内核测试-使用 QEMU 进行内核模拟
📅9/23/2021, 12:00:00 AM
文件
创建一个文件夹,用于存放内核镜像和根文件系统。
启动脚本
qemu-system-aarch64 \
-machine virt \
-cpu cortex-a57 \
-kernel ./Image \
-initrd rootfs.cpio \
--nographic
-
qemu-system-aarch64 指定我们使用 aarch64 架构进行模拟
-
-machine virt 说明我们模拟的机器是虚拟机
-
-cpu 模拟的 CPU
-
-kernel 指定内核文件(前面编译好的内核镜像)
-
-initrd 指定根文件系统
-
--nographic 没有画面(不会弹出一个单独的窗口,因为若弹出的话,我们在终端中是看不到的)
效果
成功启动后将会输出很多信息。
若 KFENCE 启动成功,且启用了自检,将会输出相关内容。
[ 1.646347] # Subtest: kfence
[ 1.646440] 1..25
[ 1.647423] # test_out_of_bounds_read: test_alloc: size=128, gfp=cc0, policy=left, cache=0
[ 1.734787] ==================================================================
[ 1.735047] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0xbc/0x204
[ 1.735047]
[ 1.735414] Out-of-bounds read at 0xffff000005d73fff (1B left of kfence-#9):
[ 1.735679] test_out_of_bounds_read+0xbc/0x204
[ 1.735845] kunit_try_run_case+0x40/0xa0
[ 1.735975] kunit_generic_run_threadfn_adapter+0x20/0x30
[ 1.736134] kthread+0x140/0x160
[ 1.736241] ret_from_fork+0x10/0x34
[ 1.736401]
[ 1.736604] kfence-#9 [0xffff000005d74000-0xffff000005d7407f, size=128, cache=kmalloc-128] allocated by task 93:
[ 1.737165] test_alloc+0xf8/0x300
[ 1.737272] test_out_of_bounds_read+0xa4/0x204
[ 1.737408] kunit_try_run_case+0x40/0xa0
[ 1.737533] kunit_generic_run_threadfn_adapter+0x20/0x30
[ 1.737691] kthread+0x140/0x160
[ 1.737795] ret_from_fork+0x10/0x34
[ 1.737951]
[ 1.738211] CPU: 0 PID: 93 Comm: kunit_try_catch Not tainted 5.10.0-00010-gdc23e832cfe7 #1
[ 1.738436] Hardware name: linux,dummy-virt (DT)
[ 1.738727] pstate: 60000005 (nZCv daif -PAN -UAO -TCO BTYPE=--)
[ 1.738898] pc : test_out_of_bounds_read+0xbc/0x204
[ 1.739037] lr : test_out_of_bounds_read+0xa4/0x204
[ 1.739190] sp : ffff800012403d30
[ 1.739314] x29: ffff800012403d30 x28: 0000000000000000
[ 1.739531] x27: ffff8000121e9000 x26: ffff00000511b900
[ 1.739699] x25: ffff8000121e92b0 x24: ffff800011517000
[ 1.739865] x23: ffff80001051b000 x22: 0000000000000000
[ 1.740028] x21: 0000000000000080 x20: ffff000005d74000
[ 1.740189] x19: ffff80001225bce8 x18: 0000000000000010
[ 1.740353] x17: 00000000d39cb9a7 x16: 00000000afcd4d6c
[ 1.740518] x15: ffff00000511bd78 x14: 00000000000000ea
[ 1.740680] x13: ffff00000511bd78 x12: 00000000ffffffea
[ 1.740844] x11: ffff800011e6ac28 x10: 0000000000000001
[ 1.741027] x9 : ffff8000115177f0 x8 : ffff8000115ba540
[ 1.741195] x7 : ffff80001051b288 x6 : ffff80001150dae0
[ 1.741359] x5 : 0000000000000001 x4 : 0000011500000001
[ 1.741525] x3 : 0000000000000000 x2 : 0000000000000001
[ 1.741684] x1 : 0000000000000000 x0 : ffff000005d73fff
[ 1.741970] Call trace:
[ 1.742094] test_out_of_bounds_read+0xbc/0x204
[ 1.742250] kunit_try_run_case+0x40/0xa0
[ 1.742380] kunit_generic_run_threadfn_adapter+0x20/0x30
[ 1.742542] kthread+0x140/0x160
[ 1.742648] ret_from_fork+0x10/0x34
[ 1.742824] ==================================================================
[ 1.743762] # test_out_of_bounds_read: test_alloc: size=128, gfp=cc0, policy=right, cache=0
