Call trace: <4>[ 177.692165] kmem_cache_destroy+0x1e8/0x20c <4>[ 177.693196] test_exit+0x28/0x40 <4>[ 177.694158] kunit_catch_run_case+0x5c/0x120 <4>[ 177.695177] kunit_try_catch_run+0x144/0x26c <4>[ 177.696211] kunit_run_case_catch_errors+0x158/0x1e0 <4>[ 177.697353] kunit_run_tests+0x374/0x750 <4>[ 177.698333] __kunit_test_suites_init+0x74/0xa0 <4>[ 177.699386] kunit_run_all_tests+0x160/0x380 <4>[ 177.700428] kernel_init_freeable+0x32c/0x388 <4>[ 177.701497] kernel_init+0x2c/0x150 <4>[ 177.702347] ret_from_fork+0x10/0x20 <4>[ 177.703308] ---[ end trace 0000000000000000 ]--- <6>[ 180.045230] not ok 14 - test_free_bulk-memcache <6>[ 180.063196] ok 15 - test_init_on_free # SKIP Test requires: IS_ENABLED(CONFIG_INIT_ON_FREE_DEFAULT_ON) <6>[ 180.084390] ok 16 - test_init_on_free-memcache # SKIP Test requires: IS_ENABLED(CONFIG_INIT_ON_FREE_DEFAULT_ON) <6>[ 180.105203] # test_kmalloc_aligned_oob_read: test_alloc: size=73, gfp=cc0, policy=right, cache=0 <3>[ 180.457864] ================================================================== <3>[ 180.459247] BUG: KFENCE: out-of-bounds read in test_kmalloc_aligned_oob_read+0x198/0x24c <3>[ 180.459247] <3>[ 180.460963] Out-of-bounds read at 0x000000002560c7f9 (201B right of kfence-#4): <4>[ 180.462326] test_kmalloc_aligned_oob_read+0x198/0x24c <4>[ 180.463474] kunit_try_run_case+0x8c/0x124 <4>[ 180.464500] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 180.465755] kthread+0x160/0x170 <4>[ 180.466649] ret_from_fork+0x10/0x20 <3>[ 180.467575] <4>[ 180.468039] kfence-#4: 0x0000000015e6d0b8-0x000000008825abb9, size=73, cache=kmalloc-128 <4>[ 180.468039] <4>[ 180.469609] allocated by task 201 on cpu 1 at 180.455855s: <4>[ 180.470849] test_alloc+0x1ec/0x3f4 <4>[ 180.471846] test_kmalloc_aligned_oob_read+0xd8/0x24c <4>[ 180.472942] kunit_try_run_case+0x8c/0x124 <4>[ 180.473955] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 180.475199] kthread+0x160/0x170 <4>[ 180.476058] ret_from_fork+0x10/0x20 <3>[ 180.476967] <3>[ 180.477473] CPU: 1 PID: 201 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1 <3>[ 180.478948] Hardware name: linux,dummy-virt (DT) <3>[ 180.479824] ================================================================== <6>[ 180.491058] ok 17 - test_kmalloc_aligned_oob_read <6>[ 180.503288] # test_kmalloc_aligned_oob_write: test_alloc: size=73, gfp=cc0, policy=right, cache=0 <3>[ 180.585153] ================================================================== <3>[ 185.469598] BUG: KFENCE: memory corruption in test_kmalloc_aligned_oob_write+0x138/0x1c4 <3>[ 185.469598] <3>[ 185.474133] Corrupted memory at 0x00000000a0ce6a66 [ ! . . . . . . . . . . . . . . . ] (in kfence-#27): <4>[ 185.484171] test_kmalloc_aligned_oob_write+0x138/0x1c4 <4>[ 185.485493] kunit_try_run_case+0x8c/0x124 <4>[ 185.486516] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 185.487735] kthread+0x160/0x170 <4>[ 185.488587] ret_from_fork+0x10/0x20 <3>[ 185.489513] <4>[ 185.489972] kfence-#27: 0x00000000e9371982-0x00000000c23ba8ef, size=73, cache=kmalloc-128 <4>[ 185.489972] <4>[ 185.491505] allocated by task 202 on cpu 0 at 180.567889s: <4>[ 185.492692] test_alloc+0x1ec/0x3f4 <4>[ 185.493702] test_kmalloc_aligned_oob_write+0xb0/0x1c4 <4>[ 185.494955] kunit_try_run_case+0x8c/0x124 <4>[ 185.495932] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 185.497137] kthread+0x160/0x170 <4>[ 185.498030] ret_from_fork+0x10/0x20 <4>[ 185.498960] <4>[ 185.499412] freed by task 202 on cpu 0 at 180.569369s: <4>[ 185.500726] test_kmalloc_aligned_oob_write+0x138/0x1c4 <4>[ 185.501997] kunit_try_run_case+0x8c/0x124 <4>[ 185.502985] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 185.504189] kthread+0x160/0x170 <4>[ 185.505030] ret_from_fork+0x10/0x20 <3>[ 185.505934] <3>[ 185.506425] CPU: 1 PID: 202 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1 <3>[ 185.507854] Hardware name: linux,dummy-virt (DT) <3>[ 185.508700] ================================================================== <6>[ 185.530118] ok 18 - test_kmalloc_aligned_oob_write <6>[ 185.553266] # test_shrink_memcache: setup_test_cache: size=32, ctor=0x0 <6>[ 185.564610] # test_shrink_memcache: test_alloc: size=32, gfp=cc0, policy=any, cache=1 <6>[ 185.703533] ok 19 - test_shrink_memcache <6>[ 185.718531] # test_memcache_ctor: setup_test_cache: size=32, ctor=ctor_set_x <6>[ 185.738941] # test_memcache_ctor: test_alloc: size=32, gfp=cc0, policy=any, cache=1 <6>[ 191.431611] ok 20 - test_memcache_ctor <3>[ 191.439679] ================================================================== <3>[ 191.442299] BUG: KFENCE: invalid read in test_invalid_access+0xbc/0x154 <3>[ 191.442299] <3>[ 191.444078] Invalid read at 0x0000000007fd2fca: <4>[ 191.445124] test_invalid_access+0xbc/0x154 <4>[ 191.449335] kunit_try_run_case+0x8c/0x124 <4>[ 191.453014] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 191.455058] kthread+0x160/0x170 <4>[ 191.456088] ret_from_fork+0x10/0x20 <3>[ 191.457131] <3>[ 191.458559] CPU: 1 PID: 205 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1 <3>[ 191.460136] Hardware name: linux,dummy-virt (DT) <3>[ 191.461138] ================================================================== <6>[ 191.464122] ok 21 - test_invalid_access <6>[ 191.483030] # test_gfpzero: test_alloc: size=4096, gfp=cc0, policy=any, cache=0 <6>[ 191.602032] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0 <6>[ 191.628219] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0 <6>[ 191.732270] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0 <6>[ 191.836193] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0 <6>[ 191.941220] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0 <6>[ 192.044521] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0 <6>[ 192.148492] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0 <6>[ 192.252355] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0 <6>[ 192.356490] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0 <6>[ 192.460294] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0 <6>[ 192.564386] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0 <6>[ 192.668504] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0 <6>[ 198.831501] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0 <6>[ 198.935346] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0 <6>[ 199.040858] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0 <6>[ 199.144145] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0 <6>[ 199.249146] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0 <6>[ 199.352064] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0 <6>[ 199.460190] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0 <6>[ 199.571265] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0 <6>[ 199.683792] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0 <6>[ 199.795616] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0 <6>[ 199.905239] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0 <6>[ 200.033009] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0 <6>[ 200.145973] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0 <6>[ 200.262301] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0 <6>[ 200.366223] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0 <6>[ 200.470247] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0 <6>[ 209.719154] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0 <6>[ 209.824896] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0 <6>[ 209.932074] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0 <6>[ 210.032275] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0 <6>[ 210.136401] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0 <6>[ 210.240680] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0 <6>[ 210.344798] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0 <6>[ 210.450255] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0 <6>[ 210.552378] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0 <6>[ 210.670247] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0 <6>[ 210.787878] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0 <6>[ 210.894176] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0 <6>[ 211.011664] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0 <6>[ 211.127937] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0 <6>[ 211.244878] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0 <6>[ 211.363762] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0 <6>[ 211.479959] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0 <6>[ 211.598314] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0 <6>[ 211.696205] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0 <6>[ 211.818181] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0 <6>[ 211.913270] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0 <6>[ 212.019580] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0 <6>[ 212.132069] ok 22 - test_gfpzero <6>[ 212.144813] # test_memcache_typesafe_by_rcu: setup_test_cache: size=32, ctor=0x0 <6>[ 220.318499] # test_memcache_typesafe_by_rcu: test_alloc: size=32, gfp=cc0, policy=any, cache=1 <3>[ 220.412607] ================================================================== <3>[ 220.413991] BUG: KFENCE: use-after-free read in test_memcache_typesafe_by_rcu+0x1ec/0x2f4 <3>[ 220.413991] <3>[ 220.415831] Use-after-free read at 0x00000000cfb2c818 (in kfence-#96): <4>[ 220.417001] test_memcache_typesafe_by_rcu+0x1ec/0x2f4 <4>[ 220.418285] kunit_try_run_case+0x8c/0x124 <4>[ 220.419294] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 220.420523] kthread+0x160/0x170 <4>[ 220.421477] ret_from_fork+0x10/0x20 <3>[ 220.422413] <4>[ 220.422869] kfence-#96: 0x00000000cfb2c818-0x00000000c749c5ae, size=32, cache=test <4>[ 220.422869] <4>[ 220.424335] allocated by task 207 on cpu 0 at 220.379950s: <4>[ 220.425572] test_alloc+0x1dc/0x3f4 <4>[ 220.430322] test_memcache_typesafe_by_rcu+0x110/0x2f4 <4>[ 220.431607] kunit_try_run_case+0x8c/0x124 <4>[ 220.432599] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 220.433834] kthread+0x160/0x170 <4>[ 220.434699] ret_from_fork+0x10/0x20 <4>[ 220.435600] <4>[ 220.436047] freed by task 0 on cpu 0 at 220.410124s: <4>[ 220.438720] rcu_guarded_free+0x34/0x44 <4>[ 220.439757] rcu_core+0x3ec/0xea0 <4>[ 220.440593] rcu_core_si+0x18/0x24 <4>[ 220.441454] __do_softirq+0x210/0x6d8 <4>[ 220.442330] __irq_exit_rcu+0x150/0x170 <4>[ 220.443219] irq_exit_rcu+0x1c/0x50 <4>[ 220.444047] el1_interrupt+0x38/0x60 <4>[ 220.445021] el1h_64_irq_handler+0x18/0x2c <4>[ 220.446113] el1h_64_irq+0x64/0x68 <4>[ 220.446942] arch_local_irq_enable+0xc/0x20 <4>[ 220.447884] default_idle_call+0x5c/0x248 <4>[ 220.448888] do_idle+0x318/0x3a0 <4>[ 220.449743] cpu_startup_entry+0x30/0x3c <4>[ 220.450706] kernel_init+0x0/0x150 <4>[ 220.451521] arch_post_acpi_subsys_init+0x0/0x28 <4>[ 229.261490] start_kernel+0x3b0/0x3e4 <4>[ 229.262580] __primary_switched+0xc4/0xcc <3>[ 229.263584] <3>[ 229.264068] CPU: 0 PID: 207 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1 <3>[ 229.265537] Hardware name: linux,dummy-virt (DT) <3>[ 229.266410] ================================================================== <6>[ 229.335366] ok 23 - test_memcache_typesafe_by_rcu <6>[ 229.363691] # test_krealloc: test_alloc: size=32, gfp=cc0, policy=any, cache=0 <3>[ 229.375301] ================================================================== <3>[ 229.376537] BUG: KFENCE: use-after-free read in test_krealloc+0x3d0/0x470 <3>[ 229.376537] <3>[ 229.378277] Use-after-free read at 0x00000000e5ba154b (in kfence-#127): <4>[ 229.379454] test_krealloc+0x3d0/0x470 <4>[ 229.380495] kunit_try_run_case+0x8c/0x124 <4>[ 229.381563] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 229.382823] kthread+0x160/0x170 <4>[ 229.383696] ret_from_fork+0x10/0x20 <3>[ 229.384610] <4>[ 229.385065] kfence-#127: 0x00000000e5ba154b-0x0000000058576b5d, size=32, cache=kmalloc-128 <4>[ 229.385065] <4>[ 229.386658] allocated by task 208 on cpu 1 at 229.371092s: <4>[ 229.387877] test_alloc+0x1ec/0x3f4 <4>[ 229.388859] test_krealloc+0xbc/0x470 <4>[ 229.389913] kunit_try_run_case+0x8c/0x124 <4>[ 229.390909] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 229.392140] kthread+0x160/0x170 <4>[ 229.393018] ret_from_fork+0x10/0x20 <4>[ 229.393987] <4>[ 229.394456] freed by task 208 on cpu 1 at 229.372734s: <4>[ 229.395799] krealloc+0xe0/0x1d0 <4>[ 229.396666] test_krealloc+0x184/0x470 <4>[ 229.397779] kunit_try_run_case+0x8c/0x124 <4>[ 229.398798] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 229.400032] kthread+0x160/0x170 <4>[ 229.400892] ret_from_fork+0x10/0x20 <3>[ 229.401883] <3>[ 229.402404] CPU: 1 PID: 208 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1 <3>[ 238.611514] Hardware name: linux,dummy-virt (DT) <3>[ 238.612482] ================================================================== <6>[ 238.632920] ok 24 - test_krealloc <6>[ 238.696085] # test_memcache_alloc_bulk: setup_test_cache: size=32, ctor=0x0 <6>[ 238.850258] ok 25 - test_memcache_alloc_bulk <6>[ 238.871395] # kfence: pass:21 fail:2 skip:2 total:25 <6>[ 238.872700] # Totals: pass:21 fail:2 skip:2 total:25 <6>[ 238.876941] not ok 4 - kfence <6>[ 238.927664] # Subtest: binfmt_elf <6>[ 238.928064] 1..1 <6>[ 238.943081] ok 1 - total_mapping_size_test <6>[ 238.943988] ok 5 - binfmt_elf <6>[ 238.953276] # Subtest: compat_binfmt_elf <6>[ 238.957293] 1..1 <6>[ 238.978832] ok 1 - total_mapping_size_test <6>[ 238.979699] ok 6 - compat_binfmt_elf <6>[ 238.985066] # Subtest: ext4_inode_test <6>[ 238.986791] 1..1 <6>[ 238.987905] # Subtest: inode_test_xtimestamp_decoding <6>[ 239.002100] ok 1 - 1901-12-13 Lower bound of 32bit < 0 timestamp, no extra bits <6>[ 239.018377] ok 2 - 1969-12-31 Upper bound of 32bit < 0 timestamp, no extra bits <6>[ 239.034785] ok 3 - 1970-01-01 Lower bound of 32bit >=0 timestamp, no extra bits <6>[ 239.059131] ok 4 - 2038-01-19 Upper bound of 32bit >=0 timestamp, no extra bits <6>[ 239.105052] ok 5 - 2038-01-19 Lower bound of 32bit <0 timestamp, lo extra sec bit on <6>[ 239.122388] ok 6 - 2106-02-07 Upper bound of 32bit <0 timestamp, lo extra sec bit on <6>[ 239.142064] ok 7 - 2106-02-07 Lower bound of 32bit >=0 timestamp, lo extra sec bit on <6>[ 239.178517] ok 8 - 2174-02-25 Upper bound of 32bit >=0 timestamp, lo extra sec bit on <6>[ 239.211987] ok 9 - 2174-02-25 Lower bound of 32bit <0 timestamp, hi extra sec bit on <6>[ 239.266123] ok 10 - 2242-03-16 Upper bound of 32bit <0 timestamp, hi extra sec bit on <6>[ 239.287280] ok 11 - 2242-03-16 Lower bound of 32bit >=0 timestamp, hi extra sec bit on <6>[ 239.304762] ok 12 - 2310-04-04 Upper bound of 32bit >=0 timestamp, hi extra sec bit on <6>[ 249.048636] ok 13 - 2310-04-04 Upper bound of 32bit>=0 timestamp, hi extra sec bit 1. 1 ns <6>[ 249.063451] ok 14 - 2378-04-22 Lower bound of 32bit>= timestamp. Extra sec bits 1. Max ns <6>[ 249.087134] ok 15 - 2378-04-22 Lower bound of 32bit >=0 timestamp. All extra sec bits on <6>[ 249.113343] ok 16 - 2446-05-10 Upper bound of 32bit >=0 timestamp. All extra sec bits on <6>[ 249.115438] # inode_test_xtimestamp_decoding: pass:16 fail:0 skip:0 total:16 <6>[ 249.119662] ok 1 - inode_test_xtimestamp_decoding <6>[ 249.121129] # Totals: pass:16 fail:0 skip:0 total:16 <6>[ 249.123413] ok 7 - ext4_inode_test <6>[ 249.134466] # Subtest: fat_test <6>[ 249.134779] 1..3 <6>[ 249.151000] ok 1 - fat_checksum_test <6>[ 249.152059] # Subtest: fat_time_fat2unix_test <6>[ 249.169989] ok 1 - Earliest possible UTC (1980-01-01 00:00:00) <6>[ 249.199892] ok 2 - Latest possible UTC (2107-12-31 23:59:58) <6>[ 249.220640] ok 3 - Earliest possible (UTC-11) (== 1979-12-31 13:00:00 UTC) <6>[ 249.245345] ok 4 - Latest possible (UTC+11) (== 2108-01-01 10:59:58 UTC) <6>[ 249.264436] ok 5 - Leap Day / Year (1996-02-29 00:00:00) <6>[ 249.279514] ok 6 - Year 2000 is leap year (2000-02-29 00:00:00) <6>[ 249.293978] ok 7 - Year 2100 not leap year (2100-03-01 00:00:00) <6>[ 249.320622] ok 8 - Leap year + timezone UTC+1 (== 2004-02-29 00:30:00 UTC) <6>[ 249.344042] ok 9 - Leap year + timezone UTC-1 (== 2004-02-29 23:30:00 UTC) <6>[ 249.366050] ok 10 - VFAT odd-second resolution (1999-12-31 23:59:59) <6>[ 249.392257] ok 11 - VFAT 10ms resolution (1980-01-01 00:00:00:0010) <6>[ 249.398427] # fat_time_fat2unix_test: pass:11 fail:0 skip:0 total:11 <6>[ 249.399820] ok 2 - fat_time_fat2unix_test <6>[ 249.406588] # Subtest: fat_time_unix2fat_test <6>[ 260.162056] ok 1 - Earliest possible UTC (1980-01-01 00:00:00) <6>[ 260.179365] ok 2 - Latest possible UTC (2107-12-31 23:59:58) <6>[ 260.203824] ok 3 - Earliest possible (UTC-11) (== 1979-12-31 13:00:00 UTC) <6>[ 260.226883] ok 4 - Latest possible (UTC+11) (== 2108-01-01 10:59:58 UTC) <6>[ 260.280136] ok 5 - Leap Day / Year (1996-02-29 00:00:00) <6>[ 260.305716] ok 6 - Year 2000 is leap year (2000-02-29 00:00:00) <6>[ 260.323754] ok 7 - Year 2100 not leap year (2100-03-01 00:00:00) <6>[ 260.378261] ok 8 - Leap year + timezone UTC+1 (== 2004-02-29 00:30:00 UTC) <6>[ 260.393144] ok 9 - Leap year + timezone UTC-1 (== 2004-02-29 23:30:00 UTC) <6>[ 260.415286] ok 10 - VFAT odd-second resolution (1999-12-31 23:59:59) <6>[ 260.434761] ok 11 - VFAT 10ms resolution (1980-01-01 00:00:00:0010) <6>[ 260.436185] # fat_time_unix2fat_test: pass:11 fail:0 skip:0 total:11 <6>[ 260.441012] ok 3 - fat_time_unix2fat_test <6>[ 260.443215] # fat_test: pass:3 fail:0 skip:0 total:3 <6>[ 260.444258] # Totals: pass:23 fail:0 skip:0 total:23 <6>[ 260.447811] ok 8 - fat_test <6>[ 260.462831] # Subtest: hash <6>[ 260.463141] 1..2 <6>[ 260.505022] ok 1 - test_string_or <6>[ 262.084868] ok 2 - test_hash_or <6>[ 262.088325] # hash: pass:2 fail:0 skip:0 total:2 <6>[ 262.090146] # Totals: pass:2 fail:0 skip:0 total:2 <6>[ 262.102608] ok 9 - hash <6>[ 262.108069] # Subtest: kasan <6>[ 262.108392] 1..55 <3>[ 262.136709] ================================================================== <3>[ 262.140323] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0xcc/0x33c <3>[ 262.143929] Write of size 1 at addr ffff00000768b673 by task kunit_try_catch/253 <3>[ 262.145162] <3>[ 262.145723] CPU: 0 PID: 253 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1 <3>[ 272.745558] Hardware name: linux,dummy-virt (DT) <3>[ 272.746457] Call trace: <3>[ 272.747004] dump_backtrace+0xb8/0x130 <3>[ 272.748068] show_stack+0x20/0x60 <3>[ 272.749012] dump_stack_lvl+0x8c/0xb8 <3>[ 272.752279] print_report+0x2e4/0x620 <3>[ 272.753374] kasan_report+0xa8/0x1dc <3>[ 272.754426] __asan_store1+0x88/0xb0 <3>[ 272.755412] kmalloc_oob_right+0xcc/0x33c <3>[ 272.756317] kunit_try_run_case+0x8c/0x124 <3>[ 272.757280] kunit_generic_run_threadfn_adapter+0x38/0x54 <3>[ 272.760652] kthread+0x160/0x170 <3>[ 272.761715] ret_from_fork+0x10/0x20 <3>[ 272.762634] <3>[ 272.763189] Allocated by task 253: <4>[ 272.763960] kasan_save_stack+0x2c/0x5c <4>[ 272.764895] __kasan_kmalloc+0xac/0x104 <4>[ 272.767970] kmem_cache_alloc_trace+0x1f8/0x3b0 <4>[ 272.768965] kmalloc_oob_right+0xa0/0x33c <4>[ 272.772937] kunit_try_run_case+0x8c/0x124 <4>[ 272.779033] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 272.780190] kthread+0x160/0x170 <4>[ 272.781012] ret_from_fork+0x10/0x20 <3>[ 272.784097] <3>[ 272.784607] The buggy address belongs to the object at ffff00000768b600 <3>[ 272.784607] which belongs to the cache kmalloc-128 of size 128 <3>[ 272.786388] The buggy address is located 115 bytes inside of <3>[ 272.786388] 128-byte region [ffff00000768b600, ffff00000768b680) <3>[ 272.788054] <3>[ 272.788658] The buggy address belongs to the physical page: <4>[ 272.792008] page:000000002b6fea86 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4768b <4>[ 272.793586] flags: 0x3fffc0000000200(slab|node=0|zone=0|lastcpupid=0xffff) <4>[ 272.795328] raw: 03fffc0000000200 fffffc00001da380 dead000000000002 ffff000006802300 <4>[ 272.796640] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 <4>[ 272.800031] page dumped because: kasan: bad access detected <3>[ 272.800948] <3>[ 