[ 1.958146] ==================================================================
[ 1.958364] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x160/0x204
[ 1.958364]
[ 1.958639] Out-of-bounds read at 0xffff000005d79000 (128B right of kfence-#11):
[ 1.958859] test_out_of_bounds_read+0x160/0x204
[ 1.959008] kunit_try_run_case+0x40/0xa0
[ 1.959134] kunit_generic_run_threadfn_adapter+0x20/0x30
[ 1.959289] kthread+0x140/0x160
[ 1.959402] ret_from_fork+0x10/0x34
[ 1.959516]
[ 1.959585] kfence-#11 [0xffff000005d78f80-0xffff000005d78fff, size=128, cache=kmalloc-128] allocated by task 93:
[ 1.959885] test_alloc+0xf8/0x300
[ 1.960006] test_out_of_bounds_read+0x14c/0x204
[ 1.960150] kunit_try_run_case+0x40/0xa0
[ 1.960282] kunit_generic_run_threadfn_adapter+0x20/0x30
[ 1.960449] kthread+0x140/0x160
[ 1.960562] ret_from_fork+0x10/0x34
[ 1.960681]
[ 1.960817] CPU: 0 PID: 93 Comm: kunit_try_catch Tainted: G B 5.10.0-00010-gdc23e832cfe7 #1
[ 1.961089] Hardware name: linux,dummy-virt (DT)
[ 1.961233] pstate: 60000005 (nZCv daif -PAN -UAO -TCO BTYPE=--)
[ 1.961417] pc : test_out_of_bounds_read+0x160/0x204
[ 1.961568] lr : test_out_of_bounds_read+0x14c/0x204
[ 1.961715] sp : ffff800012403d30
[ 1.961831] x29: ffff800012403d30 x28: 0000000000000000
[ 1.962011] x27: ffff8000121e9000 x26: ffff00000511b900
[ 1.962156] x25: ffff8000121e92b0 x24: ffff8000115177b0
[ 1.962303] x23: ffff80001051b210 x22: ffff800011517b08
[ 1.962471] x21: 0000000000000080 x20: ffff000005d78f80
[ 1.962631] x19: ffff80001225bce8 x18: 0000000000000010
[ 1.962799] x17: 00000000d39cb9a7 x16: 00000000afcd4d6c
[ 1.962964] x15: ffff00000511bd78 x14: 00000000000000bd
[ 1.963129] x13: 0000000000000001 x12: 0000000000000000
[ 1.963294] x11: 0000000000000000 x10: 0000000000000001
[ 1.963456] x9 : ffff8000115177f0 x8 : ffff8000115ba540
[ 1.963626] x7 : ffff80001051b288 x6 : ffff80001150dae0
[ 1.963790] x5 : 0000000000000001 x4 : 0000011500000001
[ 1.963957] x3 : 0000000000000000 x2 : 0000000000000001
[ 1.964123] x1 : 0000000000000000 x0 : 0000000000000001
[ 1.964292] Call trace:
[ 1.964384] test_out_of_bounds_read+0x160/0x204
[ 1.964561] kunit_try_run_case+0x40/0xa0
[ 1.964697] kunit_generic_run_threadfn_adapter+0x20/0x30
[ 1.964866] kthread+0x140/0x160
[ 1.964973] ret_from_fork+0x10/0x34
[ 1.965086] ==================================================================
[ 1.965774] ok 1 - test_out_of_bounds_read
[ 1.966815] # test_out_of_bounds_read-memcache: setup_test_cache: size=32, ctor=0x0
[ 1.967495] # test_out_of_bounds_read-memcache: test_alloc: size=32, gfp=cc0, policy=left, cache=1
[ 2.518052] ==================================================================
[ 2.518285] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0xbc/0x204
[ 2.518285]
[ 2.518544] Out-of-bounds read at 0xffff000005d81fff (1B left of kfence-#16):
[ 2.518730] test_out_of_bounds_read+0xbc/0x204
[ 2.518850] kunit_try_run_case+0x40/0xa0
[ 2.518979] kunit_generic_run_threadfn_adapter+0x20/0x30
[ 2.519141] kthread+0x140/0x160
[ 2.519248] ret_from_fork+0x10/0x34
[ 2.519356]
[ 2.519421] kfence-#16 [0xffff000005d82000-0xffff000005d8201f, size=32, cache=test] allocated by task 94:
[ 2.519748] test_alloc+0xe8/0x300
[ 2.519868] test_out_of_bounds_read+0xa4/0x204
[ 2.520007] kunit_try_run_case+0x40/0xa0
[ 2.520135] kunit_generic_run_threadfn_adapter+0x20/0x30
[ 2.520300] kthread+0x140/0x160
[ 2.520409] ret_from_fork+0x10/0x34
[ 2.520525]
[ 2.520599] CPU: 0 PID: 94 Comm: kunit_try_catch Tainted: G B 5.10.0-00010-gdc23e832cfe7 #1
[ 2.520858] Hardware name: linux,dummy-virt (DT)
[ 2.520993] pstate: 60000005 (nZCv daif -PAN -UAO -TCO BTYPE=--)
[ 2.521171] pc : test_out_of_bounds_read+0xbc/0x204
[ 2.521315] lr : test_out_of_bounds_read+0xa4/0x204
[ 2.521460] sp : ffff80001240bd30
[ 2.521564] x29: ffff80001240bd30 x28: 0000000000000000
[ 2.521710] x27: ffff8000121e9000 x26: ffff000005119c80
[ 2.521896] x25: ffff8000121e92b0 x24: ffff800011517000
[ 2.522061] x23: ffff80001051b000 x22: 0000000000000000
[ 2.522224] x21: 0000000000000020 x20: ffff000005d82000
[ 2.522389] x19: ffff80001225bce8 x18: 0000000000000002
[ 2.522553] x17: 0000000000000001 x16: 0000000000000019
[ 2.522716] x15: 0000000000000068 x14: 00000000000000cc
[ 2.522877] x13: 0000000000000001 x12: 0000000000000000
[ 2.523039] x11: 0000000000000000 x10: 0000000000000001
[ 2.523204] x9 : ffff8000115177f0 x8 : ffff8000115ba540
[ 2.523368] x7 : ffff80001051b288 x6 : ffff80001150dae0
[ 2.523531] x5 : 0000000000000001 x4 : 0000011500000001
[ 2.523697] x3 : 0000000000000000 x2 : 0000000000000001
[ 2.523861] x1 : 0000000000000000 x0 : ffff000005d81fff
[ 2.524023] Call trace:
[ 2.524115] test_out_of_bounds_read+0xbc/0x204
[ 2.524255] kunit_try_run_case+0x40/0xa0
[ 2.524381] kunit_generic_run_threadfn_adapter+0x20/0x30
[ 2.524547] kthread+0x140/0x160
[ 2.524650] ret_from_fork+0x10/0x34
[ 2.524736] ==================================================================
[ 2.525133] # test_out_of_bounds_read-memcache: test_alloc: size=32, gfp=cc0, policy=right, cache=1
[ 3.862078] ==================================================================
[ 3.862320] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x160/0x204
[ 3.862320]
[ 3.862583] Out-of-bounds read at 0xffff000005d9b000 (32B right of kfence-#28):
[ 3.862802] test_out_of_bounds_read+0x160/0x204
[ 3.862947] kunit_try_run_case+0x40/0xa0
[ 3.863072] kunit_generic_run_threadfn_adapter+0x20/0x30
[ 3.863234] kthread+0x140/0x160
[ 3.863338] ret_from_fork+0x10/0x34
[ 3.863447]
[ 3.863515] kfence-#28 [0xffff000005d9afe0-0xffff000005d9afff, size=32, cache=test] allocated by task 94:
[ 3.863796] test_alloc+0xe8/0x300
[ 3.863913] test_out_of_bounds_read+0x14c/0x204
[ 3.864057] kunit_try_run_case+0x40/0xa0
[ 3.864185] kunit_generic_run_threadfn_adapter+0x20/0x30
[ 3.864344] kthread+0x140/0x160
[ 3.864452] ret_from_fork+0x10/0x34
[ 3.864566]
[ 3.864639] CPU: 0 PID: 94 Comm: kunit_try_catch Tainted: G B 5.10.0-00010-gdc23e832cfe7 #1
[ 3.864900] Hardware name: linux,dummy-virt (DT)
[ 3.865042] pstate: 60000005 (nZCv daif -PAN -UAO -TCO BTYPE=--)