272.801408] Memory state around the buggy address: <3>[ 272.802568] ffff00000768b500: 00 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc <3>[ 272.803760] ffff00000768b580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc <3>[ 272.804920] >ffff00000768b600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc <3>[ 272.808172] ^ <3>[ 272.809340] ffff00000768b680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc <3>[ 272.810499] ffff00000768b700: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc <3>[ 272.811632] ================================================================== <3>[ 272.887306] ================================================================== <3>[ 272.889786] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0xf8/0x33c <3>[ 272.891094] Write of size 1 at addr ffff00000768b678 by task kunit_try_catch/253 <3>[ 272.892255] <3>[ 272.892719] CPU: 1 PID: 253 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1 <3>[ 272.894046] Hardware name: linux,dummy-virt (DT) <3>[ 272.894849] Call trace: <3>[ 272.895390] dump_backtrace+0xb8/0x130 <3>[ 272.896262] show_stack+0x20/0x60 <3>[ 272.897055] dump_stack_lvl+0x8c/0xb8 <3>[ 272.897955] print_report+0x2e4/0x620 <3>[ 272.898855] kasan_report+0xa8/0x1dc <3>[ 272.899731] __asan_store1+0x88/0xb0 <3>[ 272.908131] kmalloc_oob_right+0xf8/0x33c <3>[ 272.909074] kunit_try_run_case+0x8c/0x124 <3>[ 272.910058] kunit_generic_run_threadfn_adapter+0x38/0x54 <3>[ 272.911222] kthread+0x160/0x170 <3>[ 272.912060] ret_from_fork+0x10/0x20 <3>[ 272.912945] <3>[ 272.913388] Allocated by task 253: <4>[ 272.914064] kasan_save_stack+0x2c/0x5c <4>[ 272.914965] __kasan_kmalloc+0xac/0x104 <4>[ 272.915848] kmem_cache_alloc_trace+0x1f8/0x3b0 <4>[ 272.916810] kmalloc_oob_right+0xa0/0x33c <4>[ 272.917717] kunit_try_run_case+0x8c/0x124 <4>[ 272.918668] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 272.919816] kthread+0x160/0x170 <4>[ 272.920635] ret_from_fork+0x10/0x20 <3>[ 272.921511] <3>[ 272.921938] The buggy address belongs to the object at ffff00000768b600 <3>[ 272.921938] which belongs to the cache kmalloc-128 of size 128 <3>[ 272.923632] The buggy address is located 120 bytes inside of <3>[ 272.923632] 128-byte region [ffff00000768b600, ffff00000768b680) <3>[ 272.925289] <3>[ 272.925722] The buggy address belongs to the physical page: <4>[ 272.926609] page:000000002b6fea86 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4768b <4>[ 272.927982] flags: 0x3fffc0000000200(slab|node=0|zone=0|lastcpupid=0xffff) <4>[ 272.929294] raw: 03fffc0000000200 fffffc00001da380 dead000000000002 ffff000006802300 <4>[ 272.930555] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 <4>[ 272.931697] page dumped because: kasan: bad access detected <3>[ 272.932576] <3>[ 272.932997] Memory state around the buggy address: <3>[ 272.933855] ffff00000768b500: 00 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc <3>[ 272.935016] ffff00000768b580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc <3>[ 272.936168] >ffff00000768b600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc <3>[ 272.937261] ^ <3>[ 272.938360] ffff00000768b680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc <3>[ 272.939514] ffff00000768b700: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc <3>[ 272.940598] ================================================================== <3>[ 272.943491] ================================================================== <3>[ 272.944574] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x124/0x33c <3>[ 272.945854] Read of size 1 at addr ffff00000768b680 by task kunit_try_catch/253 <3>[ 272.947010] <3>[ 272.947469] CPU: 1 PID: 253 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1 <3>[ 272.948775] Hardware name: linux,dummy-virt (DT) <3>[ 272.949580] Call trace: <3>[ 272.950125] dump_backtrace+0xb8/0x130 <3>[ 273.084775] show_stack+0x20/0x60 <3>[ 273.085687] dump_stack_lvl+0x8c/0xb8 <3>[ 273.086588] print_report+0x2e4/0x620 <3>[ 273.087482] kasan_report+0xa8/0x1dc <3>[ 273.088359] __asan_load1+0x88/0xb0 <3>[ 273.089229] kmalloc_oob_right+0x124/0x33c <3>[ 273.090172] kunit_try_run_case+0x8c/0x124 <3>[ 273.091126] kunit_generic_run_threadfn_adapter+0x38/0x54 <3>[ 273.092284] kthread+0x160/0x170 <3>[ 273.093113] ret_from_fork+0x10/0x20 <3>[ 273.094022] <3>[ 273.094451] Allocated by task 253: <4>[ 273.095116] kasan_save_stack+0x2c/0x5c <4>[ 273.096009] __kasan_kmalloc+0xac/0x104 <4>[ 273.096892] kmem_cache_alloc_trace+0x1f8/0x3b0 <4>[ 273.097872] kmalloc_oob_right+0xa0/0x33c <4>[ 273.098770] kunit_try_run_case+0x8c/0x124 <4>[ 273.099711] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 273.100860] kthread+0x160/0x170 <4>[ 273.101698] ret_from_fork+0x10/0x20 <3>[ 273.102572] <3>[ 273.102996] The buggy address belongs to the object at ffff00000768b600 <3>[ 273.102996] which belongs to the cache kmalloc-128 of size 128 <3>[ 273.104717] The buggy address is located 0 bytes to the right of <3>[ 273.104717] 128-byte region [ffff00000768b600, ffff00000768b680) <3>[ 273.106421] <3>[ 273.106853] The buggy address belongs to the physical page: <4>[ 273.107732] page:000000002b6fea86 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4768b <4>[ 273.109100] flags: 0x3fffc0000000200(slab|node=0|zone=0|lastcpupid=0xffff) <4>[ 273.374827] raw: 03fffc0000000200 fffffc00001da380 dead000000000002 ffff000006802300 <4>[ 273.380394] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 <4>[ 273.381594] page dumped because: kasan: bad access detected <3>[ 273.382487] <3>[ 273.382910] Memory state around the buggy address: <3>[ 273.383760] ffff00000768b580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc <3>[ 273.384913] ffff00000768b600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc <3>[ 273.386086] >ffff00000768b680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc <3>[ 273.387175] ^ <3>[ 273.387868] ffff00000768b700: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc <3>[ 273.389020] ffff00000768b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc <3>[ 273.390128] ================================================================== <6>[ 273.412868] ok 1 - kmalloc_oob_right <3>[ 273.431711] ================================================================== <3>[ 273.435034] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0xcc/0x1e0 <3>[ 273.436285] Read of size 1 at addr ffff00000768dfff by task kunit_try_catch/254 <3>[ 273.439305] <3>[ 273.439788] CPU: 0 PID: 254 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1 <3>[ 273.441098] Hardware name: linux,dummy-virt (DT) <3>[ 273.442769] Call trace: <3>[ 273.443324] dump_backtrace+0xb8/0x130 <3>[ 273.444193] show_stack+0x20/0x60 <3>[ 273.444986] dump_stack_lvl+0x8c/0xb8 <3>[ 273.447681] print_report+0x2e4/0x620 <3>[ 273.448589] kasan_report+0xa8/0x1dc <3>[ 273.450237] __asan_load1+0x88/0xb0 <3>[ 273.451139] kmalloc_oob_left+0xcc/0x1e0 <3>[ 273.452024] kunit_try_run_case+0x8c/0x124 <3>[ 273.452973] kunit_generic_run_threadfn_adapter+0x38/0x54 <3>[ 273.455913] kthread+0x160/0x170 <3>[ 273.456757] ret_from_fork+0x10/0x20 <3>[ 273.458410] <3>[ 273.458861] Allocated by task 1: <4>[ 273.459509] kasan_save_stack+0x2c/0x5c <4>[ 273.850477] __kasan_slab_alloc+0xc0/0xd0 <4>[ 273.851506] kmem_cache_alloc+0x180/0x3a0 <4>[ 273.852402] __kernfs_new_node+0xd8/0x360 <4>[ 273.855133] kernfs_new_node+0x78/0xc0 <4>[ 273.856113] __kernfs_create_file+0x38/0x16c <4>[ 273.857121] sysfs_add_file_mode_ns+0xd0/0x1b0 <4>[ 273.858984] internal_create_group+0x1c4/0x560 <4>[ 273.860051] internal_create_groups.part.0+0x68/0xf0 <4>[ 273.861197] sysfs_create_groups+0x24/0x40 <4>[ 273.864005] device_add_groups+0x18/0x24 <4>[ 273.865019] bus_add_device+0x74/0x244 <4>[ 273.866790] device_add+0x5a0/0xd14 <4>[ 273.867610] of_device_add+0x80/0xb0 <4>[ 273.868528] of_platform_device_create_pdata+0xd4/0x150 <4>[ 273.871468] of_platform_bus_create+0x264/0x5e4 <4>[ 273.872550] of_platform_populate+0x68/0x150 <4>[ 273.874338] of_platform_default_populate_init+0xfc/0x11c <4>[ 273.875566] do_one_initcall+0xa4/0x3ec <4>[ 273.876440] kernel_init_freeable+0x2fc/0x388 <4>[ 273.879219] kernel_init+0x2c/0x150 <4>[ 273.880049] ret_from_fork+0x10/0x20 <3>[ 273.880913] <3>[ 273.882096] The buggy address belongs to the object at ffff00000768df00 <3>[ 273.882096] which belongs to the cache kernfs_node_cache of size 128 <3>[ 273.883871] The buggy address is located 127 bytes to the right of <3>[ 273.883871] 128-byte region [ffff00000768df00, ffff00000768df80) <3>[ 273.887340] <3>[ 273.887792] The buggy address belongs to the physical page: <4>[ 273.888669] page:000000000f4785f9 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4768d <4>[ 273.890801] flags: 0x3fffc0000000200(slab|node=0|zone=0|lastcpupid=0xffff) <4>[ 273.892105] raw: 03fffc0000000200 0000000000000000 dead000000000122 ffff0000070bfb00 <4>[ 273.895105] raw: 0000000000000000 0000000000150015 00000001ffffffff 0000000000000000 <4>[ 273.896281] page dumped because: kasan: bad access detected <3>[ 273.897162] <3>[ 273.898342] Memory state around the buggy address: <3>[ 274.487989] ffff00000768de80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc <3>[ 274.489224] ffff00000768df00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 <3>[ 274.491205] >ffff00000768df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc <3>[ 274.492296] ^ <3>[ 274.495199] ffff00000768e000: 00 07 fc fc fc fc fc fc fc fc fc fc fc fc fc fc <3>[ 274.496392] ffff00000768e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc <3>[ 274.498249] ================================================================== <6>[ 274.514571] ok 2 - kmalloc_oob_left <3>[ 274.539686] ================================================================== <3>[ 274.541909] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0xd4/0x1f0 <3>[ 274.543592] Read of size 1 at addr ffff00000ac9d000 by task kunit_try_catch/255 <3>[ 274.548170] <3>[ 274.548679] CPU: 0 PID: 255 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1 <3>[ 274.550379] Hardware name: linux,dummy-virt (DT) <3>[ 274.551384] Call trace: <3>[ 274.552036] dump_backtrace+0xb8/0x130 <3>[ 274.552973] show_stack+0x20/0x60 <3>[ 274.555879] dump_stack_lvl+0x8c/0xb8 <3>[ 274.556782] print_report+0x2e4/0x620 <3>[ 274.557685] kasan_report+0xa8/0x1dc <3>[ 274.558571] __asan_load1+0x88/0xb0 <3>[ 274.559442] kmalloc_node_oob_right+0xd4/0x1f0 <3>[ 274.560422] kunit_try_run_case+0x8c/0x124 <3>[ 274.563328] kunit_generic_run_threadfn_adapter+0x38/0x54 <3>[ 274.564522] kthread+0x160/0x170 <3>[ 274.565369] ret_from_fork+0x10/0x20 <3>[ 274.566260] <3>[ 274.566721] Allocated by task 255: <4>[ 274.567444] kasan_save_stack+0x2c/0x5c <4>[ 274.568403] __kasan_kmalloc+0xac/0x104 <4>[ 274.569299] kmem_cache_alloc_node_trace+0x1cc/0x3f0 <4>[ 274.572244] kmalloc_node_oob_right+0xa4/0x1f0 <4>[ 274.573217] kunit_try_run_case+0x8c/0x124 <4>[ 274.574179] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 275.352410] kthread+0x160/0x170 <4>[ 275.353517] ret_from_fork+0x10/0x20 <3>[ 275.354559] <3>[ 275.355058] The buggy address belongs to the object at ffff00000ac9c000 <3>[ 275.355058] which belongs to the cache kmalloc-4k of size 4096 <3>[ 275.356749] The buggy address is located 0 bytes to the right of <3>[ 275.356749] 4096-byte region [ffff00000ac9c000, ffff00000ac9d000) <3>[ 275.360772] <3>[ 275.361231] The buggy address belongs to the physical page: <4>[ 275.362233] page:0000000025e44160 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4ac98 <4>[ 275.363680] head:0000000025e44160 order:3 compound_mapcount:0 compound_pincount:0 <4>[ 275.364816] flags: 0x3fffc0000010200(slab|head|node=0|zone=0|lastcpupid=0xffff) <4>[ 275.368511] raw: 03fffc0000010200 0000000000000000 dead000000000001 ffff000006802a80 <4>[ 275.369962] raw: 0000000000000000 0000000080040004 00000001ffffffff 0000000000000000 <4>[ 275.371120] page dumped because: kasan: bad access detected <3>[ 275.372002] <3>[ 275.372424] Memory state around the buggy address: <3>[ 275.373285] ffff00000ac9cf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 <3>[ 275.376653] ffff00000ac9cf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 <3>[ 275.377825] >ffff00000ac9d000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc <3>[ 275.378918] ^ <3>[ 275.379609] ffff00000ac9d080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc <3>[ 275.380761] ffff00000ac9d100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc <3>[ 275.384020] ================================================================== <6>[ 275.424507] ok 3 - kmalloc_node_oob_right <3>[ 275.450873] ================================================================== <3>[ 275.455754] BUG: KASAN: slab-out-of-bounds in kmalloc_pagealloc_oob_right+0xbc/0x1c4 <3>[ 275.457144] Write of size 1 at addr ffff00000cba600a by task kunit_try_catch/256 <3>[ 275.459488] <3>[ 276.465186] CPU: 1 PID: 256 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1 <3>[ 276.466662] Hardware name: linux,dummy-virt (DT) <3>[ 276.467467] Call trace: <3>[ 276.468011] dump_backtrace+0xb8/0x130 <3>[ 276.468898] show_stack+0x20/0x60 <3>[ 276.469711] dump_stack_lvl+0x8c/0xb8 <3>[ 276.470698] print_report+0x2e4/0x620 <3>[ 276.471727] kasan_report+0xa8/0x1dc <3>[ 276.472608] __asan_store1+0x88/0xb0 <3>[ 276.473515] kmalloc_pagealloc_oob_right+0xbc/0x1c4 <3>[ 276.474548] kunit_try_run_case+0x8c/0x124 <3>[ 276.475499] kunit_generic_run_threadfn_adapter+0x38/0x54 <3>[ 276.476660] kthread+0x160/0x170 <3>[ 276.477504] ret_from_fork+0x10/0x20 <3>[ 276.478394] <3>[ 276.478826] The buggy address belongs to the physical page: <4>[ 276.479886] page:000000002a0a991a refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4cba4 <4>[ 276.481289] head:000000002a0a991a order:2 compound_mapcount:0 compound_pincount:0 <4>[ 276.482433] flags: 0x3fffc0000010000(head|node=0|zone=0|lastcpupid=0xffff) <4>[ 276.483713] raw: 03fffc0000010000 0000000000000000 dead000000000122 0000000000000000 <4>[ 276.484959] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 <4>[ 276.486189] page dumped because: kasan: bad access detected <3>[ 276.487080] <3>[ 276.487502] Memory state around the buggy address: <3>[ 276.488348] ffff00000cba5f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 <3>[ 276.489515] ffff00000cba5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 <3>[ 276.490675] >ffff00000cba6000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe <3>[ 276.491759] ^ <3>[ 276.492481] ffff00000cba6080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe <3>[ 276.493650] ffff00000cba6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe <3>[ 276.494742] ================================================================== <6>[ 276.511929] ok 4 - kmalloc_pagealloc_oob_right <3>[ 276.534942] ================================================================== <3>[ 277.850597] BUG: KASAN: use-after-free in kmalloc_pagealloc_uaf+0xc0/0x1c0 <3>[ 277.851905] Read of size 1 at addr ffff00000cba4000 by task kunit_try_catch/257 <3>[ 277.853052] <3>[ 277.853542] CPU: 1 PID: 257 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1 <3>[ 277.854860] Hardware name: linux,dummy-virt (DT) <3>[ 277.855658] Call trace: <3>[ 277.856196] dump_backtrace+0xb8/0x130 <3>[ 277.857061] show_stack+0x20/0x60 <3>[ 277.857878] dump_stack_lvl+0x8c/0xb8 <3>[ 277.858763] print_report+0x2e4/0x620 <3>[ 277.859651] kasan_report+0xa8/0x1dc <3>[ 277.860525] __asan_load1+0x88/0xb0 <3>[ 277.861410] kmalloc_pagealloc_uaf+0xc0/0x1c0 <3>[ 277.862362] kunit_try_run_case+0x8c/0x124 <3>[ 277.863313] kunit_generic_run_threadfn_adapter+0x38/0x54 <3>[ 277.864471] kthread+0x160/0x170 <3>[ 277.865312] ret_from_fork+0x10/0x20 <3>[ 277.866203] <3>[ 277.866635] The buggy address belongs to the physical page: <4>[ 277.867570] page:000000002a0a991a refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4cba4 <4>[ 277.868943] flags: 0x3fffc0000000000(node=0|zone=0|lastcpupid=0xffff) <4>[ 277.870198] raw: 03fffc0000000000 fffffc0000323108 ffff00003411a7b0 0000000000000000 <4>[ 277.871446] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 <4>[ 277.872613] page dumped because: kasan: bad access detected <3>[ 277.873627] <3>[ 277.874062] Memory state around the buggy address: <3>[ 277.874910] ffff00000cba3f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff <3>[ 277.876063] ffff00000cba3f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff <3>[ 277.877214] >ffff00000cba4000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff <3>[ 277.878319] ^ <3>[ 277.879015] ffff00000cba4080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff <3>[ 277.880166] ffff00000cba4100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff <3>[ 279.531087] ================================================================== <6>[ 279.595005] ok 5 - kmalloc_pagealloc_uaf <3>[ 279.631090] ================================================================== <3>[ 279.632896] BUG: KASAN: double-free or invalid-free in kfree+0x374/0x3f0 <3>[ 279.634105] <3>[ 279.634572] CPU: 0 PID: 258 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1 <3>[ 279.636253] Hardware name: linux,dummy-virt (DT) <3>[ 279.637265] Call trace: <3>[ 279.640397] dump_backtrace+0xb8/0x130 <3>[ 279.642141] show_stack+0x20/0x60 <3>[ 279.642983] dump_stack_lvl+0x8c/0xb8 <3>[ 279.643868] print_report+0x2e4/0x620 <3>[ 279.644754] kasan_report_invalid_free+0x84/0x110 <3>[ 279.647562] __kasan_kfree_large+0x5c/0xc4 <3>[ 279.648535] free_large_kmalloc+0x78/0x16c <3>[ 279.650200] kfree+0x374/0x3f0 <3>[ 279.650974] kmalloc_pagealloc_invalid_free+0xb8/0x1b0 <3>[ 279.652033] kunit_try_run_case+0x8c/0x124 <3>[ 279.652984] kunit_generic_run_threadfn_adapter+0x38/0x54 <3>[ 279.655934] kthread+0x160/0x170 <3>[ 279.656776] ret_from_fork+0x10/0x20 <3>[ 279.658426] <3>[ 279.658878] The buggy address belongs to the physical page: <4>[ 279.659763] page:000000009c787604 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4ca60 <4>[ 279.661132] head:000000009c787604 order:2 compound_mapcount:0 compound_pincount:0 <4>[ 279.664028] flags: 0x3fffc0000010000(head|node=0|zone=0|lastcpupid=0xffff) <4>[ 279.666072] raw: 03fffc0000010000 0000000000000000 dead000000000122 0000000000000000 <4>[ 279.667351] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 <4>[ 279.668494] page dumped because: kasan: bad access detected <3>[ 279.671120] <3>[ 279.671570] Memory state around the buggy address: <3>[ 279.672422] ffff00000ca5ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff <3>[ 279.674347] ffff00000ca5ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff <3>[ 281.596106] >ffff00000ca60000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 <3>[ 281.597284] ^ <3>[ 281.598902] ffff00000ca60080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 <3>[ 281.600060] ffff00000ca60100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 <3>[ 281.601182] ================================================================== <6>[ 281.618091] ok 6 - kmalloc_pagealloc_invalid_free <6>[ 281.642935] ok 7 - pagealloc_oob_right # SKIP Test requires CONFIG_KASAN_GENERIC=n <3>[ 281.668654] ================================================================== <3>[ 281.671090] BUG: KASAN: use-after-free in pagealloc_uaf+0xdc/0x1ec <3>[ 281.672542] Read of size 1 at addr ffff00000db80000 by task kunit_try_catch/260 <3>[ 281.676377] <3>[ 281.676935] CPU: 1 PID: 260 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1 <3>[ 281.680348] Hardware name: linux,dummy-virt (DT) <3>[ 281.681389] Call trace: <3>[ 281.682053] dump_backtrace+0xb8/0x130 <3>[ 281.682976] show_stack+0x20/0x60 <3>[ 281.683771] dump_stack_lvl+0x8c/0xb8 <3>[ 281.684648] print_report+0x2e4/0x620 <3>[ 281.687386] kasan_report+0xa8/0x1dc <3>[ 281.688293] __asan_load1+0x88/0xb0 <3>[ 281.689165] pagealloc_uaf+0xdc/0x1ec <3>[ 281.690049] kunit_try_run_case+0x8c/0x124 <3>[ 281.691000] kunit_generic_run_threadfn_adapter+0x38/0x54 <3>[ 281.692157] kthread+0x160/0x170 <3>[ 281.692987] ret_from_fork+0x10/0x20 <3>[ 281.695768] <3>[ 281.696210] The buggy address belongs to the physical page: <4>[ 281.697087] page:00000000ba590f46 refcount:0 mapcount:-128 mapping:0000000000000000 index:0x0 pfn:0x4db80 <4>[ 281.698511] flags: 0x3fffc0000000000(node=0|zone=0|lastcpupid=0xffff) <4>[ 281.699728] raw: 03fffc0000000000 ffff00003fdffda0 fffffc0000392408 0000000000000000 <4>[ 281.700973] raw: 0000000000000000 0000000000000004 00000000ffffff7f 0000000000000000 <4>[ 281.704037] page dumped because: kasan: bad access detected <3>[ 284.023294] <3>[ 284.023873] Memory state around the buggy address: <3>[ 284.024951] ffff00000db7ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff <3>[ 284.026191] ffff00000db7ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff <3>[ 284.027357] >ffff00000db80000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff <3>[ 284.028442] ^ <3>[ 284.029136] ffff00000db80080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff <3>[ 284.032569] ffff00000db80100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff <3>[ 284.033680] ================================================================== <6>[ 284.080693] ok 8 - pagealloc_uaf <3>[ 284.106285] ================================================================== <3>[ 284.108402] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0xcc/0x1dc <3>[ 284.112775] Write of size 1 at addr ffff00000c565f00 by task kunit_try_catch/261 <3>[ 284.115013] <3>[ 284.115493] CPU: 0 PID: 261 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1 <3>[ 284.116806] Hardware name: linux,dummy-virt (DT) <3>[ 284.119353] Call trace: <3>[ 284.119914] dump_backtrace+0xb8/0x130 <3>[ 284.120784] show_stack+0x20/0x60 <3>[ 284.122342] dump_stack_lvl+0x8c/0xb8 <3>[ 284.123249] print_report+0x2e4/0x620 <3>[ 284.124139] kasan_report+0xa8/0x1dc <3>[ 284.125015] __asan_store1+0x88/0xb0 <3>[ 284.127645] kmalloc_large_oob_right+0xcc/0x1dc <3>[ 284.128633] kunit_try_run_case+0x8c/0x124 <3>[ 284.130342] kunit_generic_run_threadfn_adapter+0x38/0x54 <3>[ 284.131529] kthread+0x160/0x170 <3>[ 284.132360] ret_from_fork+0x10/0x20 <3>[ 284.133242] <3>[ 284.135432] Allocated by task 261: <4>[ 284.136108] kasan_save_stack+0x2c/0x5c <4>[ 284.137005] __kasan_kmalloc+0xac/0x104 <4>[ 284.138649] kmem_cache_alloc_trace+0x1f8/0x3b0 <4>[ 284.139627] kmalloc_large_oob_right+0x9c/0x1dc <4>[ 284.140589] kunit_try_run_case+0x8c/0x124 <4>[ 286.859689] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 286.860953] kthread+0x160/0x170 <4>[ 286.862568] ret_from_fork+0x10/0x20 <3>[ 286.863467] <3>[ 286.863894] The buggy address belongs to the object at ffff00000c564000 <3>[ 286.863894] which belongs to the cache kmalloc-8k of size 8192 <3>[ 286.867393] The buggy address is located 7936 bytes inside of <3>[ 286.867393] 8192-byte region [ffff00000c564000, ffff00000c566000) <3>[ 286.869086] <3>[ 286.870278] The buggy address belongs to the physical page: <4>[ 286.871176] page:0000000041b876cd refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4c560 <4>[ 286.872551] head:0000000041b876cd order:3 compound_mapcount:0 compound_pincount:0 <4>[ 286.875419] flags: 0x3fffc0000010200(slab|head|node=0|zone=0|lastcpupid=0xffff) <4>[ 286.876785] raw: 03fffc0000010200 0000000000000000 dead000000000122 ffff000006802c00 <4>[ 286.878800] raw: 0000000000000000 0000000080020002 00000001ffffffff 0000000000000000 <4>[ 286.879958] page dumped because: kasan: bad access detected <3>[ 286.880840] <3>[ 286.881274] Memory state around the buggy address: <3>[ 286.883865] ffff00000c565e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 <3>[ 286.885112] ffff00000c565e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 <3>[ 286.887103] >ffff00000c565f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc <3>[ 286.888199] ^ <3>[ 286.888890] ffff00000c565f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc <3>[ 286.891781] ffff00000c566000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc <3>[ 286.892885] ================================================================== <6>[ 286.927544] ok 9 - kmalloc_large_oob_right <3>[ 286.950366] ================================================================== <3>[ 286.952497] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x140/0x3a4 <3>[ 286.954998] Write of size 1 at addr ffff00000cbb5eeb by task kunit_try_catch/262 <3>[ 290.138598] <3>[ 290.139150] CPU: 1 PID: 262 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1 <3>[ 290.140564] Hardware name: linux,dummy-virt (DT) <3>[ 290.142215] Call trace: <3>[ 290.142795] dump_backtrace+0xb8/0x130 <3>[ 290.143682] show_stack+0x20/0x60 <3>[ 290.144477] dump_stack_lvl+0x8c/0xb8 <3>[ 290.146278] print_report+0x2e4/0x620 <3>[ 290.147208] kasan_report+0xa8/0x1dc <3>[ 290.148086] __asan_store1+0x88/0xb0 <3>[ 290.148969] krealloc_more_oob_helper+0x140/0x3a4 <3>[ 290.150880] krealloc_more_oob+0x18/0x24 <3>[ 290.151793] kunit_try_run_case+0x8c/0x124 <3>[ 290.152743] kunit_generic_run_threadfn_adapter+0x38/0x54 <3>[ 290.154786] kthread+0x160/0x170 <3>[ 290.155642] ret_from_fork+0x10/0x20 <3>[ 290.156525] <3>[ 290.156952] Allocated by task 262: <4>[ 290.158488] kasan_save_stack+0x2c/0x5c <4>[ 290.159409] __kasan_krealloc+0xf8/0x190 <4>[ 290.160317] krealloc+0x170/0x1d0 <4>[ 290.161162] krealloc_more_oob_helper+0xd8/0x3a4 <4>[ 290.163040] krealloc_more_oob+0x18/0x24 <4>[ 290.163934] kunit_try_run_case+0x8c/0x124 <4>[ 290.164874] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 290.166901] kthread+0x160/0x170 <4>[ 290.167736] ret_from_fork+0x10/0x20 <3>[ 290.168599] <3>[ 290.169023] The buggy address belongs to the object at ffff00000cbb5e00 <3>[ 290.169023] which belongs to the cache kmalloc-256 of size 256 <3>[ 290.171586] The buggy address is located 235 bytes inside of <3>[ 290.171586] 256-byte region [ffff00000cbb5e00, ffff00000cbb5f00) <3>[ 293.863129] <3>[ 293.863645] The buggy address belongs to the physical page: <4>[ 293.864533] page:0000000071f5b5fc refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4cbb4 <4>[ 293.866805] head:0000000071f5b5fc order:1 compound_mapcount:0 compound_pincount:0 <4>[ 293.867981] flags: 0x3fffc0000010200(slab|head|node=0|zone=0|lastcpupid=0xffff) <4>[ 293.870183] raw: 03fffc0000010200 0000000000000000 dead000000000122 ffff000006802480 <4>[ 293.871473] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 <4>[ 293.872619] page dumped because: kasan: bad access detected <3>[ 293.874384] <3>[ 293.874828] Memory state around the buggy address: <3>[ 293.875680] ffff00000cbb5d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc <3>[ 293.876835] ffff00000cbb5e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 <3>[ 293.878858] >ffff00000cbb5e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc <3>[ 293.879961] ^ <3>[ 293.881001] ffff00000cbb5f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc <3>[ 293.883024] ffff00000cbb5f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc <3>[ 293.884128] ================================================================== <3>[ 293.899496] ================================================================== <3>[ 293.900902] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x174/0x3a4 <3>[ 293.905389] Write of size 1 at addr ffff00000cbb5ef0 by task kunit_try_catch/262 <3>[ 293.906567] <3>[ 293.907105] CPU: 0 PID: 262 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1 <3>[ 293.908781] Hardware name: linux,dummy-virt (DT) <3>[ 293.909848] Call trace: <3>[ 293.910398] dump_backtrace+0xb8/0x130 <3>[ 293.911268] show_stack+0x20/0x60 <3>[ 293.912060] dump_stack_lvl+0x8c/0xb8 <3>[ 298.097291] print_report+0x2e4/0x620 <3>[ 298.098319] kasan_report+0xa8/0x1dc <3>[ 298.099226] __asan_store1+0x88/0xb0 <3>[ 298.100295] krealloc_more_oob_helper+0x174/0x3a4 <3>[ 298.101329] krealloc_more_oob+0x18/0x24 <3>[ 298.102238] kunit_try_run_case+0x8c/0x124 <3>[ 298.103189] kunit_generic_run_threadfn_adapter+0x38/0x54 <3>[ 298.104346] kthread+0x160/0x170 <3>[ 298.105176] ret_from_fork+0x10/0x20 <3>[ 298.106111] <3>[ 298.106541] Allocated by task 262: <4>[ 298.107208] kasan_save_stack+0x2c/0x5c <4>[ 298.108104] __kasan_krealloc+0xf8/0x190 <4>[ 298.109013] krealloc+0x170/0x1d0 <4>[ 298.109878] krealloc_more_oob_helper+0xd8/0x3a4 <4>[ 298.110874] krealloc_more_oob+0x18/0x24 <4>[ 298.111763] kunit_try_run_case+0x8c/0x124 <4>[ 298.112702] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 298.113866] kthread+0x160/0x170 <4>[ 298.114696] ret_from_fork+0x10/0x20 <3>[ 298.115561] <3>[ 298.115986] The buggy address belongs to the object at ffff00000cbb5e00 <3>[ 298.115986] which belongs to the cache kmalloc-256 of size 256 <3>[ 298.117681] The buggy address is located 240 bytes inside of <3>[ 298.117681] 256-byte region [ffff00000cbb5e00, ffff00000cbb5f00) <3>[ 298.119332] <3>[ 298.119763] The buggy address belongs to the physical page: <4>[ 298.120640] page:0000000071f5b5fc refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4cbb4 <4>[ 298.122024] head:0000000071f5b5fc order:1 compound_mapcount:0 compound_pincount:0 <4>[ 298.123159] flags: 0x3fffc0000010200(slab|head|node=0|zone=0|lastcpupid=0xffff) <4>[ 298.124504] raw: 03fffc0000010200 0000000000000000 dead000000000122 ffff000006802480 <4>[ 298.125770] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 <4>[ 298.126917] page dumped because: kasan: bad access detected <3>[ 298.127795] <3>[ 298.128216] Memory state around the buggy address: <3>[ 298.129061] ffff00000cbb5d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc <3>[ 302.869824] ffff00000cbb5e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 <3>[ 302.871061] >ffff00000cbb5e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc <3>[ 302.872149] ^ <3>[ 302.873221] ffff00000cbb5f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc <3>[ 302.874402] ffff00000cbb5f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc <3>[ 302.875489] ================================================================== <6>[ 302.882189] ok 10 - krealloc_more_oob <3>[ 302.900583] ================================================================== <3>[ 302.903434] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x114/0x5fc <3>[ 302.904842] Write of size 1 at addr ffff00000cbb5cc9 by task kunit_try_catch/263 <3>[ 302.908042] <3>[ 302.908530] CPU: 1 PID: 263 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1 <3>[ 302.909858] Hardware name: linux,dummy-virt (DT) <3>[ 302.910663] Call trace: <3>[ 302.911202] dump_backtrace+0xb8/0x130 <3>[ 302.912073] show_stack+0x20/0x60 <3>[ 302.912866] dump_stack_lvl+0x8c/0xb8 <3>[ 302.915685] print_report+0x2e4/0x620 <3>[ 302.916607] kasan_report+0xa8/0x1dc <3>[ 302.917500] __asan_store1+0x88/0xb0 <3>[ 302.918392] krealloc_less_oob_helper+0x114/0x5fc <3>[ 302.919405] krealloc_less_oob+0x18/0x2c <3>[ 302.920302] kunit_try_run_case+0x8c/0x124 <3>[ 302.921263] kunit_generic_run_threadfn_adapter+0x38/0x54 <3>[ 302.924341] kthread+0x160/0x170 <3>[ 302.925178] ret_from_fork+0x10/0x20 <3>[ 302.926084] <3>[ 302.926513] Allocated by task 263: <4>[ 302.927176] kasan_save_stack+0x2c/0x5c <4>[ 302.928071] __kasan_krealloc+0xf8/0x190 <4>[ 302.928980] krealloc+0x170/0x1d0 <4>[ 302.931735] krealloc_less_oob_helper+0xd4/0x5fc <4>[ 302.932739] krealloc_less_oob+0x18/0x2c <4>[ 302.933642] kunit_try_run_case+0x8c/0x124 <4>[ 302.934592] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 308.223745] kthread+0x160/0x170 <4>[ 308.224677] ret_from_fork+0x10/0x20 <3>[ 308.225585] <3>[ 308.226026] The buggy address belongs to the object at ffff00000cbb5c00 <3>[ 308.226026] which belongs to the cache kmalloc-256 of size 256 <3>[ 308.227713] The buggy address is located 201 bytes inside of <3>[ 308.227713] 256-byte region [ffff00000cbb5c00, ffff00000cbb5d00) <3>[ 308.231742] <3>[ 308.232207] The buggy address belongs to the physical page: <4>[ 308.233092] page:0000000071f5b5fc refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4cbb4 <4>[ 308.234503] head:0000000071f5b5fc order:1 compound_mapcount:0 compound_pincount:0 <4>[ 308.235636] flags: 0x3fffc0000010200(slab|head|node=0|zone=0|lastcpupid=0xffff) <4>[ 308.236980] raw: 03fffc0000010200 0000000000000000 dead000000000122 ffff000006802480 <4>[ 308.240483] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 <4>[ 308.241663] page dumped because: kasan: bad access detected <3>[ 308.242553] <3>[ 308.242976] Memory state around the buggy address: <3>[ 308.243823] ffff00000cbb5b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc <3>[ 308.244977] ffff00000cbb5c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 <3>[ 308.248378] >ffff00000cbb5c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc <3>[ 308.249498] ^ <3>[ 308.250444] ffff00000cbb5d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc <3>[ 308.251598] ffff00000cbb5d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc <3>[ 308.252682] ================================================================== <3>[ 308.320807] ================================================================== <3>[ 308.326358] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x148/0x5fc <3>[ 308.328084] Write of size 1 at addr ffff00000cbb5cd0 by task kunit_try_catch/263 <3>[ 308.331414] <3>[ 308.331899] CPU: 1 PID: 263 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1 <3>[ 314.195026] Hardware name: linux,dummy-virt (DT) <3>[ 314.196122] Call trace: <3>[ 314.196784] dump_backtrace+0xb8/0x130 <3>[ 314.200645] show_stack+0x20/0x60 <3>[ 314.203072] dump_stack_lvl+0x8c/0xb8 <3>[ 314.203986] print_report+0x2e4/0x620 <3>[ 314.204881] kasan_report+0xa8/0x1dc <3>[ 314.207926] __asan_store1+0x88/0xb0 <3>[ 314.209004] krealloc_less_oob_helper+0x148/0x5fc <3>[ 314.210248] krealloc_less_oob+0x18/0x2c <3>[ 314.211288] kunit_try_run_case+0x8c/0x124 <3>[ 314.212241] kunit_generic_run_threadfn_adapter+0x38/0x54 <3>[ 314.215558] kthread+0x160/0x170 <3>[ 314.216417] ret_from_fork+0x10/0x20 <3>[ 314.217315] <3>[ 314.217749] Allocated by task 263: <4>[ 314.218421] kasan_save_stack+0x2c/0x5c <4>[ 314.219315] __kasan_krealloc+0xf8/0x190 <4>[ 314.220222] krealloc+0x170/0x1d0 <4>[ 314.221062] krealloc_less_oob_helper+0xd4/0x5fc <4>[ 314.224312] krealloc_less_oob+0x18/0x2c <4>[ 314.225214] kunit_try_run_case+0x8c/0x124 <4>[ 314.226176] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 314.227326] kthread+0x160/0x170 <4>[ 314.228144] ret_from_fork+0x10/0x20 <3>[ 314.229004] <3>[ 314.231567] The buggy address belongs to the object at ffff00000cbb5c00 <3>[ 314.231567] which belongs to the cache kmalloc-256 of size 256 <3>[ 314.233287] The buggy address is located 208 bytes inside of <3>[ 314.233287] 256-byte region [ffff00000cbb5c00, ffff00000cbb5d00) <3>[ 314.234942] <3>[ 314.235374] The buggy address belongs to the physical page: <4>[ 314.236251] page:0000000071f5b5fc refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4cbb4 <4>[ 314.239734] head:0000000071f5b5fc order:1 compound_mapcount:0 compound_pincount:0 <4>[ 314.240886] flags: 0x3fffc0000010200(slab|head|node=0|zone=0|lastcpupid=0xffff) <4>[ 314.242248] raw: 03fffc0000010200 0000000000000000 dead000000000122 ffff000006802480 <4>[ 320.777665] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 <4>[ 320.778885] page dumped because: kasan: bad access detected <3>[ 320.779770] <3>[ 320.780193] Memory state around the buggy address: <3>[ 320.781294] ffff00000cbb5b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc <3>[ 320.782783] ffff00000cbb5c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 <3>[ 320.786509] >ffff00000cbb5c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc <3>[ 320.787937] ^ <3>[ 320.790699] ffff00000cbb5d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc <3>[ 320.791872] ffff00000cbb5d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc <3>[ 320.792957] ================================================================== <3>[ 320.815418] ================================================================== <3>[ 320.816540] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x198/0x5fc <3>[ 320.818548] Write of size 1 at addr ffff00000cbb5cda by task kunit_try_catch/263 <3>[ 320.820050] <3>[ 320.820585] CPU: 1 PID: 263 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1 <3>[ 320.823639] Hardware name: linux,dummy-virt (DT) <3>[ 320.824456] Call trace: <3>[ 320.824997] dump_backtrace+0xb8/0x130 <3>[ 320.826706] show_stack+0x20/0x60 <3>[ 320.827517] dump_stack_lvl+0x8c/0xb8 <3>[ 320.828398] print_report+0x2e4/0x620 <3>[ 320.829300] kasan_report+0xa8/0x1dc <3>[ 320.830588] __asan_store1+0x88/0xb0 <3>[ 320.831512] krealloc_less_oob_helper+0x198/0x5fc <3>[ 320.832618] krealloc_less_oob+0x18/0x2c <3>[ 320.833918] kunit_try_run_case+0x8c/0x124 <3>[ 320.834902] kunit_generic_run_threadfn_adapter+0x38/0x54 <3>[ 320.836064] kthread+0x160/0x170 <3>[ 320.836895] ret_from_fork+0x10/0x20 <3>[ 320.839617] <3>[ 320.840061] Allocated by task 263: <4>[ 320.840726] kasan_save_stack+0x2c/0x5c <4>[ 320.842013] __kasan_krealloc+0xf8/0x190 <4>[ 328.027746] krealloc+0x170/0x1d0 <4>[ 328.035923] krealloc_less_oob_helper+0xd4/0x5fc <4>[ 328.037175] krealloc_less_oob+0x18/0x2c <4>[ 328.038504] kunit_try_run_case+0x8c/0x124 <4>[ 328.039453] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 328.040661] kthread+0x160/0x170 <4>[ 328.042058] ret_from_fork+0x10/0x20 <3>[ 328.042956] <3>[ 328.043384] The buggy address belongs to the object at ffff00000cbb5c00 <3>[ 328.043384] which belongs to the cache kmalloc-256 of size 256 <3>[ 328.045063] The buggy address is located 218 bytes inside of <3>[ 328.045063] 256-byte region [ffff00000cbb5c00, ffff00000cbb5d00) <3>[ 328.047114] <3>[ 328.047553] The buggy address belongs to the physical page: <4>[ 328.048435] page:0000000071f5b5fc refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4cbb4 <4>[ 328.050199] head:0000000071f5b5fc order:1 compound_mapcount:0 compound_pincount:0 <4>[ 328.051349] flags: 0x3fffc0000010200(slab|head|node=0|zone=0|lastcpupid=0xffff) <4>[ 328.052694] raw: 03fffc0000010200 0000000000000000 dead000000000122 ffff000006802480 <4>[ 328.056115] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 <4>[ 328.057288] page dumped because: kasan: bad access detected <3>[ 328.058562] <3>[ 328.058990] Memory state around the buggy address: <3>[ 328.059836] ffff00000cbb5b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc <3>[ 328.060987] ffff00000cbb5c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 <3>[ 328.062542] >ffff00000cbb5c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc <3>[ 328.063641] ^ <3>[ 328.064626] ffff00000cbb5d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc <3>[ 328.066172] ffff00000cbb5d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc <3>[ 328.067278] ================================================================== <3>[ 328.086168] ================================================================== <3>[ 335.980588] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x1c8/0x5fc <3>[ 335.983629] Write of size 1 at addr ffff00000cbb5cea by task kunit_try_catch/263 <3>[ 335.984822] <3>[ 335.985678] CPU: 1 PID: 263 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1 <3>[ 335.987026] Hardware name: linux,dummy-virt (DT) <3>[ 335.987828] Call trace: <3>[ 335.988368] dump_backtrace+0xb8/0x130 <3>[ 335.989239] show_stack+0x20/0x60 <3>[ 335.996257] dump_stack_lvl+0x8c/0xb8 <3>[ 335.997145] print_report+0x2e4/0x620 <3>[ 335.998470] kasan_report+0xa8/0x1dc <3>[ 335.999353] __asan_store1+0x88/0xb0 <3>[ 336.000240] krealloc_less_oob_helper+0x1c8/0x5fc <3>[ 336.001248] krealloc_less_oob+0x18/0x2c <3>[ 336.002559] kunit_try_run_case+0x8c/0x124 <3>[ 336.003513] kunit_generic_run_threadfn_adapter+0x38/0x54 <3>[ 336.004670] kthread+0x160/0x170 <3>[ 336.005883] ret_from_fork+0x10/0x20 <3>[ 336.006794] <3>[ 336.007222] Allocated by task 263: <4>[ 336.007885] kasan_save_stack+0x2c/0x5c <4>[ 336.008777] __kasan_krealloc+0xf8/0x190 <4>[ 336.011504] krealloc+0x170/0x1d0 <4>[ 336.012375] krealloc_less_oob_helper+0xd4/0x5fc <4>[ 336.013741] krealloc_less_oob+0x18/0x2c <4>[ 336.014664] kunit_try_run_case+0x8c/0x124 <4>[ 336.015608] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 336.016755] kthread+0x160/0x170 <4>[ 336.017960] ret_from_fork+0x10/0x20 <3>[ 336.018856] <3>[ 336.019282] The buggy address belongs to the object at ffff00000cbb5c00 <3>[ 336.019282] which belongs to the cache kmalloc-256 of size 256 <3>[ 336.020964] The buggy address is located 234 bytes inside of <3>[ 336.020964] 256-byte region [ffff00000cbb5c00, ffff00000cbb5d00) <3>[ 336.023009] <3>[ 336.023453] The buggy address belongs to the physical page: <4>[ 336.024337] page:0000000071f5b5fc refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4cbb4 <4>[ 336.026102] head:0000000071f5b5fc order:1 compound_mapcount:0 compound_pincount:0 <4>[ 344.662423] flags: 0x3fffc0000010200(slab|head|node=0|zone=0|lastcpupid=0xffff) <4>[ 344.664201] raw: 03fffc0000010200 0000000000000000 dead000000000122 ffff000006802480 <4>[ 344.667296] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 <4>[ 344.668475] page dumped because: kasan: bad access detected <3>[ 344.669744] <3>[ 344.670203] Memory state around the buggy address: <3>[ 344.671054] ffff00000cbb5b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc <3>[ 344.672210] ffff00000cbb5c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 <3>[ 344.673742] >ffff00000cbb5c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc <3>[ 344.674863] ^ <3>[ 344.675909] ffff00000cbb5d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc <3>[ 344.677062] ffff00000cbb5d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc <3>[ 344.678552] ================================================================== <3>[ 344.683525] ================================================================== <3>[ 344.684679] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x1f4/0x5fc <3>[ 344.686088] Write of size 1 at addr ffff00000cbb5ceb by task kunit_try_catch/263 <3>[ 344.687253] <3>[ 344.687711] CPU: 0 PID: 263 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1 <3>[ 344.689404] Hardware name: linux,dummy-virt (DT) <3>[ 344.690417] Call trace: <3>[ 344.693187] dump_backtrace+0xb8/0x130 <3>[ 344.697115] show_stack+0x20/0x60 <3>[ 344.697970] dump_stack_lvl+0x8c/0xb8 <3>[ 344.698863] print_report+0x2e4/0x620 <3>[ 344.699917] kasan_report+0xa8/0x1dc <3>[ 344.700955] __asan_store1+0x88/0xb0 <3>[ 344.702028] krealloc_less_oob_helper+0x1f4/0x5fc <3>[ 344.704835] krealloc_less_oob+0x18/0x2c <3>[ 344.706577] kunit_try_run_case+0x8c/0x124 <3>[ 344.707555] kunit_generic_run_threadfn_adapter+0x38/0x54 <3>[ 354.104360] kthread+0x160/0x170 <3>[ 354.110342] ret_from_fork+0x10/0x20 <3>[ 354.110996] <3>[ 354.111291] Allocated by task 263: <4>[ 354.111770] kasan_save_stack+0x2c/0x5c <4>[ 354.112378] __kasan_krealloc+0xf8/0x190 <4>[ 354.112990] krealloc+0x170/0x1d0 <4>[ 354.119295] krealloc_less_oob_helper+0xd4/0x5fc <4>[ 354.120318] krealloc_less_oob+0x18/0x2c <4>[ 354.121209] kunit_try_run_case+0x8c/0x124 <4>[ 354.122961] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 354.124115] kthread+0x160/0x170 <4>[ 354.124938] ret_from_fork+0x10/0x20 <3>[ 354.127547] <3>[ 354.127986] The buggy address belongs to the object at ffff00000cbb5c00 <3>[ 354.127986] which belongs to the cache kmalloc-256 of size 256 <3>[ 354.130426] The buggy address is located 235 bytes inside of <3>[ 354.130426] 256-byte region [ffff00000cbb5c00, ffff00000cbb5d00) <3>[ 354.132095] <3>[ 354.132528] The buggy address belongs to the physical page: <4>[ 354.135162] page:0000000071f5b5fc refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4cbb4 <4>[ 354.136553] head:0000000071f5b5fc order:1 compound_mapcount:0 compound_pincount:0 <4>[ 354.138442] flags: 0x3fffc0000010200(slab|head|node=0|zone=0|lastcpupid=0xffff) <4>[ 354.139806] raw: 03fffc0000010200 0000000000000000 dead000000000122 ffff000006802480 <4>[ 354.141062] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 <4>[ 354.143940] page dumped because: kasan: bad access detected <3>[ 354.144837] <3>[ 354.145278] Memory state around the buggy address: <3>[ 354.146880] ffff00000cbb5b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc <3>[ 354.148040] ffff00000cbb5c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 <3>[ 354.149194] >ffff00000cbb5c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc <3>[ 354.152042] ^ <3>[ 354.153092] ffff00000cbb5d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc <3>[ 364.370608] ffff00000cbb5d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc <3>[ 364.371472] ================================================================== <6>[ 364.385130] ok 11 - krealloc_less_oob <3>[ 364.398759] ================================================================== <3>[ 364.400797] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x140/0x3a4 <3>[ 364.403802] Write of size 1 at addr ffff00000ca4e0eb by task kunit_try_catch/264 <3>[ 364.404988] <3>[ 364.406321] CPU: 0 PID: 264 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1 <3>[ 364.407658] Hardware name: linux,dummy-virt (DT) <3>[ 364.408457] Call trace: <3>[ 364.408995] dump_backtrace+0xb8/0x130 <3>[ 364.411661] show_stack+0x20/0x60 <3>[ 364.412479] dump_stack_lvl+0x8c/0xb8 <3>[ 364.414117] print_report+0x2e4/0x620 <3>[ 364.415042] kasan_report+0xa8/0x1dc <3>[ 364.415922] __asan_store1+0x88/0xb0 <3>[ 364.416806] krealloc_more_oob_helper+0x140/0x3a4 <3>[ 364.419576] krealloc_pagealloc_more_oob+0x18/0x2c <3>[ 364.420628] kunit_try_run_case+0x8c/0x124 <3>[ 364.422347] kunit_generic_run_threadfn_adapter+0x38/0x54 <3>[ 364.423533] kthread+0x160/0x170 <3>[ 364.424365] ret_from_fork+0x10/0x20 <3>[ 364.425247] <3>[ 364.427469] The buggy address belongs to the physical page: <4>[ 364.428361] page:00000000da707168 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4ca4c <4>[ 364.430493] head:00000000da707168 order:2 compound_mapcount:0 compound_pincount:0 <4>[ 375.450310] flags: 0x3fffc0000010000(head|node=0|zone=0|lastcpupid=0xffff) <4>[ 375.451624] raw: 03fffc0000010000 0000000000000000 dead000000000122 0000000000000000 <4>[ 375.452566] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 <4>[ 375.461463] page dumped because: kasan: bad access detected <3>[ 375.462379] <3>[ 375.462819] Memory state around the buggy address: <3>[ 375.463660] ffff00000ca4df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 <3>[ 375.464793] ffff00000ca4e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 <3>[ 375.467732] >ffff00000ca4e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe <3>[ 375.468838] ^ <3>[ 375.470662] ffff00000ca4e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe <3>[ 375.471835] ffff00000ca4e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe <3>[ 375.472921] ================================================================== <3>[ 375.494442] ================================================================== <3>[ 375.495532] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x174/0x3a4 <3>[ 375.496886] Write of size 1 at addr ffff00000ca4e0f0 by task kunit_try_catch/264 <3>[ 375.498100] <3>[ 375.498563] CPU: 0 PID: 264 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1 <3>[ 375.499873] Hardware name: linux,dummy-virt (DT) <3>[ 375.500669] Call trace: <3>[ 375.501208] dump_backtrace+0xb8/0x130 <3>[ 375.502268] show_stack+0x20/0x60 <3>[ 375.503215] dump_stack_lvl+0x8c/0xb8 <3>[ 375.507730] print_report+0x2e4/0x620 <3>[ 375.508649] kasan_report+0xa8/0x1dc <3>[ 375.512786] __asan_store1+0x88/0xb0 <3>[ 375.513744] krealloc_more_oob_helper+0x174/0x3a4 <3>[ 375.514771] krealloc_pagealloc_more_oob+0x18/0x2c <3>[ 375.515794] kunit_try_run_case+0x8c/0x124 <3>[ 375.516934] kunit_generic_run_threadfn_adapter+0x38/0x54 <3>[ 387.444513] kthread+0x160/0x170 <3>[ 387.453784] ret_from_fork+0x10/0x20 <3>[ 387.454892] <3>[ 387.455404] The buggy address belongs to the physical page: <4>[ 387.456536] page:00000000da707168 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4ca4c <4>[ 387.460639] head:00000000da707168 order:2 compound_mapcount:0 compound_pincount:0 <4>[ 387.462642] flags: 0x3fffc0000010000(head|node=0|zone=0|lastcpupid=0xffff) <4>[ 387.463945] raw: 03fffc0000010000 0000000000000000 dead000000000122 0000000000000000 <4>[ 387.465195] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 <4>[ 387.468303] page dumped because: kasan: bad access detected <3>[ 387.469193] <3>[ 387.470465] Memory state around the buggy address: <3>[ 387.471325] ffff00000ca4df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 <3>[ 387.472490] ffff00000ca4e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 <3>[ 387.475624] >ffff00000ca4e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe <3>[ 387.476727] ^ <3>[ 387.478640] ffff00000ca4e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe <3>[ 387.479812] ffff00000ca4e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe <3>[ 387.480898] ================================================================== <6>[ 387.499418] ok 12 - krealloc_pagealloc_more_oob <3>[ 387.522421] ================================================================== <3>[ 387.524717] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x114/0x5fc <3>[ 387.529468] Write of size 1 at addr ffff00000ca620c9 by task kunit_try_catch/265 <3>[ 387.531354] <3>[ 387.531912] CPU: 1 PID: 265 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1 <3>[ 387.536074] Hardware name: linux,dummy-virt (DT) <3>[ 387.536895] Call trace: <3>[ 387.538310] dump_backtrace+0xb8/0x130 <3>[ 387.539201] show_stack+0x20/0x60 <3>[ 400.346541] dump_stack_lvl+0x8c/0xb8 <3>[ 400.347508] print_report+0x2e4/0x620 <3>[ 400.348418] kasan_report+0xa8/0x1dc <3>[ 400.349366] __asan_store1+0x88/0xb0 <3>[ 400.350239] krealloc_less_oob_helper+0x114/0x5fc <3>[ 400.358209] krealloc_pagealloc_less_oob+0x18/0x24 <3>[ 400.358935] kunit_try_run_case+0x8c/0x124 <3>[ 400.359578] kunit_generic_run_threadfn_adapter+0x38/0x54 <3>[ 400.360365] kthread+0x160/0x170 <3>[ 400.360914] ret_from_fork+0x10/0x20 <3>[ 400.365594] <3>[ 400.366075] The buggy address belongs to the physical page: <4>[ 400.366977] page:000000009c787604 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4ca60 <4>[ 400.368352] head:000000009c787604 order:2 compound_mapcount:0 compound_pincount:0 <4>[ 400.369572] flags: 0x3fffc0000010000(head|node=0|zone=0|lastcpupid=0xffff) <4>[ 400.370922] raw: 03fffc0000010000 0000000000000000 dead000000000122 0000000000000000 <4>[ 400.372187] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 <4>[ 400.373391] page dumped because: kasan: bad access detected <3>[ 400.374304] <3>[ 400.374742] Memory state around the buggy address: <3>[ 400.375618] ffff00000ca61f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 <3>[ 400.376789] ffff00000ca62000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 <3>[ 400.378058] >ffff00000ca62080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe <3>[ 400.379161] ^ <3>[ 400.380103] ffff00000ca62100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe <3>[ 400.381275] ffff00000ca62180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe <3>[ 400.382423] ================================================================== <3>[ 400.387797] ================================================================== <3>[ 400.388656] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x148/0x5fc <3>[ 400.393663] Write of size 1 at addr ffff00000ca620d0 by task kunit_try_catch/265 <3>[ 414.124838] <3>[ 414.131646] CPU: 0 PID: 265 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1 <3>[ 414.132980] Hardware name: linux,dummy-virt (DT) <3>[ 414.133819] Call trace: <3>[ 414.134391] dump_backtrace+0xb8/0x130 <3>[ 414.135282] show_stack+0x20/0x60 <3>[ 414.136094] dump_stack_lvl+0x8c/0xb8 <3>[ 414.136705] print_report+0x2e4/0x620 <3>[ 414.137342] kasan_report+0xa8/0x1dc <3>[ 414.138252] __asan_store1+0x88/0xb0 <3>[ 414.139143] krealloc_less_oob_helper+0x148/0x5fc <3>[ 414.140147] krealloc_pagealloc_less_oob+0x18/0x24 <3>[ 414.141162] kunit_try_run_case+0x8c/0x124 <3>[ 414.142148] kunit_generic_run_threadfn_adapter+0x38/0x54 <3>[ 414.143310] kthread+0x160/0x170 <3>[ 414.144141] ret_from_fork+0x10/0x20 <3>[ 414.145024] <3>[ 414.145478] The buggy address belongs to the physical page: <4>[ 414.146375] page:000000009c787604 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4ca60 <4>[ 414.147746] head:000000009c787604 order:2 compound_mapcount:0 compound_pincount:0 <4>[ 414.148874] flags: 0x3fffc0000010000(head|node=0|zone=0|lastcpupid=0xffff) <4>[ 414.150172] raw: 03fffc0000010000 0000000000000000 dead000000000122 0000000000000000 <4>[ 414.151421] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 <4>[ 414.152562] page dumped because: kasan: bad access detected <3>[ 414.153454] <3>[ 414.153878] Memory state around the buggy address: <3>[ 414.154733] ffff00000ca61f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 <3>[ 414.155888] ffff00000ca62000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 <3>[ 414.157039] >ffff00000ca62080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe <3>[ 414.158143] ^ <3>[ 414.159109] ffff00000ca62100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe <3>[ 414.160262] ffff00000ca62180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe <3>[ 414.161359] ================================================================== <3>[ 428.864087] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: <3>[ 428.865769] rcu: 1-....: (1 ticks this GP) idle=060/0/0x0 softirq=862/862 fqs=5 (false positive?) <4>[ 428.867401] (detected by 0, t=10332 jiffies, g=625, q=1 ncpus=2) <6>[ 428.868497] Task dump for CPU 1: <6>[ 428.869144] task:swapper/1 state:R running task stack: 0 pid: 0 ppid: 1 flags:0x00000008 <6>[ 428.870982] Call trace: <6>[ 428.871537] __switch_to+0x140/0x1e0 <6>[ 428.872393] 0xffff122e153fa700 <3>[ 428.873554] rcu: rcu_preempt kthread timer wakeup didn't happen for 7119 jiffies! g625 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 <3>[ 428.875157] rcu: Possible timer handling issue on cpu=0 timer-softirq=931 <3>[ 428.876354] rcu: rcu_preempt kthread starved for 7120 jiffies! g625 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=0 <3>[ 428.877849] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. <3>[ 428.879103] rcu: RCU grace-period kthread stack dump: <6>[ 428.879927] task:rcu_preempt state:I stack: 0 pid: 16 ppid: 2 flags:0x00000008 <6>[ 428.881306] Call trace: <6>[ 428.881840] __switch_to+0x140/0x1e0 <6>[ 428.882692] __schedule+0x4f4/0xc74 <6>[ 428.883506] schedule+0x88/0x13c <6>[ 428.884315] schedule_timeout+0x104/0x2b0 <6>[ 428.885328] rcu_gp_fqs_loop+0x1a0/0x784 <6>[ 428.886244] rcu_gp_kthread+0x278/0x3a0 <6>[ 428.887136] kthread+0x160/0x170 <6>[ 428.887965] ret_from_fork+0x10/0x20 <3>[ 428.888889] rcu: Stack dump where RCU GP kthread last ran: <6>[ 428.889766] Task dump for CPU 0: <6>[ 428.890404] task:kunit_try_catch state:R running task stack: 0 pid: 265 ppid: 2 flags:0x00000008 <6>[ 428.892084] Call trace: <6>[ 428.892622] dump_backtrace+0xb8/0x130 <6>[ 428.893498] show_stack+0x20/0x60 <6>[ 428.894302] sched_show_task+0x2a0/0x2d4 <6>[ 428.895297] dump_cpu_task+0x64/0x78 <6>[ 444.590961] rcu_check_gp_kthread_starvation+0x16c/0x198 <6>[ 444.596090] rcu_sched_clock_irq+0x12bc/0x14a4 <6>[ 444.600696] update_process_times+0x90/0xec <6>[ 444.601431] tick_sched_handle+0x70/0xa0 <6>[ 444.602073] tick_sched_timer+0x5c/0xd0 <6>[ 444.602686] __hrtimer_run_queues+0x234/0x5f0 <6>[ 444.603322] hrtimer_interrupt+0x198/0x384 <6>[ 444.603946] arch_timer_handler_virt+0x48/0x60 <6>[ 444.604651] handle_percpu_devid_irq+0xe0/0x300 <6>[ 444.605424] generic_handle_domain_irq+0x50/0x70 <6>[ 444.606547] gic_handle_irq+0x58/0x160 <6>[ 444.607387] call_on_irq_stack+0x2c/0x54 <6>[ 444.608298] do_interrupt_handler+0xc8/0xd0 <6>[ 444.609310] el1_interrupt+0x34/0x60 <6>[ 444.610275] el1h_64_irq_handler+0x18/0x2c <6>[ 444.611309] el1h_64_irq+0x64/0x68 <6>[ 444.612111] _raw_spin_unlock_irqrestore+0x3c/0x84 <6>[ 444.613197] end_report.part.0+0x34/0x94 <6>[ 444.614269] kasan_report+0xb8/0x1dc <6>[ 444.615146] __asan_store1+0x88/0xb0 <6>[ 444.616028] krealloc_less_oob_helper+0x148/0x5fc <6>[ 444.617036] krealloc_pagealloc_less_oob+0x18/0x24 <6>[ 444.618077] kunit_try_run_case+0x8c/0x124 <6>[ 444.619030] kunit_generic_run_threadfn_adapter+0x38/0x54 <6>[ 444.620186] kthread+0x160/0x170 <6>[ 444.621013] ret_from_fork+0x10/0x20 <3>[ 444.625575] ================================================================== <3>[ 444.629849] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x198/0x5fc <3>[ 444.631499] Write of size 1 at addr ffff00000ca620da by task kunit_try_catch/265 <3>[ 444.632984] <3>[ 444.633529] CPU: 0 PID: 265 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1 <3>[ 444.635376] Hardware name: linux,dummy-virt (DT) <3>[ 444.636193] Call trace: <3>[ 444.636731] dump_backtrace+0xb8/0x130 <3>[ 444.637611] show_stack+0x20/0x60 <3>[ 444.638417] dump_stack_lvl+0x8c/0xb8 <3>[ 444.639294] print_report+0x2e4/0x620 <3>[ 444.640183] kasan_report+0xa8/0x1dc <3>[ 461.355489] __asan_store1+0x88/0xb0 <3>[ 461.365554] krealloc_less_oob_helper+0x198/0x5fc <3>[ 461.366634] krealloc_pagealloc_less_oob+0x18/0x24 <3>[ 461.367663] kunit_try_run_case+0x8c/0x124 <3>[ 461.368616] kunit_generic_run_threadfn_adapter+0x38/0x54 <3>[ 461.369973] kthread+0x160/0x170 <3>[ 461.370970] ret_from_fork+0x10/0x20 <3>[ 461.372015] <3>[ 461.373525] The buggy address belongs to the physical page: <4>[ 461.374442] page:000000009c787604 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4ca60 <4>[ 461.375817] head:000000009c787604 order:2 compound_mapcount:0 compound_pincount:0 <4>[ 461.376949] flags: 0x3fffc0000010000(head|node=0|zone=0|lastcpupid=0xffff) <4>[ 461.378257] raw: 03fffc0000010000 0000000000000000 dead000000000122 0000000000000000 <4>[ 461.379509] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 <4>[ 461.380653] page dumped because: kasan: bad access detected <3>[ 461.381546] <3>[ 461.381971] Memory state around the buggy address: <3>[ 461.382827] ffff00000ca61f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 <3>[ 461.383982] ffff00000ca62000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 <3>[ 461.385136] >ffff00000ca62080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe <3>[ 461.386242] ^ <3>[ 461.387237] ffff00000ca62100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe <3>[ 461.388393] ffff00000ca62180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe <3>[ 461.389493] ================================================================== <3>[ 461.404145] ================================================================== <3>[ 461.405287] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x1c8/0x5fc <3>[ 461.407304] Write of size 1 at addr ffff00000ca620ea by task kunit_try_catch/265 <3>[ 461.410665] <3>[ 461.411145] CPU: 0 PID: 265 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1 <3>[ 479.198598] Hardware name: linux,dummy-virt (DT) <3>[ 479.199486] Call trace: <3>[ 479.200024] dump_backtrace+0xb8/0x130 <3>[ 479.200902] show_stack+0x20/0x60 <3>[ 479.201721] dump_stack_lvl+0x8c/0xb8 <3>[ 479.202616] print_report+0x2e4/0x620 <3>[ 479.203508] kasan_report+0xa8/0x1dc <3>[ 479.204385] __asan_store1+0x88/0xb0 <3>[ 479.205285] krealloc_less_oob_helper+0x1c8/0x5fc <3>[ 479.206315] krealloc_pagealloc_less_oob+0x18/0x24 <3>[ 479.207338] kunit_try_run_case+0x8c/0x124 <3>[ 479.208289] kunit_generic_run_threadfn_adapter+0x38/0x54 <3>[ 479.209465] kthread+0x160/0x170 <3>[ 479.210309] ret_from_fork+0x10/0x20 <3>[ 479.211195] <3>[ 479.211627] The buggy address belongs to the physical page: <4>[ 479.212510] page:000000009c787604 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4ca60 <4>[ 479.213896] head:000000009c787604 order:2 