[ 3.865216] pc : test_out_of_bounds_read+0x160/0x204
[ 3.865367] lr : test_out_of_bounds_read+0x14c/0x204
[ 3.865515] sp : ffff80001240bd30
[ 3.865617] x29: ffff80001240bd30 x28: 0000000000000000
[ 3.865785] x27: ffff8000121e9000 x26: ffff000005119c80
[ 3.865958] x25: ffff8000121e92b0 x24: ffff8000115177b0
[ 3.866096] x23: ffff80001051b210 x22: ffff800011517b08
[ 3.866257] x21: 0000000000000020 x20: ffff000005d9afe0
[ 3.866421] x19: ffff80001225bce8 x18: 0000000000000010
[ 3.866583] x17: 0000000000000001 x16: 0000000000000019
[ 3.866746] x15: ffff00000511a0f8 x14: 0000000000000383
[ 3.866908] x13: 0000000000000001 x12: 0000000000000000
[ 3.867073] x11: 0000000000000000 x10: 0000000000000001
[ 3.867237] x9 : ffff8000115177f0 x8 : ffff8000115ba540
[ 3.867399] x7 : ffff80001051b288 x6 : ffff80001150dae0
[ 3.867564] x5 : 0000000000000001 x4 : 0000011500000001
[ 3.867729] x3 : 0000000000000000 x2 : 0000000000000001
[ 3.867891] x1 : 0000000000000000 x0 : 0000000000000001
[ 3.868058] Call trace:
[ 3.868148] test_out_of_bounds_read+0x160/0x204
[ 3.868292] kunit_try_run_case+0x40/0xa0
[ 3.868417] kunit_generic_run_threadfn_adapter+0x20/0x30
[ 3.868582] kthread+0x140/0x160
[ 3.868693] ret_from_fork+0x10/0x34
[ 3.868805] ==================================================================
[ 3.870408] ok 2 - test_out_of_bounds_read-memcache
[ 3.870868] # test_out_of_bounds_write: test_alloc: size=32, gfp=cc0, policy=left, cache=0
[ 4.310096] ==================================================================
[ 4.310327] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x90/0x14c
[ 4.310327]
[ 4.310577] Out-of-bounds write at 0xffff000005da1fff (1B left of kfence-#32):
[ 4.310796] test_out_of_bounds_write+0x90/0x14c
[ 4.310950] kunit_try_run_case+0x40/0xa0
[ 4.311080] kunit_generic_run_threadfn_adapter+0x20/0x30
[ 4.311244] kthread+0x140/0x160
[ 4.311359] ret_from_fork+0x10/0x34
[ 4.311476]
[ 4.311547] kfence-#32 [0xffff000005da2000-0xffff000005da201f, size=32, cache=kmalloc-128] allocated by task 95:
[ 4.311845] test_alloc+0xf8/0x300
[ 4.311964] test_out_of_bounds_write+0x78/0x14c
[ 4.312108] kunit_try_run_case+0x40/0xa0
[ 4.312234] kunit_generic_run_threadfn_adapter+0x20/0x30
[ 4.312395] kthread+0x140/0x160
[ 4.312512] ret_from_fork+0x10/0x34
[ 4.312625]
[ 4.312702] CPU: 0 PID: 95 Comm: kunit_try_catch Tainted: G B 5.10.0-00010-gdc23e832cfe7 #1
[ 4.312971] Hardware name: linux,dummy-virt (DT)
[ 4.313120] pstate: 60000005 (nZCv daif -PAN -UAO -TCO BTYPE=--)
[ 4.313297] pc : test_out_of_bounds_write+0x90/0x14c
[ 4.313453] lr : test_out_of_bounds_write+0x78/0x14c
[ 4.313602] sp : ffff800012403d60
[ 4.313711] x29: ffff800012403d60 x28: 0000000000000000
[ 4.313909] x27: ffff80001225bb78 x26: ffff0000040c24c8
[ 4.314083] x25: ffff80001216a680 x24: ffff80001225bd00
[ 4.314255] x23: ffff80001051b4d0 x22: ffff00000511b900
[ 4.314423] x21: ffff800011e96470 x20: ffff80001225bce8
[ 4.314593] x19: ffff000005da2000 x18: 0000000000000010
[ 4.314764] x17: 0000000000000001 x16: 0000000000000019
[ 4.314929] x15: 0000b65db746aa58 x14: 00000000000000c7
[ 4.315074] x13: 0000000000000001 x12: 0000000000000000
[ 4.315243] x11: 0000000000000000 x10: 0000000000000001
[ 4.315409] x9 : ffff8000115177f0 x8 : ffff8000115ba540
[ 4.315575] x7 : ffff80001051b288 x6 : ffff80001150dae0
[ 4.315742] x5 : 0000000000000001 x4 : 0000011500000001
[ 4.315908] x3 : 0000000000000000 x2 : 000000000000002a
[ 4.316078] x1 : ffff8000121e92b0 x0 : ffff8000121e9000
[ 4.316245] Call trace:
[ 4.316340] test_out_of_bounds_write+0x90/0x14c
[ 4.316494] kunit_try_run_case+0x40/0xa0
[ 4.316626] kunit_generic_run_threadfn_adapter+0x20/0x30
[ 4.316789] kthread+0x140/0x160
[ 4.316902] ret_from_fork+0x10/0x34
[ 4.317021] ==================================================================
[ 4.317555] ok 3 - test_out_of_bounds_write
[ 4.318131] # test_out_of_bounds_write-memcache: setup_test_cache: size=32, ctor=0x0
[ 4.318756] # test_out_of_bounds_write-memcache: test_alloc: size=32, gfp=cc0, policy=left, cache=1
[ 4.646055] ==================================================================
[ 4.646282] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x90/0x14c
[ 4.646282]
[ 4.646540] Out-of-bounds write at 0xffff000005da7fff (1B left of kfence-#35):
[ 4.646752] test_out_of_bounds_write+0x90/0x14c
[ 4.646898] kunit_try_run_case+0x40/0xa0
[ 4.647017] kunit_generic_run_threadfn_adapter+0x20/0x30
[ 4.647178] kthread+0x140/0x160
[ 4.647286] ret_from_fork+0x10/0x34
[ 4.647386]
[ 4.647451] kfence-#35 [0xffff000005da8000-0xffff000005da801f, size=32, cache=test] allocated by task 96:
[ 4.647731] test_alloc+0xe8/0x300
[ 4.647845] test_out_of_bounds_write+0x78/0x14c
[ 4.647985] kunit_try_run_case+0x40/0xa0
[ 4.648114] kunit_generic_run_threadfn_adapter+0x20/0x30
[ 4.648273] kthread+0x140/0x160
[ 4.648380] ret_from_fork+0x10/0x34
[ 4.648496]
[ 4.648570] CPU: 0 PID: 96 Comm: kunit_try_catch Tainted: G B 5.10.0-00010-gdc23e832cfe7 #1
[ 4.648835] Hardware name: linux,dummy-virt (DT)
[ 4.648976] pstate: 60000005 (nZCv daif -PAN -UAO -TCO BTYPE=--)
[ 4.649155] pc : test_out_of_bounds_write+0x90/0x14c
[ 4.649305] lr : test_out_of_bounds_write+0x78/0x14c
[ 4.649448] sp : ffff80001240bd60
[ 4.649553] x29: ffff80001240bd60 x28: 0000000000000000
[ 4.649723] x27: ffff80001225bb78 x26: ffff0000040c2548
[ 4.649905] x25: ffff80001216a680 x24: ffff80001225bd00
[ 4.650066] x23: ffff80001051b4d0 x22: ffff000005119c80
[ 4.650227] x21: ffff800011e96490 x20: ffff80001225bce8
[ 4.650390] x19: ffff000005da8000 x18: 0000000000000002
[ 4.650556] x17: 0000000000000001 x16: 0000000000000019
[ 4.650718] x15: 0000000000000001 x14: 00000000000003ee
[ 4.650881] x13: 0000000000000001 x12: 0000000000000000
[ 4.651041] x11: 0000000000000000 x10: 0000000000000001
[ 4.651207] x9 : ffff8000115177f0 x8 : ffff8000115ba540
[ 4.651376] x7 : ffff80001051b288 x6 : ffff80001150dae0
[ 4.651533] x5 : 0000000000000001 x4 : 0000011500000001
[ 4.651694] x3 : 0000000000000000 x2 : 000000000000002a