compound_mapcount:0 compound_pincount:0 <4>[ 479.215036] flags: 0x3fffc0000010000(head|node=0|zone=0|lastcpupid=0xffff) <4>[ 479.216314] raw: 03fffc0000010000 0000000000000000 dead000000000122 0000000000000000 <4>[ 479.217574] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 <4>[ 479.218725] page dumped because: kasan: bad access detected <3>[ 479.219606] <3>[ 479.220029] Memory state around the buggy address: <3>[ 479.220875] ffff00000ca61f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 <3>[ 479.222047] ffff00000ca62000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 <3>[ 479.223206] >ffff00000ca62080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe <3>[ 479.224291] ^ <3>[ 479.225351] ffff00000ca62100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe <3>[ 479.226514] ffff00000ca62180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe <3>[ 479.227598] ================================================================== <3>[ 479.248101] ================================================================== <3>[ 498.116221] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x1f4/0x5fc <3>[ 498.126057] Write of size 1 at addr ffff00000ca620eb by task kunit_try_catch/265 <3>[ 498.127283] <3>[ 498.127753] CPU: 1 PID: 265 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1 <3>[ 498.129065] Hardware name: linux,dummy-virt (DT) <3>[ 498.129890] Call trace: <3>[ 498.130441] dump_backtrace+0xb8/0x130 <3>[ 498.131319] show_stack+0x20/0x60 <3>[ 498.132116] dump_stack_lvl+0x8c/0xb8 <3>[ 498.132994] print_report+0x2e4/0x620 <3>[ 498.133943] kasan_report+0xa8/0x1dc <3>[ 498.134832] __asan_store1+0x88/0xb0 <3>[ 498.135721] krealloc_less_oob_helper+0x1f4/0x5fc <3>[ 498.136737] krealloc_pagealloc_less_oob+0x18/0x24 <3>[ 498.137778] kunit_try_run_case+0x8c/0x124 <3>[ 498.138743] kunit_generic_run_threadfn_adapter+0x38/0x54 <3>[ 498.139908] kthread+0x160/0x170 <3>[ 498.140743] ret_from_fork+0x10/0x20 <3>[ 498.141639] <3>[ 498.142081] The buggy address belongs to the physical page: <4>[ 498.142972] page:000000009c787604 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4ca60 <4>[ 498.144349] head:000000009c787604 order:2 compound_mapcount:0 compound_pincount:0 <4>[ 498.145495] flags: 0x3fffc0000010000(head|node=0|zone=0|lastcpupid=0xffff) <4>[ 498.146785] raw: 03fffc0000010000 0000000000000000 dead000000000122 0000000000000000 <4>[ 498.148043] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 <4>[ 498.149191] page dumped because: kasan: bad access detected <3>[ 498.150095] <3>[ 498.150520] Memory state around the buggy address: <3>[ 498.151373] ffff00000ca61f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 <3>[ 498.152530] ffff00000ca62000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 <3>[ 498.153707] >ffff00000ca62080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe <3>[ 498.154805] ^ <3>[ 518.166325] ffff00000ca62100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe <3>[ 518.169081] ffff00000ca62180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe <3>[ 518.175996] ================================================================== <6>[ 518.207072] ok 13 - krealloc_pagealloc_less_oob <3>[ 518.275725] ================================================================== <3>[ 518.278890] BUG: KASAN: use-after-free in krealloc_uaf+0xe8/0x2e4 <3>[ 518.280080] Read of size 1 at addr ffff00000d4e9200 by task kunit_try_catch/266 <3>[ 518.281231] <3>[ 518.281708] CPU: 0 PID: 266 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1 <3>[ 518.283043] Hardware name: linux,dummy-virt (DT) <3>[ 518.283841] Call trace: <3>[ 518.284380] dump_backtrace+0xb8/0x130 <3>[ 518.285246] show_stack+0x20/0x60 <3>[ 518.286063] dump_stack_lvl+0x8c/0xb8 <3>[ 518.286944] print_report+0x2e4/0x620 <3>[ 518.287832] kasan_report+0xa8/0x1dc <3>[ 518.288707] __kasan_check_byte+0x58/0x70 <3>[ 518.289652] krealloc+0x11c/0x1d0 <3>[ 518.290513] krealloc_uaf+0xe8/0x2e4 <3>[ 518.291361] kunit_try_run_case+0x8c/0x124 <3>[ 518.292311] kunit_generic_run_threadfn_adapter+0x38/0x54 <3>[ 518.293480] kthread+0x160/0x170 <3>[ 518.294321] ret_from_fork+0x10/0x20 <3>[ 518.295205] <3>[ 518.295636] Allocated by task 266: <4>[ 518.296299] kasan_save_stack+0x2c/0x5c <4>[ 518.297194] __kasan_kmalloc+0xac/0x104 <4>[ 539.404461] kmem_cache_alloc_trace+0x1f8/0x3b0 <4>[ 539.411198] krealloc_uaf+0xac/0x2e4 <4>[ 539.412071] kunit_try_run_case+0x8c/0x124 <4>[ 539.413019] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 539.414204] kthread+0x160/0x170 <4>[ 539.415016] ret_from_fork+0x10/0x20 <3>[ 539.425613] <3>[ 539.426082] Freed by task 266: <4>[ 539.426602] kasan_save_stack+0x2c/0x5c <4>[ 539.427350] kasan_set_track+0x2c/0x40 <4>[ 539.428073] kasan_set_free_info+0x28/0x50 <4>[ 539.428892] ____kasan_slab_free+0x15c/0x1b4 <4>[ 539.429886] __kasan_slab_free+0x18/0x2c <4>[ 539.430810] slab_free_freelist_hook+0xbc/0x220 <4>[ 539.431907] kfree+0xe0/0x3f0 <4>[ 539.433314] krealloc_uaf+0xc4/0x2e4 <4>[ 539.434187] kunit_try_run_case+0x8c/0x124 <4>[ 539.435133] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 539.436283] kthread+0x160/0x170 <4>[ 539.437103] ret_from_fork+0x10/0x20 <3>[ 539.438008] <3>[ 539.438448] The buggy address belongs to the object at ffff00000d4e9200 <3>[ 539.438448] which belongs to the cache kmalloc-256 of size 256 <3>[ 539.440454] The buggy address is located 0 bytes inside of <3>[ 539.440454] 256-byte region [ffff00000d4e9200, ffff00000d4e9300) <3>[ 539.442106] <3>[ 539.442541] The buggy address belongs to the physical page: <4>[ 539.443435] page:000000002e844232 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff00000d4e9000 pfn:0x4d4e8 <4>[ 539.444976] head:000000002e844232 order:1 compound_mapcount:0 compound_pincount:0 <4>[ 539.446143] flags: 0x3fffc0000010200(slab|head|node=0|zone=0|lastcpupid=0xffff) <4>[ 539.447498] raw: 03fffc0000010200 0000000000000000 dead000000000122 ffff000006802480 <4>[ 539.448788] raw: ffff00000d4e9000 0000000080100007 00000001ffffffff 0000000000000000 <4>[ 539.449957] page dumped because: kasan: bad access detected <3>[ 539.450863] <3>[ 539.451285] Memory state around the buggy address: <3>[ 539.452133] ffff00000d4e9100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc <3>[ 561.792589] ffff00000d4e9180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc <3>[ 561.793888] >ffff00000d4e9200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb <3>[ 561.795001] ^ <3>[ 561.795708] ffff00000d4e9280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb <3>[ 561.796779] ffff00000d4e9300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc <3>[ 561.797628] ================================================================== <3>[ 561.915354] ================================================================== <3>[ 561.916385] BUG: KASAN: use-after-free in krealloc_uaf+0x114/0x2e4 <3>[ 561.917241] Read of size 1 at addr ffff00000d4e9200 by task kunit_try_catch/266 <3>[ 561.922392] <3>[ 561.922861] CPU: 1 PID: 266 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1 <3>[ 561.924185] Hardware name: linux,dummy-virt (DT) <3>[ 561.924989] Call trace: <3>[ 561.925541] dump_backtrace+0xb8/0x130 <3>[ 561.926429] show_stack+0x20/0x60 <3>[ 561.927225] dump_stack_lvl+0x8c/0xb8 <3>[ 561.928109] print_report+0x2e4/0x620 <3>[ 561.929005] kasan_report+0xa8/0x1dc <3>[ 561.929904] __asan_load1+0x88/0xb0 <3>[ 561.930784] krealloc_uaf+0x114/0x2e4 <3>[ 561.931650] kunit_try_run_case+0x8c/0x124 <3>[ 561.932606] kunit_generic_run_threadfn_adapter+0x38/0x54 <3>[ 561.933774] kthread+0x160/0x170 <3>[ 561.934626] ret_from_fork+0x10/0x20 <3>[ 561.935508] <3>[ 561.935938] Allocated by task 266: <4>[ 561.936611] kasan_save_stack+0x2c/0x5c <4>[ 561.937519] __kasan_kmalloc+0xac/0x104 <4>[ 561.938425] kmem_cache_alloc_trace+0x1f8/0x3b0 <4>[ 561.939388] krealloc_uaf+0xac/0x2e4 <4>[ 561.940231] kunit_try_run_case+0x8c/0x124 <4>[ 561.941170] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 561.942350] kthread+0x160/0x170 <4>[ 561.943172] ret_from_fork+0x10/0x20 <3>[ 561.944041] <3>[ 561.944466] Freed by task 266: <4>[ 561.945089] kasan_save_stack+0x2c/0x5c <4>[ 585.440772] kasan_set_track+0x2c/0x40 <4>[ 585.441635] kasan_set_free_info+0x28/0x50 <4>[ 585.442468] ____kasan_slab_free+0x15c/0x1b4 <4>[ 585.443258] __kasan_slab_free+0x18/0x2c <4>[ 585.444020] slab_free_freelist_hook+0xbc/0x220 <4>[ 585.444942] kfree+0xe0/0x3f0 <4>[ 585.445555] krealloc_uaf+0xc4/0x2e4 <4>[ 585.446431] kunit_try_run_case+0x8c/0x124 <4>[ 585.447390] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 585.448537] kthread+0x160/0x170 <4>[ 585.449371] ret_from_fork+0x10/0x20 <3>[ 585.450251] <3>[ 585.450678] The buggy address belongs to the object at ffff00000d4e9200 <3>[ 585.450678] which belongs to the cache kmalloc-256 of size 256 <3>[ 585.452386] The buggy address is located 0 bytes inside of <3>[ 585.452386] 256-byte region [ffff00000d4e9200, ffff00000d4e9300) <3>[ 585.454057] <3>[ 585.454493] The buggy address belongs to the physical page: <4>[ 585.455383] page:000000002e844232 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff00000d4e9000 pfn:0x4d4e8 <4>[ 585.456925] head:000000002e844232 order:1 compound_mapcount:0 compound_pincount:0 <4>[ 585.458101] flags: 0x3fffc0000010200(slab|head|node=0|zone=0|lastcpupid=0xffff) <4>[ 585.459469] raw: 03fffc0000010200 0000000000000000 dead000000000122 ffff000006802480 <4>[ 585.460745] raw: ffff00000d4e9000 0000000080100007 00000001ffffffff 0000000000000000 <4>[ 585.461910] page dumped because: kasan: bad access detected <3>[ 585.462808] <3>[ 585.463231] Memory state around the buggy address: <3>[ 585.464078] ffff00000d4e9100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc <3>[ 585.465248] ffff00000d4e9180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc <3>[ 585.466435] >ffff00000d4e9200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb <3>[ 585.467529] ^ <3>[ 585.468218] ffff00000d4e9280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb <3>[ 585.469392] ffff00000d4e9300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc <3>[ 610.277617] ================================================================== <6>[ 610.346570] ok 14 - krealloc_uaf <3>[ 610.356970] ================================================================== <3>[ 610.360721] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0xf8/0x260 <3>[ 610.362805] Write of size 16 at addr ffff0000073e1700 by task kunit_try_catch/268 <3>[ 610.364004] <3>[ 610.364463] CPU: 0 PID: 268 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1 <3>[ 610.367499] Hardware name: linux,dummy-virt (DT) <3>[ 610.368326] Call trace: <3>[ 610.368866] dump_backtrace+0xb8/0x130 <3>[ 610.370477] show_stack+0x20/0x60 <3>[ 610.371310] dump_stack_lvl+0x8c/0xb8 <3>[ 610.372189] print_report+0x2e4/0x620 <3>[ 610.373085] kasan_report+0xa8/0x1dc <3>[ 610.375659] __asan_store16+0x90/0xc0 <3>[ 610.376579] kmalloc_oob_16+0xf8/0x260 <3>[ 610.378176] kunit_try_run_case+0x8c/0x124 <3>[ 610.379163] kunit_generic_run_threadfn_adapter+0x38/0x54 <3>[ 610.380323] kthread+0x160/0x170 <3>[ 610.381160] ret_from_fork+0x10/0x20 <3>[ 610.383736] <3>[ 610.384176] Allocated by task 268: <4>[ 610.384841] kasan_save_stack+0x2c/0x5c <4>[ 610.386488] __kasan_kmalloc+0xac/0x104 <4>[ 610.387408] kmem_cache_alloc_trace+0x1f8/0x3b0 <4>[ 610.388379] kmalloc_oob_16+0xa4/0x260 <4>[ 610.389225] kunit_try_run_case+0x8c/0x124 <4>[ 610.391952] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 610.393115] kthread+0x160/0x170 <4>[ 610.394714] ret_from_fork+0x10/0x20 <3>[ 610.395597] <3>[ 610.396023] The buggy address belongs to the object at ffff0000073e1700 <3>[ 610.396023] which belongs to the cache kmalloc-128 of size 128 <3>[ 610.399453] The buggy address is located 0 bytes inside of <3>[ 610.399453] 128-byte region [ffff0000073e1700, ffff0000073e1780) <3>[ 610.401108] <3>[ 610.402287] The buggy address belongs to the physical page: <4>[ 610.403197] page:00000000beb18009 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x473e1 <3>[ 636.505626] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: <4>[ 636.507902] flags: 0x3fffc0000000200(slab|node=0|zone=0|lastcpupid=0xffff) <4>[ 636.508426] raw: 03fffc0000000200 0000000000000000 dead000000000001 ffff000006802300 <4>[ 636.508739] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 <4>[ 636.508937] page dumped because: kasan: bad access detected <3>[ 636.509082] <3>[ 636.509169] Memory state around the buggy address: <3>[ 636.509379] ffff0000073e1600: 00 00 07 fc fc fc fc fc fc fc fc fc fc fc fc fc <3>[ 636.509633] ffff0000073e1680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc <3>[ 636.509864] >ffff0000073e1700: 00 05 fc fc fc fc fc fc fc fc fc fc fc fc fc fc <3>[ 636.517622] rcu: 0-...!: (17 ticks this GP) idle=f53/1/0x4000000000000000 softirq=982/985 fqs=5 <3>[ 636.518384] ^ <4>[ 636.519388] (detected by 1, t=6535 jiffies, g=641, q=3 ncpus=2) <3>[ 636.519922] ffff0000073e1780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc <6>[ 636.521577] Task dump for CPU 0: <6>[ 636.522233] task:kunit_try_catch state:R running task stack: 0 pid: 268 ppid: 2 flags:0x00000008 <6>[ 636.523958] Call trace: <6>[ 636.524499] __switch_to+0x140/0x1e0 <6>[ 636.525355] kmalloc_oob_16+0xf8/0x260 <3>[ 636.525462] ffff0000073e1800: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc <6>[ 636.525663] kunit_try_run_case+0x8c/0x124 <6>[ 636.526195] kunit_generic_run_threadfn_adapter+0x38/0x54 <3>[ 636.527039] ================================================================== <6>[ 636.527586] kthread+0x160/0x170 <6>[ 636.529709] ret_from_fork+0x10/0x20 <3>[ 636.530666] rcu: rcu_preempt kthread timer wakeup didn't happen for 6524 jiffies! g641 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 <3>[ 636.532255] rcu: Possible timer handling issue on cpu=1 timer-softirq=2755 <3>[ 636.533343] rcu: rcu_preempt kthread starved for 6525 jiffies! g641 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=1 <6>[ 663.952374] ok 15 - kmalloc_oob_16 <3>[ 663.958068] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. <3>[ 663.958253] rcu: RCU grace-period kthread stack dump: <6>[ 663.958357] task:rcu_preempt state:R stack: 0 pid: 16 ppid: 2 flags:0x00000008 <6>[ 663.958683] Call trace: <6>[ 663.958772] __switch_to+0x140/0x1e0 <6>[ 663.959049] __schedule+0x4f4/0xc74 <6>[ 663.959306] schedule+0x88/0x13c <6>[ 663.959543] schedule_timeout+0x104/0x2b0 <6>[ 663.959860] rcu_gp_fqs_loop+0x1a0/0x784 <6>[ 663.960479] rcu_gp_kthread+0x278/0x3a0 <6>[ 663.960798] kthread+0x160/0x170 <6>[ 663.961124] ret_from_fork+0x10/0x20 <3>[ 663.961482] rcu: Stack dump where RCU GP kthread last ran: <6>[ 663.961606] Task dump for CPU 1: <6>[ 663.961724] task:swapper/1 state:R running task stack: 0 pid: 0 ppid: 1 flags:0x00000008 <6>[ 663.962179] Call trace: <6>[ 663.962294] dump_backtrace+0xb8/0x130 <6>[ 663.962596] show_stack+0x20/0x60 <6>[ 663.962877] sched_show_task+0x2a0/0x2d4 <6>[ 663.963285] dump_cpu_task+0x64/0x78 <6>[ 663.963675] rcu_check_gp_kthread_starvation+0x16c/0x198 <6>[ 663.964150] rcu_sched_clock_irq+0x12bc/0x14a4 <6>[ 663.964502] update_process_times+0x90/0xec <6>[ 663.964949] tick_sched_handle+0x70/0xa0 <6>[ 663.965318] tick_sched_timer+0x5c/0xd0 <6>[ 663.965664] __hrtimer_run_queues+0x234/0x5f0 <6>[ 663.965971] hrtimer_interrupt+0x198/0x384 <6>[ 663.966285] arch_timer_handler_virt+0x48/0x60 <6>[ 663.966667] handle_percpu_devid_irq+0xe0/0x300 <6>[ 663.967038] generic_handle_domain_irq+0x50/0x70 <6>[ 663.967479] gic_handle_irq+0x58/0x160 <6>[ 663.967752] call_on_irq_stack+0x2c/0x54 <6>[ 663.968097] do_interrupt_handler+0xc8/0xd0 <6>[ 663.968502] el1_interrupt+0x34/0x60 <6>[ 663.968911] el1h_64_irq_handler+0x18/0x2c <6>[ 663.977972] el1h_64_irq+0x64/0x68 <6>[ 663.978271] arch_local_irq_enable+0xc/0x20 <6>[ 663.978572] default_idle_call+0x5c/0x248 <6>[ 663.978959] do_idle+0x318/0x3a0 <6>[ 663.979278] cpu_startup_entry+0x2c/0x3c <6>[ 663.979624] secondary_start_kernel+0x248/0x274 <6>[ 663.980064] __secondary_switched+0xa0/0xa4 <3>[ 692.787834] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: <3>[ 692.801424] rcu: 0-...!: (1 ticks this GP) idle=f53/1/0x4000000000000000 softirq=989/989 fqs=3 <4>[ 692.802918] (detected by 1, t=7196 jiffies, g=645, q=4 ncpus=2) <6>[ 692.803928] Task dump for CPU 0: <6>[ 692.804638] task:swapper/0 state:R running task stack: 0 pid: 1 ppid: 0 flags:0x0000000a <6>[ 692.806821] Call trace: <6>[ 692.809663] __switch_to+0x140/0x1e0 <6>[ 692.810747] __schedule+0x4f4/0xc74 <6>[ 692.811744] preempt_schedule+0x84/0xe4 <6>[ 692.821744] vprintk_emit+0x144/0x314 <6>[ 692.822718] vprintk_default+0x40/0x4c <6>[ 692.823667] vprintk+0x110/0x130 <6>[ 692.824530] _printk+0xb0/0xe8 <6>[ 692.825414] kunit_print_ok_not_ok+0xd4/0x178 <6>[ 692.826393] kunit_run_tests+0x42c/0x750 <6>[ 692.827328] __kunit_test_suites_init+0x74/0xa0 <6>[ 692.828333] kunit_run_all_tests+0x160/0x380 <6>[ 692.837709] kernel_init_freeable+0x32c/0x388 <6>[ 692.838768] kernel_init+0x2c/0x150 <6>[ 692.839574] ret_from_fork+0x10/0x20 <3>[ 692.853357] rcu: rcu_preempt kthread timer wakeup didn't happen for 7179 jiffies! g645 f0x2 RCU_GP_WAIT_FQS(5) ->state=0x200 <3>[ 692.855016] rcu: Possible timer handling issue on cpu=1 timer-softirq=2760 <3>[ 692.856068] rcu: rcu_preempt kthread starved for 7180 jiffies! g645 f0x2 RCU_GP_WAIT_FQS(5) ->state=0x200 ->cpu=1 <3>[ 692.857902] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. <3>[ 692.859575] rcu: RCU grace-period kthread stack dump: <6>[ 692.864966] task:rcu_preempt state:R stack: 0 pid: 16 ppid: 2 flags:0x00000008 <6>[ 692.866433] Call trace: <6>[ 722.970823] __switch_to+0x140/0x1e0 <6>[ 722.979962] __schedule+0x4f4/0xc74 <6>[ 722.980845] schedule+0x88/0x13c <6>[ 722.981663] schedule_timeout+0x104/0x2b0 <6>[ 722.982655] rcu_gp_fqs_loop+0x1a0/0x784 <6>[ 722.983547] rcu_gp_kthread+0x278/0x3a0 <6>[ 722.984440] kthread+0x160/0x170 <6>[ 722.985300] ret_from_fork+0x10/0x20 <3>[ 722.986202] rcu: Stack dump where RCU GP kthread last ran: <6>[ 722.987056] Task dump for CPU 1: <6>[ 722.987682] task:swapper/1 state:R running task stack: 0 pid: 0 ppid: 1 flags:0x0000000a <6>[ 722.989539] Call trace: <6>[ 722.990100] dump_backtrace+0xb8/0x130 <6>[ 722.990974] show_stack+0x20/0x60 <6>[ 722.991772] sched_show_task+0x2a0/0x2d4 <6>[ 722.992766] dump_cpu_task+0x64/0x78 <6>[ 722.993721] rcu_check_gp_kthread_starvation+0x16c/0x198 <6>[ 722.994924] rcu_sched_clock_irq+0x12bc/0x14a4 <6>[ 722.995908] update_process_times+0x90/0xec <6>[ 722.996954] tick_sched_handle+0x70/0xa0 <6>[ 722.997902] tick_sched_timer+0x5c/0xd0 <6>[ 722.998832] __hrtimer_run_queues+0x234/0x5f0 <6>[ 722.999761] hrtimer_interrupt+0x198/0x384 <6>[ 723.000648] arch_timer_handler_virt+0x48/0x60 <6>[ 723.001675] handle_percpu_devid_irq+0xe0/0x300 <6>[ 723.002686] generic_handle_domain_irq+0x50/0x70 <6>[ 723.003779] gic_handle_irq+0x58/0x160 <6>[ 723.004612] call_on_irq_stack+0x2c/0x54 <6>[ 723.005538] do_interrupt_handler+0xc8/0xd0 <6>[ 723.006556] el1_interrupt+0x34/0x60 <6>[ 723.007499] el1h_64_irq_handler+0x18/0x2c <6>[ 723.008536] el1h_64_irq+0x64/0x68 <6>[ 723.009343] finish_task_switch.isra.0+0xc0/0x33c <6>[ 723.010477] __schedule+0x4f8/0xc74 <6>[ 723.011300] schedule_idle+0x38/0x60 <6>[ 723.012150] do_idle+0x278/0x3a0 <6>[ 723.012974] cpu_startup_entry+0x2c/0x3c <6>[ 723.013902] secondary_start_kernel+0x248/0x274 <6>[ 723.014994] __secondary_switched+0xa0/0xa4 <3>[ 723.104414] ================================================================== <3>[ 754.602721] BUG: KASAN: use-after-free in kmalloc_uaf_16+0x108/0x260 <3>[ 754.603637] Read of size 16 at addr ffff0000076a4b00 by task kunit_try_catch/269 <3>[ 754.604508] <3>[ 754.604821] CPU: 0 PID: 269 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1 <3>[ 754.613119] Hardware name: linux,dummy-virt (DT) <3>[ 754.615175] Call trace: <3>[ 754.615739] dump_backtrace+0xb8/0x130 <3>[ 754.616630] show_stack+0x20/0x60 <3>[ 754.619295] dump_stack_lvl+0x8c/0xb8 <3>[ 754.620222] print_report+0x2e4/0x620 <3>[ 754.621113] kasan_report+0xa8/0x1dc <3>[ 754.622787] __asan_load16+0x8c/0xc0 <3>[ 754.623701] kmalloc_uaf_16+0x108/0x260 <3>[ 754.624570] kunit_try_run_case+0x8c/0x124 <3>[ 754.627291] kunit_generic_run_threadfn_adapter+0x38/0x54 <3>[ 754.628479] kthread+0x160/0x170 <3>[ 754.630072] ret_from_fork+0x10/0x20 <3>[ 754.630993] <3>[ 754.631432] Allocated by task 269: <4>[ 754.632106] kasan_save_stack+0x2c/0x5c <4>[ 754.633004] __kasan_kmalloc+0xac/0x104 <4>[ 754.635764] kmem_cache_alloc_trace+0x1f8/0x3b0 <4>[ 754.636749] kmalloc_uaf_16+0xcc/0x260 <4>[ 754.638380] kunit_try_run_case+0x8c/0x124 <4>[ 754.639350] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 754.640503] kthread+0x160/0x170 <4>[ 754.643091] ret_from_fork+0x10/0x20 <3>[ 754.644003] <3>[ 754.644433] Freed by task 269: <4>[ 754.645069] kasan_save_stack+0x2c/0x5c <4>[ 754.646727] kasan_set_track+0x2c/0x40 <4>[ 754.647618] kasan_set_free_info+0x28/0x50 <4>[ 754.648601] ____kasan_slab_free+0x15c/0x1b4 <4>[ 754.651295] __kasan_slab_free+0x18/0x2c <4>[ 754.652239] slab_free_freelist_hook+0xbc/0x220 <4>[ 754.654100] kfree+0xe0/0x3f0 <4>[ 754.654865] kmalloc_uaf_16+0xec/0x260 <4>[ 754.655715] kunit_try_run_case+0x8c/0x124 <4>[ 754.656664] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 754.659580] kthread+0x160/0x170 <4>[ 754.660432] ret_from_fork+0x10/0x20 <3>[ 787.654942] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: <3>[ 787.657573] <3>[ 787.657705] The buggy address belongs to the object at ffff0000076a4b00 <3>[ 787.657705] which belongs to the cache kmalloc-128 of size 128 <3>[ 787.657963] The buggy address is located 0 bytes inside of <3>[ 787.657963] 128-byte region [ffff0000076a4b00, ffff0000076a4b80) <3>[ 787.658249] <3>[ 787.658352] The buggy address belongs to the physical page: <4>[ 787.658494] page:000000003b08944c refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x476a4 <4>[ 787.658772] flags: 0x3fffc0000000200(slab|node=0|zone=0|lastcpupid=0xffff) <4>[ 787.659202] raw: 03fffc0000000200 dead000000000100 dead000000000122 ffff000006802300 <4>[ 787.659498] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 <4>[ 787.659673] page dumped because: kasan: bad access detected <3>[ 787.669751] rcu: 0-...!: (1 GPs behind) idle=f5b/1/0x4000000000000000 softirq=989/990 fqs=6 <3>[ 787.670378] <3>[ 787.670469] Memory state around the buggy address: <4>[ 787.671365] (detected by 1, t=8260 jiffies, g=649, q=3 ncpus=2) <6>[ 787.671669] Task dump for CPU 0: <3>[ 787.672321] ffff0000076a4a00: 05 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc <6>[ 787.672985] task:kunit_try_catch state:R <3>[ 787.673535] ffff0000076a4a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc <4>[ 787.674313] running task <3>[ 787.674908] >ffff0000076a4b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb <4>[ 787.677098] stack: 0 pid: 269 ppid: 2 flags:0x00000008 <6>[ 787.678109] Call trace: <6>[ 787.678650] __switch_to+0x140/0x1e0 <6>[ 787.679522] kmalloc_uaf_16+0x108/0x260 <6>[ 787.680399] kunit_try_run_case+0x8c/0x124 <3>[ 787.681389] ^ <6>[ 787.681345] kunit_generic_run_threadfn_adapter+0x38/0x54 <3>[ 787.682058] ffff0000076a4b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc <6>[ 787.682666] kthread+0x160/0x170 <3>[ 787.683582] ffff0000076a4c00: 05 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc <6>[ 843.703890] ret_from_fork+0x10/0x20 <3>[ 843.704781] rcu: rcu_preempt kthread timer wakeup didn't happen for 8247 jiffies! g649 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 <3>[ 843.705063] rcu: Possible timer handling issue on cpu=1 timer-softirq=2769 <3>[ 843.705317] rcu: rcu_preempt kthread starved for 8248 jiffies! g649 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=1 <3>[ 843.705600] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. <3>[ 843.705761] rcu: RCU grace-period kthread stack dump: <6>[ 843.705882] task:rcu_preempt state:I stack: 0 pid: 16 ppid: 2 flags:0x00000008 <6>[ 843.706277] Call trace: <6>[ 843.706382] __switch_to+0x140/0x1e0 <6>[ 843.706670] __schedule+0x4f4/0xc74 <6>[ 843.707792] schedule+0x88/0x13c <6>[ 843.708248] schedule_timeout+0x104/0x2b0 <6>[ 843.708931] rcu_gp_fqs_loop+0x1a0/0x784 <6>[ 843.709395] rcu_gp_kthread+0x278/0x3a0 <6>[ 843.709877] kthread+0x160/0x170 <6>[ 843.710353] ret_from_fork+0x10/0x20 <3>[ 843.710837] rcu: Stack dump where RCU GP kthread last ran: <6>[ 843.711118] Task dump for CPU 1: <6>[ 843.711251] task:swapper/1 state:R running task stack: 0 pid: 0 ppid: 1 flags:0x00000008 <6>[ 843.711995] Call trace: <6>[ 843.712117] dump_backtrace+0xb8/0x130 <6>[ 843.712567] show_stack+0x20/0x60 <3>[ 843.715340] ================================================================== <6>[ 843.717388] sched_show_task+0x2a0/0x2d4 <6>[ 843.717706] dump_cpu_task+0x64/0x78 <6>[ 843.718111] rcu_check_gp_kthread_starvation+0x16c/0x198 <6>[ 843.718590] rcu_sched_clock_irq+0x12bc/0x14a4 <6>[ 843.718936] update_process_times+0x90/0xec <6>[ 843.719383] tick_sched_handle+0x70/0xa0 <6>[ 843.719743] tick_sched_timer+0x5c/0xd0 <6>[ 843.720084] __hrtimer_run_queues+0x234/0x5f0 <6>[ 843.720387] hrtimer_interrupt+0x198/0x384 <6>[ 843.720675] arch_timer_handler_virt+0x48/0x60 <6>[ 843.721047] handle_percpu_devid_irq+0xe0/0x300 <6>[ 843.721425] generic_handle_domain_irq+0x50/0x70 <6>[ 843.721859] gic_handle_irq+0x58/0x160 <6>[ 843.722144] call_on_irq_stack+0x2c/0x54 <6>[ 843.722487] do_interrupt_handler+0xc8/0xd0 <6>[ 843.722880] el1_interrupt+0x34/0x60 <6>[ 843.723285] el1h_64_irq_handler+0x18/0x2c <6>[ 843.723727] el1h_64_irq+0x64/0x68 <6>[ 843.723997] arch_local_irq_enable+0xc/0x20 <6>[ 843.724308] default_idle_call+0x5c/0x248 <6>[ 843.724692] do_idle+0x318/0x3a0 <6>[ 843.725008] cpu_startup_entry+0x30/0x3c <6>[ 843.746230] ok 16 - kmalloc_uaf_16 <6>[ 879.843310] secondary_start_kernel+0x248/0x274 <6>[ 879.844977] __secondary_switched+0xa0/0xa4 <3>[ 879.890433] ================================================================== <3>[ 879.891656] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0xd8/0x1e0 <3>[ 879.892974] Write of size 128 at addr ffff00000769d700 by task kunit_try_catch/270 <3>[ 879.894220] <3>[ 879.894687] CPU: 0 PID: 270 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1 <3>[ 879.896019] Hardware name: linux,dummy-virt (DT) <3>[ 879.897055] Call trace: <3>[ 879.897721] dump_backtrace+0xb8/0x130 <3>[ 879.898785] show_stack+0x20/0x60 <3>[ 879.902615] dump_stack_lvl+0x8c/0xb8 <3>[ 879.903710] print_report+0x2e4/0x620 <3>[ 879.904776] kasan_report+0xa8/0x1dc <3>[ 879.906647] kasan_check_range+0xf8/0x1a0 <3>[ 917.394071] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: <3>[ 917.405615] memset+0x54/0x90 <3>[ 917.406455] rcu: 0-...!: (4 ticks this GP) idle=f73/1/0x4000000000000000 softirq=994/997 fqs=1 <3>[ 917.406873] kmalloc_oob_in_memset+0xd8/0x1e0 <4>[ 917.407889] (detected by 1, t=9376 jiffies, g=661, q=1 ncpus=2) <3>[ 917.408433] kunit_try_run_case+0x8c/0x124 <6>[ 917.409181] Task dump for CPU 0: <3>[ 917.409724] kunit_generic_run_threadfn_adapter+0x38/0x54 <6>[ 917.410304] task:kunit_try_catch state:R running task <3>[ 917.411000] kthread+0x160/0x170 <4>[ 917.411836] stack: 0 pid: 270 ppid: 2 flags:0x00000008 <3>[ 917.412291] ret_from_fork+0x10/0x20 <6>[ 917.413027] Call trace: <3>[ 917.413557] <3>[ 917.413657] Allocated by task 270: <4>[ 917.413810] kasan_save_stack+0x2c/0x5c <4>[ 917.414159] __kasan_kmalloc+0xac/0x104 <4>[ 917.414481] kmem_cache_alloc_trace+0x1f8/0x3b0 <4>[ 917.414812] kmalloc_oob_in_memset+0xa0/0x1e0 <4>[ 917.415147] kunit_try_run_case+0x8c/0x124 <4>[ 917.415495] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 917.415919] kthread+0x160/0x170 <4>[ 917.416224] ret_from_fork+0x10/0x20 <3>[ 917.416545] <3>[ 917.416640] The buggy address belongs to the object at ffff00000769d700 <3>[ 917.416640] which belongs to the cache kmalloc-128 of size 128 <3>[ 917.416882] The buggy address is located 0 bytes inside of <3>[ 917.416882] 128-byte region [ffff00000769d700, ffff00000769d780) <3>[ 917.417171] <3>[ 917.417274] The buggy address belongs to the physical page: <4>[ 917.417406] page:00000000ffd3bac3 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4769d <4>[ 917.417675] flags: 0x3fffc0000000200(slab|node=0|zone=0|lastcpupid=0xffff) <4>[ 917.418115] raw: 03fffc0000000200 fffffc00001da440 dead000000000004 ffff000006802300 <4>[ 917.418417] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 <4>[ 917.418601] page dumped because: kasan: bad access detected <3>[ 917.418746] <3>[ 917.418830] Memory state around the buggy address: <3>[ 917.419018] ffff00000769d600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc <3>[ 917.419274] ffff00000769d680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc <3>[ 917.419530] >ffff00000769d700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc <3>[ 917.419724] ^ <3>[ 917.419932] ffff00000769d780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc <3>[ 917.420193] ffff00000769d800: 00 00 07 fc fc fc fc fc fc fc fc fc fc fc fc fc <3>[ 917.420386] ================================================================== <6>[ 917.425955] ok 17 - kmalloc_oob_in_memset <6>[ 917.429346] __switch_to+0x140/0x1e0 <6>[ 917.429668] __schedule+0x4f4/0xc74 <6>[ 917.429951] preempt_schedule+0x84/0xe4 <6>[ 956.565200] _raw_spin_unlock_irqrestore+0x74/0x84 <3>[ 956.567045] rcu: rcu_preempt kthread timer wakeup didn't happen for 19165 jiffies! g661 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 <3>[ 956.568648] rcu: Possible timer handling issue on cpu=1 timer-softirq=2771 <3>[ 956.570322] rcu: rcu_preempt kthread starved for 19167 jiffies! g661 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=1 <3>[ 956.571855] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. <3>[ 956.573115] rcu: RCU grace-period kthread stack dump: <6>[ 956.574401] task:rcu_preempt state:I stack: 0 pid: 16 ppid: 2 flags:0x00000008 <6>[ 956.575831] Call trace: <6>[ 956.576368] __switch_to+0x140/0x1e0 <6>[ 956.577231] __schedule+0x4f4/0xc74 <6>[ 956.578549] schedule+0x88/0x13c <6>[ 956.579351] schedule_timeout+0x104/0x2b0 <6>[ 956.580311] rcu_gp_fqs_loop+0x1a0/0x784 <6>[ 956.581209] rcu_gp_kthread+0x278/0x3a0 <6>[ 956.582583] kthread+0x160/0x170 <6>[ 956.583420] ret_from_fork+0x10/0x20 <3>[ 956.584304] rcu: Stack dump where RCU GP kthread last ran: <6>[ 997.308036] Task dump for CPU 1: <6>[ 997.308746] task:swapper/1 state:R running task stack: 0 pid: 0 ppid: 1 flags:0x0000000a <6>[ 997.311379] Call trace: <6>[ 997.311940] dump_backtrace+0xb8/0x130 <6>[ 997.312832] show_stack+0x20/0x60 <6>[ 997.315299] sched_show_task+0x2a0/0x2d4 <6>[ 997.316323] dump_cpu_task+0x64/0x78 <6>[ 997.317275] rcu_check_gp_kthread_starvation+0x16c/0x198 <6>[ 997.318939] rcu_sched_clock_irq+0x12bc/0x14a4 <6>[ 997.319923] update_process_times+0x90/0xec <6>[ 997.320972] tick_sched_handle+0x70/0xa0 <6>[ 997.323565] tick_sched_timer+0x5c/0xd0 <6>[ 997.324503] __hrtimer_run_queues+0x234/0x5f0 <6>[ 997.325898] hrtimer_interrupt+0x198/0x384 <6>[ 997.326824] arch_timer_handler_virt+0x48/0x60 <6>[ 997.327847] handle_percpu_devid_irq+0xe0/0x300 <6>[ 997.328849] generic_handle_domain_irq+0x50/0x70 <6>[ 997.331532] gic_handle_irq+0x58/0x160 <6>[ 997.332387] call_on_irq_stack+0x2c/0x54 <6>[ 997.333753] do_interrupt_handler+0xc8/0xd0 <6>[ 997.334808] el1_interrupt+0x34/0x60 <6>[ 997.335768] el1h_64_irq_handler+0x18/0x2c <6>[ 997.336807] el1h_64_irq+0x64/0x68 <6>[ 997.339160] arch_local_irq_enable+0xc/0x20 <6>[ 997.340106] default_idle_call+0x5c/0x248 <6>[ 997.341072] do_idle+0x318/0x3a0 <6>[ 997.342364] cpu_startup_entry+0x2c/0x3c <6>[ 997.343294] secondary_start_kernel+0x248/0x274 <6>[ 997.344374] __secondary_switched+0xa0/0xa4 <3>[ 997.380374] ================================================================== <3>[ 997.383701] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0xdc/0x1e0 <3>[ 997.385039] Write of size 2 at addr ffff000007691e77 by task kunit_try_catch/271 <3>[ 997.390608] <3>[ 997.391158] CPU: 0 PID: 271 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1 <3>[ 997.395095] Hardware name: linux,dummy-virt (DT) <3>[ 997.395932] Call trace: <3>[ 997.396483] dump_backtrace+0xb8/0x130 <3>[ 1039.694374] show_stack+0x20/0x60 <3>[ 1039.694505] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: <3>[ 1039.694702] dump_stack_lvl+0x8c/0xb8 <3>[ 1039.695260] rcu: 0-...!: (1 GPs behind) idle=fd7/1/0x4000000000000000 softirq=1016/1017 fqs=2 <3>[ 1039.695973] print_report+0x2e4/0x620 <4>[ 1039.696511] (detected by 1, t=10579 jiffies, g=673, q=2 ncpus=2) <3>[ 1039.697475] kasan_report+0xa8/0x1dc <6>[ 1039.698016] Task dump for CPU 0: <3>[ 1039.698726] kasan_check_range+0xf8/0x1a0 <3>[ 1039.699259] memset+0x54/0x90 <3>[ 1039.699746] kmalloc_oob_memset_2+0xdc/0x1e0 <3>[ 1039.700258] kunit_try_run_case+0x8c/0x124 <3>[ 1039.700750] kunit_generic_run_threadfn_adapter+0x38/0x54 <6>[ 1039.703971] task:kunit_try_catch state:R running task stack: 0 pid: 271 ppid: 2 flags:0x00000008 <3>[ 1039.704721] kthread+0x160/0x170 <6>[ 1039.705441] Call trace: <3>[ 1039.706517] ret_from_fork+0x10/0x20 <3>[ 1039.707015] <6>[ 1039.707370] __switch_to+0x140/0x1e0 <3>[ 1039.707870] Allocated by task 271: <6>[ 1039.708225] 0x1300dc342ef10c00 <4>[ 1039.708657] kasan_save_stack+0x2c/0x5c <4>[ 1039.709146] __kasan_kmalloc+0xac/0x104 <3>[ 1039.709655] rcu: rcu_preempt kthread timer wakeup didn't happen for 10574 jiffies! g673 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 <4>[ 1039.710159] kmem_cache_alloc_trace+0x1f8/0x3b0 <3>[ 1039.710698] rcu: Possible timer handling issue on cpu=1 timer-softirq=2775 <4>[ 1039.711918] kmalloc_oob_memset_2+0xa0/0x1e0 <3>[ 1039.712521] rcu: rcu_preempt kthread starved for 10575 jiffies! g673 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=1 <4>[ 1039.713352] kunit_try_run_case+0x8c/0x124 <4>[ 1039.714905] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 1039.717183] kthread+0x160/0x170 <4>[ 1039.718867] ret_from_fork+0x10/0x20 <3>[ 1039.720805] <3>[ 1039.721471] The buggy address belongs to the object at ffff000007691e00 <3>[ 1039.721471] which belongs to the cache kmalloc-128 of size 128 <3>[ 1039.723138] The buggy address is located 119 bytes inside of <3>[ 1039.723138] 128-byte region [ffff000007691e00, ffff000007691e80) <3>[ 1039.733732] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. <3>[ 1039.734875] <3>[ 1039.734973] The buggy address belongs to the physical page: <3>[ 1039.735431] rcu: RCU grace-period kthread stack dump: <4>[ 1039.736113] page:00000000af33b75c refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x47691 <6>[ 1039.736561] task:rcu_preempt state:I <4>[ 1039.737047] flags: 0x3fffc0000000200(slab|node=0|zone=0|lastcpupid=0xffff) <4>[ 1039.737600] raw: 03fffc0000000200 fffffc00001cfcc0 dead000000000003 ffff000006802300 <4>[ 1039.738770] stack: 0 pid: 16 ppid: 2 flags:0x00000008 <4>[ 1112.371401] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 <4>[ 1112.372352] page dumped because: kasan: bad access detected <3>[ 1112.373175] <3>[ 1112.373285] Memory state around the buggy address: <3>[ 1112.373481] ffff000007691d00: 00 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc <3>[ 1112.373776] ffff000007691d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc <3>[ 1112.374040] >ffff000007691e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc <3>[ 1112.374272] ^ <3>[ 1112.374483] ffff000007691e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc <3>[ 1112.374772] ffff000007691f00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc <3>[ 1112.374965] ================================================================== <6>[ 1112.383879] ok 18 - kmalloc_oob_memset_2 <6>[ 1112.384766] Call trace: <6>[ 1112.385201] __switch_to+0x140/0x1e0 <6>[ 1112.406928] __schedule+0x4f4/0xc74 <6>[ 1112.407991] schedule+0x88/0x13c <6>[ 1112.409814] schedule_timeout+0x104/0x2b0 <6>[ 1112.410823] rcu_gp_fqs_loop+0x1a0/0x784 <6>[ 1112.411711] rcu_gp_kthread+0x278/0x3a0 <6>[ 1112.412605] kthread+0x160/0x170 <6>[ 1158.176452] ret_from_fork+0x10/0x20 <3>[ 1158.182111] rcu: Stack dump where RCU GP kthread last ran: <6>[ 1158.185656] Task dump for CPU 1: <6>[ 1158.194136] task:swapper/1 state:R running task stack: 0 pid: 0 ppid: 1 flags:0x0000000a <6>[ 1158.195866] Call trace: <6>[ 1158.196408] dump_backtrace+0xb8/0x130 <6>[ 1158.197755] show_stack+0x20/0x60 <6>[ 1158.198609] sched_show_task+0x2a0/0x2d4 <6>[ 1158.199610] dump_cpu_task+0x64/0x78 <6>[ 1158.200545] rcu_check_gp_kthread_starvation+0x16c/0x198 <6>[ 1158.202249] rcu_sched_clock_irq+0x12bc/0x14a4 <6>[ 1158.203253] update_process_times+0x90/0xec <6>[ 1158.204305] tick_sched_handle+0x70/0xa0 <6>[ 1158.205240] tick_sched_timer+0x5c/0xd0 <6>[ 1158.206647] __hrtimer_run_queues+0x234/0x5f0 <6>[ 1158.207582] hrtimer_interrupt+0x198/0x384 <6>[ 1158.208481] arch_timer_handler_virt+0x48/0x60 <6>[ 1158.209951] handle_percpu_devid_irq+0xe0/0x300 <6>[ 1158.210986] generic_handle_domain_irq+0x50/0x70 <6>[ 1158.212091] gic_handle_irq+0x58/0x160 <6>[ 1158.212935] call_on_irq_stack+0x2c/0x54 <6>[ 1158.214334] do_interrupt_handler+0xc8/0xd0 <6>[ 1158.215363] el1_interrupt+0x34/0x60 <6>[ 1158.216309] el1h_64_irq_handler+0x18/0x2c <6>[ 1158.217793] el1h_64_irq+0x64/0x68 <6>[ 1158.218638] arch_local_irq_enable+0xc/0x20 <6>[ 1158.219553] default_idle_call+0x5c/0x248 <6>[ 1158.220518] do_idle+0x318/0x3a0 <6>[ 1158.221796] cpu_startup_entry+0x2c/0x3c <6>[ 1158.222760] secondary_start_kernel+0x248/0x274 <6>[ 1158.223841] __secondary_switched+0xa0/0xa4 <3>[ 1158.301121] ================================================================== <3>[ 1158.303863] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0xdc/0x1e0 <3>[ 1158.310412] Write of size 4 at addr ffff0000076a1075 by task kunit_try_catch/272 <3>[ 1158.311609] <3>[ 1158.312071] CPU: 0 PID: 272 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1 <3>[ 1158.313414] Hardware name: linux,dummy-virt (DT) <3>[ 1205.751516] Call trace: <3>[ 1205.751581] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: <3>[ 1205.751778] rcu: 0-...!: (0 ticks this GP) idle=017/1/0x4000000000000000 softirq=1019/1019 fqs=0 <4>[ 1205.752150] (detected by 1, t=11863 jiffies, g=677, q=4 ncpus=2) <3>[ 1205.752833] dump_backtrace+0xb8/0x130 <6>[ 1205.753888] Task dump for CPU 0: <3>[ 1205.754607] show_stack+0x20/0x60 <6>[ 1205.755135] task:kunit_try_catch state:R <3>[ 1205.755582] dump_stack_lvl+0x8c/0xb8 <3>[ 1205.756062] print_report+0x2e4/0x620 <4>[ 1205.756603] running task <3>[ 1205.757096] kasan_report+0xa8/0x1dc <3>[ 1205.757623] kasan_check_range+0xf8/0x1a0 <3>[ 1205.758148] memset+0x54/0x90 <3>[ 1205.758659] kmalloc_oob_memset_4+0xdc/0x1e0 <3>[ 1205.759172] kunit_try_run_case+0x8c/0x124 <3>[ 1205.759662] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 1205.760688] stack: 0 pid: 272 ppid: 2 flags:0x00000008 <3>[ 1205.761341] kthread+0x160/0x170 <3>[ 1205.761624] ret_from_fork+0x10/0x20 <3>[ 1205.761911] <3>[ 1205.762108] Allocated by task 272: <4>[ 1205.762244] kasan_save_stack+0x2c/0x5c <4>[ 1205.764638] __kasan_kmalloc+0xac/0x104 <4>[ 1205.766406] kmem_cache_alloc_trace+0x1f8/0x3b0 <4>[ 1205.768907] kmalloc_oob_memset_4+0xa0/0x1e0 <6>[ 1205.771378] Call trace: <4>[ 1205.771840] kunit_try_run_case+0x8c/0x124 <4>[ 1205.772353] kunit_generic_run_threadfn_adapter+0x38/0x54 <6>[ 1205.773135] __switch_to+0x140/0x1e0 <4>[ 1205.773673] kthread+0x160/0x170 <6>[ 1205.774225] 0xffff480693ab4500 <4>[ 1205.774804] ret_from_fork+0x10/0x20 <3>[ 1205.775411] rcu: rcu_preempt kthread timer wakeup didn't happen for 11862 jiffies! g677 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 <3>[ 1205.775770] <3>[ 1205.776300] rcu: Possible timer handling issue on cpu=0 timer-softirq=962 <3>[ 1205.776961] The buggy address belongs to the object at ffff0000076a1000 <3>[ 1205.776961] which belongs to the cache kmalloc-128 of size 128 <3>[ 1205.798058] rcu: rcu_preempt kthread starved for 11863 jiffies! g677 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=0 <3>[ 1205.798469] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. <3>[ 1205.798730] rcu: RCU grace-period kthread stack dump: <6>[ 1205.798866] task:rcu_preempt state:I stack: 0 pid: 16 ppid: 2 flags:0x00000008 <6>[ 1205.799245] Call trace: <6>[ 1205.799353] __switch_to+0x140/0x1e0 <6>[ 1205.799669] __schedule+0x4f4/0xc74 <6>[ 1205.799965] schedule+0x88/0x13c <6>[ 1205.800250] schedule_timeout+0x104/0x2b0 <6>[ 1205.800614] rcu_gp_fqs_loop+0x1a0/0x784 <6>[ 1205.800925] rcu_gp_kthread+0x278/0x3a0 <6>[ 1205.801247] kthread+0x160/0x170 <6>[ 1205.801579] ret_from_fork+0x10/0x20 <3>[ 1205.801909] rcu: Stack dump where RCU GP kthread last ran: <6>[ 1205.802038] Task dump for CPU 0: <6>[ 1205.802155] task:kunit_try_catch state:R running task stack: 0 pid: 272 ppid: 2 flags:0x00000008 <6>[ 1205.802595] Call trace: <6>[ 1205.802700] __switch_to+0x140/0x1e0 <6>[ 1205.803000] 0xffff480693ab4500 <3>[ 1255.138631] The buggy address is located 117 bytes inside of <3>[ 1255.138631] 128-byte region [ffff0000076a1000, ffff0000076a1080) <3>[ 1255.140350] <3>[ 1255.140782] The buggy address belongs to the physical page: <4>[ 1255.143732] page:00000000c43a6e75 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x476a1 <4>[ 1255.145175] flags: 0x3fffc0000000200(slab|node=0|zone=0|lastcpupid=0xffff) <4>[ 1255.146506] raw: 03fffc0000000200 0000000000000000 dead000000000001 ffff000006802300 <4>[ 1255.147778] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 <4>[ 1255.148937] page dumped because: kasan: bad access detected <3>[ 1255.151969] <3>[ 1255.152425] Memory state around the buggy address: <3>[ 1255.153311] ffff0000076a0f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 <3>[ 1255.154492] ffff0000076a0f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc <3>[ 1306.226237] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: <3>[ 1306.240532] >ffff0000076a1000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc <3>[ 1306.240780] ^ <3>[ 1306.240991] ffff0000076a1080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc <3>[ 1306.241247] ffff0000076a1100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb <3>[ 1306.241454] ================================================================== <4>[ 1306.252116] (detected by 1, t=36987 jiffies, g=680, q=2 ncpus=2) <3>[ 1306.253223] rcu: INFO: Stall ended before state dump start <6>[ 1306.261069] ok 19 - kmalloc_oob_memset_4 <3>[ 1306.282426] ================================================================== <3>[ 1306.284710] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0xdc/0x1e0 <3>[ 1306.289710] Write of size 8 at addr ffff00000789ac71 by task kunit_try_catch/273 <3>[ 1306.291223] <3>[ 1306.291772] CPU: 1 PID: 273 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1 <3>[ 1306.295700] Hardware name: linux,dummy-virt (DT) <3>[ 1306.296743] Call trace: <3>[ 1306.297427] dump_backtrace+0xb8/0x130 <3>[ 1306.298524] show_stack+0x20/0x60 <3>[ 1306.299337] dump_stack_lvl+0x8c/0xb8 <3>[ 1306.300224] print_report+0x2e4/0x620 <3>[ 1306.301123] kasan_report+0xa8/0x1dc <3>[ 1306.304201] kasan_check_range+0xf8/0x1a0 <3>[ 1306.305193] memset+0x54/0x90 <3>[ 1306.306060] kmalloc_oob_memset_8+0xdc/0x1e0 <3>[ 1306.307015] kunit_try_run_case+0x8c/0x124 <3>[ 1306.307968] kunit_generic_run_threadfn_adapter+0x38/0x54 <3>[ 1306.309142] kthread+0x160/0x170 <3>[ 1306.312249] ret_from_fork+0x10/0x20 <3>[ 1306.313143] <3>[ 1306.313596] Allocated by task 273: <4>[ 1306.314274] kasan_save_stack+0x2c/0x5c <4>[ 1306.315186] __kasan_kmalloc+0xac/0x104 <4>[ 1306.316069] kmem_cache_alloc_trace+0x1f8/0x3b0 <4>[ 1306.317039] kmalloc_oob_memset_8+0xa0/0x1e0 <4>[ 1306.320187] kunit_try_run_case+0x8c/0x124 <3>[ 1359.275068] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: <4>[ 1359.290335] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 1359.290879] kthread+0x160/0x170 <4>[ 1359.291202] ret_from_fork+0x10/0x20 <3>[ 1359.291530] <3>[ 1359.291621] The buggy address belongs to the object at ffff00000789ac00 <3>[ 1359.291621] which belongs to the cache kmalloc-128 of size 128 <3>[ 1359.291879] The buggy address is located 113 bytes inside of <3>[ 1359.291879] 128-byte region [ffff00000789ac00, ffff00000789ac80) <3>[ 1359.292163] <3>[ 1359.292265] The buggy address belongs to the physical page: <4>[ 1359.292418] page:00000000fce45ea4 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4789a <4>[ 1359.292696] flags: 0x3fffc0000000200(slab|node=0|zone=0|lastcpupid=0xffff) <4>[ 1359.293122] raw: 03fffc0000000200 0000000000000000 dead000000000001 ffff000006802300 <3>[ 1359.309524] rcu: 1-...!: (1 GPs behind) idle=155/1/0x4000000000000000 softirq=891/892 fqs=4 <4>[ 1359.309943] (detected by 0, t=13247 jiffies, g=685, q=3 ncpus=2) <6>[ 1359.310189] Task dump for CPU 1: <6>[ 1359.310310] task:kunit_try_catch state:R running task stack: 0 pid: 273 ppid: 2 flags:0x0000000a <6>[ 1359.310777] Call trace: <6>[ 1359.310886] __switch_to+0x140/0x1e0 <6>[ 1359.311210] 0xffff9fa911a61800 <3>[ 1359.311485] rcu: rcu_preempt kthread timer wakeup didn't happen for 13238 jiffies! g685 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 <3>[ 1359.311772] rcu: Possible timer handling issue on cpu=0 timer-softirq=969 <3>[ 1359.311937] rcu: rcu_preempt kthread starved for 13239 jiffies! g685 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=0 <3>[ 1359.312217] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. <3>[ 1359.312383] rcu: RCU grace-period kthread stack dump: <6>[ 1359.312506] task:rcu_preempt state:I stack: 0 pid: 16 ppid: 2 flags:0x00000008 <6>[ 1359.312844] Call trace: <6>[ 1359.312957] __switch_to+0x140/0x1e0 <6>[ 1359.313271] __schedule+0x4f4/0xc74 <6>[ 1359.313577] schedule+0x88/0x13c <6>[ 1359.313854] schedule_timeout+0x104/0x2b0 <6>[ 1359.314247] rcu_gp_fqs_loop+0x1a0/0x784 <6>[ 1359.314548] rcu_gp_kthread+0x278/0x3a0 <6>[ 1359.314872] kthread+0x160/0x170 <6>[ 1359.315198] ret_from_fork+0x10/0x20 <3>[ 1359.315536] rcu: Stack dump where RCU GP kthread last ran: <6>[ 1359.315658] Task dump for CPU 0: <6>[ 1359.315784] task:swapper/0 state:R running task stack: 0 pid: 0 ppid: 0 flags:0x00000008 <6>[ 1359.316224] Call trace: <6>[ 1359.316337] dump_backtrace+0xb8/0x130 <6>[ 1359.316642] show_stack+0x20/0x60 <6>[ 1359.316923] sched_show_task+0x2a0/0x2d4 <4>[ 1359.326342] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 <4>[ 1359.326581] page dumped because: kasan: bad access detected <3>[ 1359.326730] <3>[ 1359.326816] Memory state around the buggy address: <3>[ 1359.327009] ffff00000789ab00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb <3>[ 1359.327266] ffff00000789ab80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc <3>[ 1359.327521] >ffff00000789ac00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc <3>[ 1359.327708] ^ <3>[ 1359.327914] ffff00000789ac80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc <3>[ 1359.328169] ffff00000789ad00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb <3>[ 1359.328364] ================================================================== <3>[ 1414.192806] rcu: INFO: rcu_preempt self-detected stall on CPU <6>[ 1414.205331] dump_cpu_task+0x64/0x78 <3>[ 1414.206335] rcu: 1-...!: (1 ticks this GP) idle=15f/0/0x1 softirq=896/896 fqs=0 <6>[ 1414.207366] rcu_check_gp_kthread_starvation+0x16c/0x198 <4>[ 1414.208648] (t=13729 jiffies g=689 q=1 ncpus=2) <6>[ 1414.209036] rcu_sched_clock_irq+0x12bc/0x14a4 <3>[ 1414.210023] rcu: rcu_preempt kthread timer wakeup didn't happen for 13728 jiffies! g689 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 <3>[ 1414.210431] rcu: Possible timer handling issue on cpu=1 timer-softirq=2784 <6>[ 1414.210899] update_process_times+0x90/0xec <3>[ 1414.211412] rcu: rcu_preempt kthread starved for 13729 jiffies! g689 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=1 <6>[ 1414.211868] tick_sched_handle+0x70/0xa0 <3>[ 1414.212411] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. <6>[ 1414.212935] tick_sched_timer+0x5c/0xd0 <6>[ 1414.221316] __hrtimer_run_queues+0x234/0x5f0 <3>[ 1414.222139] rcu: RCU grace-period kthread stack dump: <6>[ 1414.222974] hrtimer_interrupt+0x198/0x384 <6>[ 1414.223818] task:rcu_preempt state:I <6>[ 1414.224630] arch_timer_handler_virt+0x48/0x60 <4>[ 1414.225495] stack: 0 pid: 16 ppid: 2 flags:0x00000008 <6>[ 1414.226323] handle_percpu_devid_irq+0xe0/0x300 <6>[ 1507.290991] Call trace: <6>[ 1507.291164] __switch_to+0x140/0x1e0 <6>[ 1507.294659] __schedule+0x4f4/0xc74 <6>[ 1507.294959] schedule+0x88/0x13c <6>[ 1507.295244] schedule_timeout+0x104/0x2b0 <6>[ 1507.295608] rcu_gp_fqs_loop+0x1a0/0x784 <6>[ 1507.295898] rcu_gp_kthread+0x278/0x3a0 <6>[ 1507.296220] kthread+0x160/0x170 <6>[ 1507.297296] ret_from_fork+0x10/0x20 <3>[ 1507.298799] rcu: Stack dump where RCU GP kthread last ran: <6>[ 1507.298907] Task dump for CPU 1: <6>[ 1507.298995] task:swapper/1 state:R running task stack: 0 pid: 0 ppid: 1 flags:0x00000008 <6>[ 1507.299244] Call trace: <6>[ 1507.299301] dump_backtrace+0xb8/0x130 <6>[ 1507.299462] show_stack+0x20/0x60 <6>[ 1507.299600] sched_show_task+0x2a0/0x2d4 <6>[ 1507.299802] dump_cpu_task+0x64/0x78 <6>[ 1507.299990] rcu_check_gp_kthread_starvation+0x16c/0x198 <6>[ 1507.300219] rcu_sched_clock_irq+0xf9c/0x14a4 <6>[ 1507.300387] update_process_times+0x90/0xec <6>[ 1507.300599] tick_sched_handle+0x70/0xa0 <6>[ 1507.300770] tick_sched_timer+0x5c/0xd0 <6>[ 1507.300944] __hrtimer_run_queues+0x234/0x5f0 <6>[ 1507.301093] hrtimer_interrupt+0x198/0x384 <6>[ 1507.301245] arch_timer_handler_virt+0x48/0x60 <6>[ 1507.302080] generic_handle_domain_irq+0x50/0x70 <6>[ 1507.302698] gic_handle_irq+0x58/0x160 <6>[ 1507.303471] handle_percpu_devid_irq+0xe0/0x300 <6>[ 1507.304140] call_on_irq_stack+0x2c/0x54 <6>[ 1507.304744] generic_handle_domain_irq+0x50/0x70 <6>[ 1507.305370] do_interrupt_handler+0xc8/0xd0 <6>[ 1507.305789] el1_interrupt+0x34/0x60 <6>[ 1507.306213] el1h_64_irq_handler+0x18/0x2c <6>[ 1507.306650] el1h_64_irq+0x64/0x68 <6>[ 1507.306930] arch_local_irq_enable+0xc/0x20 <6>[ 1507.307231] default_idle_call+0x5c/0x248 <6>[ 1507.307618] do_idle+0x318/0x3a0 <6>[ 1507.307936] cpu_startup_entry+0x30/0x3c <6>[ 1507.308278] kernel_init+0x0/0x150 <6>[ 1507.308536] arch_post_acpi_subsys_init+0x0/0x28 <6>[ 1507.308946] start_kernel+0x3b0/0x3e4 <6>[ 1507.309316] __primary_switched+0xc4/0xcc <6>[ 1507.318894] ok 20 - kmalloc_oob_memset_8 <6>[ 1507.325782] gic_handle_irq+0x58/0x160 <6>[ 1507.326106] call_on_irq_stack+0x2c/0x54 <6>[ 1566.060799] do_interrupt_handler+0xc8/0xd0 <6>[ 1566.062629] el1_interrupt+0x34/0x60 <6>[ 1566.063618] el1h_64_irq_handler+0x18/0x2c <6>[ 1566.064652] el1h_64_irq+0x64/0x68 <6>[ 1566.066189] arch_local_irq_enable+0xc/0x20 <6>[ 1566.067119] default_idle_call+0x5c/0x248 <6>[ 1566.068104] do_idle+0x318/0x3a0 <6>[ 1566.068922] cpu_startup_entry+0x30/0x3c <6>[ 1626.749412] secondary_start_kernel+0x248/0x274 <6>[ 1626.750479] __secondary_switched+0xa0/0xa4 <6>[ 1626.751195] Task dump for CPU 1: <6>[ 1626.751657] task:swapper/1 state:R running task stack: 0 pid: 0 ppid: 1 flags:0x0000000a <6>[ 1626.752893] Call trace: <6>[ 1626.753334] dump_backtrace+0xb8/0x130 <6>[ 1626.754317] show_stack+0x20/0x60 <6>[ 1626.755135] sched_show_task+0x2a0/0x2d4 <6>[ 1626.756133] dump_cpu_task+0x64/0x78 <6>[ 1626.757057] rcu_dump_cpu_stacks+0x144/0x18c <6>[ 1626.758852] rcu_sched_clock_irq+0xfbc/0x14a4 <6>[ 1626.759831] update_process_times+0x90/0xec <6>[ 1626.760881] tick_sched_handle+0x70/0xa0 <6>[ 1626.762543] tick_sched_timer+0x5c/0xd0 <6>[ 1626.763485] __hrtimer_run_queues+0x234/0x5f0 <6>[ 1626.764417] hrtimer_interrupt+0x198/0x384 <6>[ 1626.766012] arch_timer_handler_virt+0x48/0x60 <6>[ 1626.767060] handle_percpu_devid_irq+0xe0/0x300 <6>[ 1626.768073] generic_handle_domain_irq+0x50/0x70 <6>[ 1626.769168] gic_handle_irq+0x58/0x160 <6>[ 1626.770760] call_on_irq_stack+0x2c/0x54 <6>[ 1626.771694] do_interrupt_handler+0xc8/0xd0 <6>[ 1626.772708] el1_interrupt+0x34/0x60 <6>[ 1626.774392] el1h_64_irq_handler+0x18/0x2c <6>[ 1626.775461] el1h_64_irq+0x64/0x68 <6>[ 1626.776270] arch_local_irq_enable+0xc/0x20 <6>[ 1626.777181] default_idle_call+0x5c/0x248 <6>[ 1626.778906] do_idle+0x318/0x3a0 <6>[ 1626.779740] cpu_startup_entry+0x30/0x3c <6>[ 1626.780666] secondary_start_kernel+0x248/0x274 <6>[ 1626.782469] __secondary_switched+0xa0/0xa4 <3>[ 1626.838848] ================================================================== <3>[ 1626.840392] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0xdc/0x1e0 <3>[ 1626.844138] Write of size 16 at addr ffff00000769a569 by task kunit_try_catch/274 <3>[ 1626.845397] <3>[ 1626.845865] CPU: 0 PID: 274 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1 <3>[ 1626.847201] Hardware name: linux,dummy-virt (DT) <3>[ 1626.847999] Call trace: <3>[ 1689.456414] dump_backtrace+0xb8/0x130 <3>[ 1689.459737] show_stack+0x20/0x60 <3>[ 1689.460598] dump_stack_lvl+0x8c/0xb8 <3>[ 1689.461531] print_report+0x2e4/0x620 <3>[ 1689.462437] kasan_report+0xa8/0x1dc <3>[ 1689.463317] kasan_check_range+0xf8/0x1a0 <3>[ 1689.464291] memset+0x54/0x90 <3>[ 1689.465145] kmalloc_oob_memset_16+0xdc/0x1e0 <3>[ 1689.466154] kunit_try_run_case+0x8c/0x124 <3>[ 1689.467119] kunit_generic_run_threadfn_adapter+0x38/0x54 <3>[ 1689.468455] kthread+0x160/0x170 <3>[ 1689.469349] ret_from_fork+0x10/0x20 <3>[ 1689.470260] <3>[ 1689.470691] Allocated by task 274: <4>[ 1689.471368] kasan_save_stack+0x2c/0x5c <4>[ 1689.472268] __kasan_kmalloc+0xac/0x104 <4>[ 1689.473160] kmem_cache_alloc_trace+0x1f8/0x3b0 <4>[ 1689.474180] kmalloc_oob_memset_16+0xa0/0x1e0 <4>[ 1689.475135] kunit_try_run_case+0x8c/0x124 <4>[ 1689.476085] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 1689.477233] kthread+0x160/0x170 <4>[ 1689.478086] ret_from_fork+0x10/0x20 <3>[ 1689.478955] <3>[ 1689.479379] The buggy address belongs to the object at ffff00000769a500 <3>[ 1689.479379] which belongs to the cache kmalloc-128 of size 128 <3>[ 1689.481081] The buggy address is located 105 bytes inside of <3>[ 1689.481081] 128-byte region [ffff00000769a500, ffff00000769a580) <3>[ 1689.482760] <3>[ 1689.483203] The buggy address belongs to the physical page: <4>[ 1689.484084] page:0000000096b3938d refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4769a <4>[ 1689.485502] flags: 0x3fffc0000000200(slab|node=0|zone=0|lastcpupid=0xffff) <4>[ 1689.486832] raw: 03fffc0000000200 dead000000000100 dead000000000122 ffff000006802300 <4>[ 1689.488107] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 <4>[ 1689.489280] page dumped because: kasan: bad access detected <3>[ 1689.490179] <3>[ 1689.490605] Memory state around the buggy address: <3>[ 1689.491478] ffff00000769a400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb <3>[ 1754.138789] ffff00000769a480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc <3>[ 1754.140005] >ffff00000769a500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc <3>[ 1754.141193] ^ <3>[ 1754.143569] ffff00000769a580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc <3>[ 1754.146925] ffff00000769a600: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc <3>[ 1754.150175] ================================================================== <6>[ 1754.260968] ok 21 - kmalloc_oob_memset_16 <3>[ 1754.287068] ================================================================== <3>[ 1754.288874] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0xe8/0x1f0 <3>[ 1754.291813] Read of size 18446744073709551614 at addr ffff00000769a404 by task kunit_try_catch/275 <3>[ 1754.293244] <3>[ 1754.295268] CPU: 0 PID: 275 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1 <3>[ 1754.296585] Hardware name: linux,dummy-virt (DT) <3>[ 1754.297926] Call trace: <3>[ 1754.298497] dump_backtrace+0xb8/0x130 <3>[ 1754.299369] show_stack+0x20/0x60 <3>[ 1754.300162] dump_stack_lvl+0x8c/0xb8 <3>[ 1754.301037] print_report+0x2e4/0x620 <3>[ 1754.302345] kasan_report+0xa8/0x1dc <3>[ 1754.303234] kasan_check_range+0xf8/0x1a0 <3>[ 1754.304195] memmove+0x5c/0x110 <3>[ 1754.305051] kmalloc_memmove_negative_size+0xe8/0x1f0 <3>[ 1754.307976] kunit_try_run_case+0x8c/0x124 <3>[ 1754.308931] kunit_generic_run_threadfn_adapter+0x38/0x54 <3>[ 1754.310519] kthread+0x160/0x170 <3>[ 1754.311366] ret_from_fork+0x10/0x20 <3>[ 1754.312241] <3>[ 1754.312664] Allocated by task 275: <4>[ 1754.313704] kasan_save_stack+0x2c/0x5c <4>[ 1754.314634] __kasan_kmalloc+0xac/0x104 <4>[ 1754.315510] kmem_cache_alloc_trace+0x1f8/0x3b0 <4>[ 1754.316459] kmalloc_memmove_negative_size+0xa0/0x1f0 <4>[ 1754.317889] kunit_try_run_case+0x8c/0x124 <4>[ 1754.318864] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 1795.535092] kthread+0x160/0x170 <4>[ 1795.535770] ret_from_fork+0x10/0x20 <3>[ 1795.536418] <3>[ 1795.536762] The buggy address belongs to the object at ffff00000769a400 <3>[ 1795.536762] which belongs to the cache kmalloc-128 of size 128 <3>[ 1795.537699] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: <3>[ 1795.557807] The buggy address is located 4 bytes inside of <3>[ 1795.557807] 128-byte region [ffff00000769a400, ffff00000769a480) <3>[ 1795.564075] rcu: 0-...!: (1 GPs behind) idle=08f/1/0x4000000000000000 softirq=1030/1031 fqs=1 <4>[ 1795.564728] (detected by 1, t=10314 jiffies, g=701, q=3 ncpus=2) <3>[ 1795.572176] <3>[ 1795.572289] The buggy address belongs to the physical page: <6>[ 1795.573202] Task dump for CPU 0: <4>[ 1795.573981] page:0000000096b3938d refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4769a <4>[ 1795.574340] flags: 0x3fffc0000000200(slab|node=0|zone=0|lastcpupid=0xffff) <6>[ 1795.574976] task:kunit_try_catch state:R <4>[ 1795.575596] raw: 03fffc0000000200 dead000000000100 dead000000000122 ffff000006802300 <4>[ 1795.576468] running task <4>[ 1795.577386] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 <4>[ 1795.589462] stack: 0 pid: 275 ppid: 2 flags:0x00000008 <4>[ 1795.590369] page dumped because: kasan: bad access detected <6>[ 1795.590830] Call trace: <3>[ 1795.591693] <3>[ 1795.591782] Memory state around the buggy address: <6>[ 1795.592414] __switch_to+0x140/0x1e0 <3>[ 1795.593166] ffff00000769a300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb <6>[ 1795.593517] 0xa300bdfd3d933100 <3>[ 1795.593884] ffff00000769a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc <3>[ 1795.594481] rcu: rcu_preempt kthread timer wakeup didn't happen for 10307 jiffies! g701 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 <3>[ 1795.595013] >ffff00000769a400: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc <3>[ 1795.595790] rcu: Possible timer handling issue on cpu=1 timer-softirq=2789 <3>[ 1795.596242] ^ <3>[ 1795.597071] rcu: rcu_preempt kthread starved for 10308 jiffies! g701 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=1 <3>[ 1795.612428] ffff00000769a480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc <3>[ 1795.613170] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. <3>[ 1795.613727] ffff00000769a500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb <3>[ 1795.614788] rcu: RCU grace-period kthread stack dump: <3>[ 1795.615616] ================================================================== <6>[ 1795.616627] task:rcu_preempt state:I stack: 0 pid: 16 ppid: 2 flags:0x00000008 <6>[ 1795.635130] Call trace: <6>[ 1795.635698] __switch_to+0x140/0x1e0 <6>[ 1795.636527] __schedule+0x4f4/0xc74 <6>[ 1795.636738] ok 22 - kmalloc_memmove_negative_size <6>[ 1795.637339] schedule+0x88/0x13c <6>[ 1795.637616] schedule_timeout+0x104/0x2b0 <6>[ 1795.639418] rcu_gp_fqs_loop+0x1a0/0x784 <6>[ 1795.640294] rcu_gp_kthread+0x278/0x3a0 <6>[ 1795.641130] kthread+0x160/0x170 <6>[ 1795.655016] ret_from_fork+0x10/0x20 <3>[ 1795.655928] rcu: Stack dump where RCU GP kthread last ran: <6>[ 1795.656755] Task dump for CPU 1: <6>[ 1795.661660] task:swapper/1 state:R running task stack: 0 pid: 0 ppid: 1 flags:0x0000000a <6>[ 1795.663280] Call trace: <6>[ 1795.663809] dump_backtrace+0xb8/0x130 <6>[ 1795.664645] show_stack+0x20/0x60 <6>[ 1795.665339] sched_show_task+0x2a0/0x2d4 <6>[ 1795.666296] dump_cpu_task+0x64/0x78 <6>[ 1795.666944] rcu_check_gp_kthread_starvation+0x16c/0x198 <6>[ 1795.667742] rcu_sched_clock_irq+0x12bc/0x14a4 <6>[ 1795.668407] update_process_times+0x90/0xec <6>[ 1795.669089] tick_sched_handle+0x70/0xa0 <6>[ 1795.670077] tick_sched_timer+0x5c/0xd0 <6>[ 1795.671787] __hrtimer_run_queues+0x234/0x5f0 <6>[ 1795.673161] hrtimer_interrupt+0x198/0x384 <6>[ 1795.675365] arch_timer_handler_virt+0x48/0x60 <6>[ 1795.676852] handle_percpu_devid_irq+0xe0/0x300 <6>[ 1795.678930] generic_handle_domain_irq+0x50/0x70 <6>[ 1795.680649] gic_handle_irq+0x58/0x160 <6>[ 1795.682565] call_on_irq_stack+0x2c/0x54 <6>[ 1795.683792] do_interrupt_handler+0xc8/0xd0 <6>[ 1795.685237] el1_interrupt+0x34/0x60 <6>[ 1795.687417] el1h_64_irq_handler+0x18/0x2c <6>[ 1795.688879] el1h_64_irq+0x64/0x68 <6>[ 1795.691311] arch_local_irq_enable+0xc/0x20 <6>[ 1795.692528] default_idle_call+0x5c/0x248 <6>[ 1795.694570] do_idle+0x318/0x3a0 <6>[ 1795.695854] cpu_startup_entry+0x2c/0x3c <6>[ 1795.697233] secondary_start_kernel+0x248/0x274 <6>[ 1795.699361] __secondary_switched+0xa0/0xa4 <3>[ 1795.735781] ================================================================== <3>[ 1795.739804] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0xe8/0x1f0 <3>[ 1795.741085] Read of size 64 at addr ffff00000769aa04 by task kunit_try_catch/276 <3>[ 1795.742569] <3>[ 1795.743175] CPU: 0 PID: 276 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1 <3>[ 1795.744678] Hardware name: linux,dummy-virt (DT) <3>[ 1795.745817] Call trace: <3>[ 1795.746492] dump_backtrace+0xb8/0x130 <3>[ 1795.747652] show_stack+0x20/0x60 <3>[ 1795.748582] dump_stack_lvl+0x8c/0xb8 <3>[ 1795.749758] print_report+0x2e4/0x620 <3>[ 1795.750801] kasan_report+0xa8/0x1dc <3>[ 1795.751922] kasan_check_range+0xf8/0x1a0 <3>[ 1795.753151] memmove+0x5c/0x110 <3>[ 1795.754186] kmalloc_memmove_invalid_size+0xe8/0x1f0 <3>[ 1795.755558] kunit_try_run_case+0x8c/0x124 <3>[ 1795.756747] kunit_generic_run_threadfn_adapter+0x38/0x54 <3>[ 1795.758155] kthread+0x160/0x170 <3>[ 1795.759116] ret_from_fork+0x10/0x20 <3>[ 1795.760332] <3>[ 1795.760950] Allocated by task 276: <4>[ 1795.761790] kasan_save_stack+0x2c/0x5c <4>[ 1795.763023] __kasan_kmalloc+0xac/0x104 <4>[ 1795.764152] kmem_cache_alloc_trace+0x1f8/0x3b0 <4>[ 1795.765420] kmalloc_memmove_invalid_size+0xa4/0x1f0 <4>[ 1795.766754] kunit_try_run_case+0x8c/0x124 <4>[ 1795.767979] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 1795.769380] kthread+0x160/0x170 <4>[ 1795.770363] ret_from_fork+0x10/0x20 <3>[ 1795.771544] <3>[ 1795.772144] The buggy address belongs to the object at ffff00000769aa00 <3>[ 1795.772144] which belongs to the cache kmalloc-128 of size 128 <3>[ 1795.774206] The buggy address is located 4 bytes inside of <3>[ 1795.774206] 128-byte region [ffff00000769aa00, ffff00000769aa80) <3>[ 1795.776177] <3>[ 1795.776777] The buggy address belongs to the physical page: <4>[ 1795.777844] page:0000000096b3938d refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4769a <4>[ 1795.779580] flags: 0x3fffc0000000200(slab|node=0|zone=0|lastcpupid=0xffff) <4>[ 1795.781092] raw: 03fffc0000000200 dead000000000100 dead000000000122 ffff000006802300 <4>[ 1795.782745] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 <4>[ 1795.784099] page dumped because: kasan: bad access detected <3>[ 1795.785234] <3>[ 1795.785837] Memory state around the buggy address: <3>[ 1795.786917] ffff00000769a900: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc <3>[ 1795.788267] ffff00000769a980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc <3>[ 1795.789663] >ffff00000769aa00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc <3>[ 1795.790955] ^ <3>[ 1795.792137] ffff00000769aa80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc <3>[ 1795.793491] ffff00000769ab00: 00 06 fc fc fc fc fc fc fc fc fc fc fc fc fc fc <3>[ 1795.794783] ================================================================== <6>[ 1795.799563] ok 23 - kmalloc_memmove_invalid_size <3>[ 1795.803907] ================================================================== <3>[ 1795.806013] BUG: KASAN: use-after-free in kmalloc_uaf+0xd0/0x1c4 <3>[ 1795.808342] Read of size 1 at addr ffff00000789a808 by task kunit_try_catch/278 <3>[ 1795.810205] <3>[ 1795.811942] CPU: 1 PID: 278 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1 <3>[ 1795.813483] Hardware name: linux,dummy-virt (DT) <3>[ 1795.815543] Call trace: <3>[ 1795.816444] dump_backtrace+0xb8/0x130 <3>[ 1795.819226] show_stack+0x20/0x60 <3>[ 1795.820073] dump_stack_lvl+0x8c/0xb8 <3>[ 1795.821216] print_report+0x2e4/0x620 <3>[ 1795.823334] kasan_report+0xa8/0x1dc <3>[ 1795.824429] __asan_load1+0x88/0xb0 <3>[ 1795.826691] kmalloc_uaf+0xd0/0x1c4 <3>[ 1795.827809] kunit_try_run_case+0x8c/0x124 <3>[ 1795.829011] kunit_generic_run_threadfn_adapter+0x38/0x54 <3>[ 1795.831550] kthread+0x160/0x170 <3>[ 1795.832504] ret_from_fork+0x10/0x20 <3>[ 1795.834798] <3>[ 1795.835375] Allocated by task 278: <4>[ 1795.836140] kasan_save_stack+0x2c/0x5c <4>[ 1795.838646] __kasan_kmalloc+0xac/0x104 <4>[ 1795.839404] kmem_cache_alloc_trace+0x1f8/0x3b0 <4>[ 1795.840582] kmalloc_uaf+0x9c/0x1c4 <4>[ 1795.842760] kunit_try_run_case+0x8c/0x124 <4>[ 1795.843758] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 1795.845377] kthread+0x160/0x170 <4>[ 1795.847503] ret_from_fork+0x10/0x20 <3>[ 1795.848566] <3>[ 1795.849138] Freed by task 278: <4>[ 1795.851069] kasan_save_stack+0x2c/0x5c <4>[ 1795.852163] kasan_set_track+0x2c/0x40 <4>[ 1795.853243] kasan_set_free_info+0x28/0x50 <4>[ 1795.855463] ____kasan_slab_free+0x15c/0x1b4 <4>[ 1795.856637] __kasan_slab_free+0x18/0x2c <4>[ 1795.858758] slab_free_freelist_hook+0xbc/0x220 <4>[ 1795.860330] kfree+0xe0/0x3f0 <4>[ 1795.861165] kmalloc_uaf+0xbc/0x1c4 <4>[ 1795.863233] kunit_try_run_case+0x8c/0x124 <4>[ 1795.864377] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 1795.866950] kthread+0x160/0x170 <4>[ 1795.868001] ret_from_fork+0x10/0x20 <3>[ 1795.869086] <3>[ 1795.870817] The buggy address belongs to the object at ffff00000789a800 <3>[ 1795.870817] which belongs to the cache kmalloc-128 of size 128 <3>[ 1795.872776] The buggy address is located 8 bytes inside of <3>[ 1795.872776] 128-byte region [ffff00000789a800, ffff00000789a880) <3>[ 1795.875701] <3>[ 1795.876476] The buggy address belongs to the physical page: <4>[ 1795.878543] page:00000000fce45ea4 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4789a <4>[ 1795.880045] flags: 0x3fffc0000000200(slab|node=0|zone=0|lastcpupid=0xffff) <4>[ 1795.882782] raw: 03fffc0000000200 0000000000000000 dead000000000001 ffff000006802300 <4>[ 1795.884068] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 <4>[ 1795.886600] page dumped because: kasan: bad access detected <3>[ 1795.887730] <3>[ 1795.888279] Memory state around the buggy address: <3>[ 1795.890568] ffff00000789a700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb <3>[ 1795.892022] ffff00000789a780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc <3>[ 1795.894560] >ffff00000789a800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb <3>[ 1795.895939] ^ <3>[ 1795.896744] ffff00000789a880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc <3>[ 1795.899262] ffff00000789a900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb <3>[ 1795.900545] ================================================================== <6>[ 1795.907822] ok 24 - kmalloc_uaf <3>[ 1795.916693] ================================================================== <3>[ 1795.918440] BUG: KASAN: use-after-free in kmalloc_uaf_memset+0xd8/0x1cc <3>[ 1795.919987] Write of size 33 at addr ffff0000076bf100 by task kunit_try_catch/279 <3>[ 1795.921415] <3>[ 1795.922044] CPU: 0 PID: 279 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1 <3>[ 1795.923641] Hardware name: linux,dummy-virt (DT) <3>[ 1795.924600] Call trace: <3>[ 1795.925297] dump_backtrace+0xb8/0x130 <3>[ 1795.926399] show_stack+0x20/0x60 <3>[ 1795.927296] dump_stack_lvl+0x8c/0xb8 <3>[ 1795.928396] print_report+0x2e4/0x620 <3>[ 1795.929446] kasan_report+0xa8/0x1dc <3>[ 1795.930548] kasan_check_range+0xf8/0x1a0 <3>[ 1795.931667] memset+0x54/0x90 <3>[ 1795.932572] kmalloc_uaf_memset+0xd8/0x1cc <3>[ 1795.933769] kunit_try_run_case+0x8c/0x124 <3>[ 1795.934946] kunit_generic_run_threadfn_adapter+0x38/0x54 <3>[ 1795.936326] kthread+0x160/0x170 <3>[ 1795.937331] ret_from_fork+0x10/0x20 <3>[ 1795.938451] <3>[ 1795.939026] Allocated by task 279: <4>[ 1795.939790] kasan_save_stack+0x2c/0x5c <4>[ 1795.940797] __kasan_kmalloc+0xac/0x104 <4>[ 1795.941999] kmem_cache_alloc_trace+0x1f8/0x3b0 <4>[ 1795.943215] kmalloc_uaf_memset+0x9c/0x1cc <4>[ 1795.944263] kunit_try_run_case+0x8c/0x124 <4>[ 1795.945487] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 1795.946883] kthread+0x160/0x170 <4>[ 1795.947856] ret_from_fork+0x10/0x20 <3>[ 1795.948947] <3>[ 1795.949546] Freed by task 279: <4>[ 1795.950312] kasan_save_stack+0x2c/0x5c <4>[ 1795.951313] kasan_set_track+0x2c/0x40 <4>[ 1795.952406] kasan_set_free_info+0x28/0x50 <4>[ 1795.953587] ____kasan_slab_free+0x15c/0x1b4 <4>[ 1795.954649] __kasan_slab_free+0x18/0x2c <4>[ 1795.955770] slab_free_freelist_hook+0xbc/0x220 <4>[ 1795.957104] kfree+0xe0/0x3f0 <4>[ 1795.957936] kmalloc_uaf_memset+0xbc/0x1cc <4>[ 1795.959070] kunit_try_run_case+0x8c/0x124 <4>[ 1795.960155] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 1795.961441] kthread+0x160/0x170 <4>[ 1795.962388] ret_from_fork+0x10/0x20 <3>[ 1795.963455] <3>[ 1795.964022] The buggy address belongs to the object at ffff0000076bf100 <3>[ 1795.964022] which belongs to the cache kmalloc-128 of size 128 <3>[ 1795.966055] The buggy address is located 0 bytes inside of <3>[ 1795.966055] 128-byte region [ffff0000076bf100, ffff0000076bf180) <3>[ 1795.967849] <3>[ 1795.968398] The buggy address belongs to the physical page: <4>[ 1795.969430] page:000000000012f197 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x476bf <4>[ 1795.970963] flags: 0x3fffc0000000200(slab|node=0|zone=0|lastcpupid=0xffff) <4>[ 1795.972652] raw: 03fffc0000000200 fffffc00001dac00 dead000000000004 ffff000006802300 <4>[ 1795.973903] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 <4>[ 1795.975235] page dumped because: kasan: bad access detected <3>[ 1795.976254] <3>[ 1795.976802] Memory state around the buggy address: <3>[ 1795.977835] ffff0000076bf000: 00 00 07 fc fc fc fc fc fc fc fc fc fc fc fc fc <3>[ 1795.979187] ffff0000076bf080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc <3>[ 1795.980547] >ffff0000076bf100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb <3>[ 1795.981862] ^ <3>[ 1795.982651] ffff0000076bf180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc <3>[ 1795.983976] ffff0000076bf200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb <3>[ 1795.985277] ================================================================== <6>[ 1795.991899] ok 25 - kmalloc_uaf_memset <3>[ 1796.002358] ================================================================== <3>[ 1796.008667] BUG: KASAN: use-after-free in kmalloc_uaf2+0x10c/0x29c <3>[ 1796.010425] Read of size 1 at addr ffff00000789a528 by task kunit_try_catch/280 <3>[ 1796.012144] <3>[ 1796.012839] CPU: 1 PID: 280 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1 <3>[ 1796.014700] Hardware name: linux,dummy-virt (DT) <3>[ 1796.015890] Call trace: <3>[ 1796.016813] dump_backtrace+0xb8/0x130 <3>[ 1796.018121] show_stack+0x20/0x60 <3>[ 1796.019110] dump_stack_lvl+0x8c/0xb8 <3>[ 1796.020409] print_report+0x2e4/0x620 <3>[ 1796.021777] kasan_report+0xa8/0x1dc <3>[ 1796.023061] __asan_load1+0x88/0xb0 <3>[ 1796.024355] kmalloc_uaf2+0x10c/0x29c <3>[ 1796.025625] kunit_try_run_case+0x8c/0x124 <3>[ 1796.027043] kunit_generic_run_threadfn_adapter+0x38/0x54 <3>[ 1796.028404] kthread+0x160/0x170 <3>[ 1796.029551] ret_from_fork+0x10/0x20 <3>[ 1796.030589] <3>[ 1796.031438] Allocated by task 280: <4>[ 1796.032306] kasan_save_stack+0x2c/0x5c <4>[ 1796.033188] __kasan_kmalloc+0xac/0x104 <4>[ 1796.034549] kmem_cache_alloc_trace+0x1f8/0x3b0 <4>[ 1796.035969] kmalloc_uaf2+0xb0/0x29c <4>[ 1796.037010] kunit_try_run_case+0x8c/0x124 <4>[ 1796.038141] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 1796.039448] kthread+0x160/0x170 <4>[ 1796.040710] ret_from_fork+0x10/0x20 <3>[ 1796.042004] <3>[ 1796.042636] Freed by task 280: <4>[ 1796.043426] kasan_save_stack+0x2c/0x5c <4>[ 1796.044281] kasan_set_track+0x2c/0x40 <4>[ 1796.045793] kasan_set_free_info+0x28/0x50 <4>[ 1796.046982] ____kasan_slab_free+0x15c/0x1b4 <4>[ 1796.048083] __kasan_slab_free+0x18/0x2c <4>[ 1796.049502] slab_free_freelist_hook+0xbc/0x220 <4>[ 1796.050994] kfree+0xe0/0x3f0 <4>[ 1796.051980] kmalloc_uaf2+0xc8/0x29c <4>[ 1796.052768] kunit_try_run_case+0x8c/0x124 <4>[ 1796.054234] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 1796.055788] kthread+0x160/0x170 <4>[ 1796.056786] ret_from_fork+0x10/0x20 <3>[ 1796.058943] <3>[ 1796.059311] The buggy address belongs to the object at ffff00000789a500 <3>[ 1796.059311] which belongs to the cache kmalloc-128 of size 128 <3>[ 1796.064763] The buggy address is located 40 bytes inside of <3>[ 1796.064763] 128-byte region [ffff00000789a500, ffff00000789a580) <3>[ 1796.067757] <3>[ 1796.068530] The buggy address belongs to the physical page: <4>[ 1796.070439] page:00000000fce45ea4 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4789a <4>[ 1796.072743] flags: 0x3fffc0000000200(slab|node=0|zone=0|lastcpupid=0xffff) <4>[ 1796.075352] raw: 03fffc0000000200 0000000000000000 dead000000000001 ffff000006802300 <4>[ 1796.077246] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 <4>[ 1796.079320] page dumped because: kasan: bad access detected <3>[ 1796.080518] <3>[ 1796.081248] Memory state around the buggy address: <3>[ 1796.083118] ffff00000789a400: 00 00 00 00 00 03 fc fc fc fc fc fc fc fc fc fc <3>[ 1796.085198] ffff00000789a480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc <3>[ 1796.086724] >ffff00000789a500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb <3>[ 1796.088744] ^ <3>[ 1796.090294] ffff00000789a580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc <3>[ 1796.092063] ffff00000789a600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb <3>[ 1796.093795] ================================================================== <6>[ 1796.099778] ok 26 - kmalloc_uaf2 <6>[ 1796.109002] ok 27 - kfree_via_page <6>[ 1796.119444] ok 28 - kfree_via_phys <3>[ 1796.131855] ================================================================== <3>[ 1796.133533] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0xe0/0x250 <3>[ 1796.135097] Read of size 1 at addr ffff00000e2e90c8 by task kunit_try_catch/283 <3>[ 1796.136464] <3>[ 1796.137038] CPU: 0 PID: 283 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1 <3>[ 1796.138611] Hardware name: linux,dummy-virt (DT) <3>[ 1796.139574] Call trace: <3>[ 1796.140266] dump_backtrace+0xb8/0x130 <3>[ 1796.141445] show_stack+0x20/0x60 <3>[ 1796.142370] dump_stack_lvl+0x8c/0xb8 <3>[ 1796.143527] print_report+0x2e4/0x620 <3>[ 1796.144563] kasan_report+0xa8/0x1dc <3>[ 1796.145738] __asan_load1+0x88/0xb0 <3>[ 1796.146757] kmem_cache_oob+0xe0/0x250 <3>[ 1796.147912] kunit_try_run_case+0x8c/0x124 <3>[ 1796.148997] kunit_generic_run_threadfn_adapter+0x38/0x54 <3>[ 1796.150423] kthread+0x160/0x170 <3>[ 1796.151388] ret_from_fork+0x10/0x20 <3>[ 1796.152385] <3>[ 1796.152828] Allocated by task 283: <4>[ 1796.153819] kasan_save_stack+0x2c/0x5c <4>[ 1796.155188] __kasan_slab_alloc+0xc0/0xd0 <4>[ 1796.157130] kmem_cache_alloc+0x180/0x3a0 <4>[ 1796.158259] kmem_cache_oob+0xbc/0x250 <4>[ 1796.160568] kunit_try_run_case+0x8c/0x124 <4>[ 1796.161728] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 1796.162997] kthread+0x160/0x170 <4>[ 1796.163929] ret_from_fork+0x10/0x20 <3>[ 1796.165044] <3>[ 1796.167053] The buggy address belongs to the object at ffff00000e2e9000 <3>[ 1796.167053] which belongs to the cache test_cache of size 200 <3>[ 1796.168981] The buggy address is located 0 bytes to the right of <3>[ 1796.168981] 200-byte region [ffff00000e2e9000, ffff00000e2e90c8) <3>[ 1796.170825] <3>[ 1796.171355] The buggy address belongs to the physical page: <4>[ 1796.172346] page:000000003ac1b269 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4e2e9 <4>[ 1796.175377] flags: 0x3fffc0000000200(slab|node=0|zone=0|lastcpupid=0xffff) <4>[ 1796.176978] raw: 03fffc0000000200 0000000000000000 dead000000000122 ffff00000759be00 <4>[ 1796.178294] raw: 0000000000000000 00000000800f000f 00000001ffffffff 0000000000000000 <4>[ 1796.179592] page dumped because: kasan: bad access detected <3>[ 1796.180626] <3>[ 1796.181197] Memory state around the buggy address: <3>[ 1796.183724] ffff00000e2e8f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff <3>[ 1796.184952] ffff00000e2e9000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 <3>[ 1796.186310] >ffff00000e2e9080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc <3>[ 1796.187604] ^ <3>[ 1796.188633] ffff00000e2e9100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc <3>[ 1796.191686] ffff00000e2e9180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc <3>[ 1796.192842] ================================================================== <6>[ 1796.219525] ok 29 - kmem_cache_oob <1>[ 1796.227625] Unable to handle kernel paging request at virtual address dead0000000000c2 <1>[ 1796.232172] Mem abort info: <1>[ 1796.233183] ESR = 0x0000000096000004 <1>[ 1796.236146] EC = 0x25: DABT (current EL), IL = 32 bits <1>[ 1796.240846] SET = 0, FnV = 0 <1>[ 1796.243243] EA = 0, S1PTW = 0 <1>[ 1796.244314] FSC = 0x04: level 0 translation fault <1>[ 1796.247460] Data abort info: <1>[ 1796.248719] ISV = 0, ISS = 0x00000004 <1>[ 1796.251536] CM = 0, WnR = 0 <1>[ 1796.252357] [dead0000000000c2] address between user and kernel address ranges <0>[ 1796.256274] Internal error: Oops: 96000004 [#1] PREEMPT SMP <4>[ 1796.257789] Modules linked in: <4>[ 1796.258667] CPU: 0 PID: 284 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1 <4>[ 1796.260117] Hardware name: linux,dummy-virt (DT) <4>[ 1796.261058] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) <4>[ 1796.263815] pc : find_mergeable+0x108/0x1dc <4>[ 1796.265047] lr : find_mergeable+0x110/0x1dc <4>[ 1796.266146] sp : ffff8000088b7c50 <4>[ 1796.266960] x29: ffff8000088b7c50 x28: 0000000000000000 x27: 000000000000011b <4>[ 1796.268640] x26: ffffb5ed1da38220 x25: ffffb5ed1ecf5800 x24: 000000000402c000 <4>[ 1796.271606] x23: 0000000000a90c00 x22: 0000000004000000 x21: 00000000fffffff8 <4>[ 1796.273241] x20: 00000000000000c8 x19: dead0000000000ba x18: 0000000010ac2324 <4>[ 1796.274904] x17: 0000000000000000 x16: 0000000000000000 x15: 00000000000c8000 <4>[ 1796.276554] x14: 00000000000c8000 x13: 6461657268745f68 x12: ffff700001116f95 <4>[ 1796.279510] x11: 1ffff00001116f94 x10: ffff700001116f94 x9 : ffffb5ed18df9378 <4>[ 1796.281188] x8 : ffff8000088b7ca7 x7 : 0000000000000001 x6 : ffff700001116f94 <4>[ 1796.282856] x5 : 0000000000000000 x4 : 0000000000000002 x3 : 0000000000000000 <4>[ 1796.284463] x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000108 <4>[ 1796.287497] Call trace: <4>[ 1796.288400] find_mergeable+0x108/0x1dc <4>[ 1796.289619] __kmem_cache_alias+0x38/0xc0 <4>[ 1796.290624] kmem_cache_create_usercopy+0x130/0x2bc <4>[ 1796.291862] kmem_cache_create+0x24/0x30 <4>[ 1796.293027] kmem_cache_accounted+0x90/0x160 <4>[ 1796.295491] kunit_try_run_case+0x8c/0x124 <4>[ 1796.296677] kunit_generic_run_threadfn_adapter+0x38/0x54 <4>[ 1796.298432] kthread+0x160/0x170 <4>[ 1796.299499] ret_from_fork+0x10/0x20 <0>[ 1796.301148] Code: eb1a003f 54000480 39400321 35ffff61 (b9400a7b) <4>[ 1796.303569] ---[ end trace 0000000000000000 ]--- poweroff