[ 4.651855] x1 : ffff8000121e92b0 x0 : ffff8000121e9000
[ 4.652019] Call trace:
[ 4.652109] test_out_of_bounds_write+0x90/0x14c
[ 4.652253] kunit_try_run_case+0x40/0xa0
[ 4.652382] kunit_generic_run_threadfn_adapter+0x20/0x30
[ 4.652545] kthread+0x140/0x160
[ 4.652654] ret_from_fork+0x10/0x34
[ 4.652765] ==================================================================
[ 4.653400] ok 4 - test_out_of_bounds_write-memcache
[ 4.653858] # test_use_after_free_read: test_alloc: size=32, gfp=cc0, policy=any, cache=0
[ 4.758222] ==================================================================
[ 4.758460] BUG: KFENCE: use-after-free read in test_use_after_free_read+0xb8/0x144
[ 4.758460]
[ 4.758729] Use-after-free read at 0xffff000005daaf80 (in kfence-#36):
[ 4.758933] test_use_after_free_read+0xb8/0x144
[ 4.759084] kunit_try_run_case+0x40/0xa0
[ 4.759210] kunit_generic_run_threadfn_adapter+0x20/0x30
[ 4.759372] kthread+0x140/0x160
[ 4.759482] ret_from_fork+0x10/0x34
[ 4.759592]
[ 4.759660] kfence-#36 [0xffff000005daaf80-0xffff000005daaf9f, size=32, cache=kmalloc-128] allocated by task 97:
[ 4.759935] test_alloc+0xf8/0x300
[ 4.760052] test_use_after_free_read+0x78/0x144
[ 4.760194] kunit_try_run_case+0x40/0xa0
[ 4.760321] kunit_generic_run_threadfn_adapter+0x20/0x30
[ 4.760490] kthread+0x140/0x160
[ 4.760604] ret_from_fork+0x10/0x34
[ 4.760731]
[ 4.760731] freed by task 97:
[ 4.760937] test_use_after_free_read+0xa0/0x144
[ 4.761086] kunit_try_run_case+0x40/0xa0
[ 4.761194] kunit_generic_run_threadfn_adapter+0x20/0x30
[ 4.761357] kthread+0x140/0x160
[ 4.761463] ret_from_fork+0x10/0x34
[ 4.761590]
[ 4.761663] CPU: 0 PID: 97 Comm: kunit_try_catch Tainted: G B 5.10.0-00010-gdc23e832cfe7 #1
[ 4.761950] Hardware name: linux,dummy-virt (DT)
[ 4.762096] pstate: 60000005 (nZCv daif -PAN -UAO -TCO BTYPE=--)
[ 4.762278] pc : test_use_after_free_read+0xb8/0x144
[ 4.762430] lr : test_use_after_free_read+0xa0/0x144
[ 4.762580] sp : ffff800012403d60
[ 4.762687] x29: ffff800012403d60 x28: 0000000000000000
[ 4.762857] x27: ffff80001225bb78 x26: ffff0000040c26c8
[ 4.763025] x25: ffff80001216a680 x24: ffff80001225bd00
[ 4.763192] x23: ffff80001051b4d0 x22: 0000000000000000
[ 4.763358] x21: ffff00000511b900 x20: ffff8000121e92b0
[ 4.763521] x19: ffff80001225bce8 x18: 0000000000000010
[ 4.763692] x17: 0000000000000001 x16: 0000000000000019
[ 4.763856] x15: 0000b5eb3915ecb6 x14: 0000000000000339
[ 4.764027] x13: 0000000000000001 x12: 0000000000000000
[ 4.764193] x11: 0000000000000000 x10: 0000000000000001
[ 4.764358] x9 : ffff8000115177f0 x8 : ffff8000115ba540
[ 4.764530] x7 : 0000000000000002 x6 : 0000000000000000
[ 4.764696] x5 : 0000000000000001 x4 : ffff800011e962e8
[ 4.764863] x3 : ffff000005daaf80 x2 : ffff8000115177b0
[ 4.765030] x1 : ffff80001051b000 x0 : 0000000000000000
[ 4.765196] Call trace:
[ 4.765289] test_use_after_free_read+0xb8/0x144
[ 4.765439] kunit_try_run_case+0x40/0xa0
[ 4.765572] kunit_generic_run_threadfn_adapter+0x20/0x30
[ 4.765737] kthread+0x140/0x160
[ 4.765848] ret_from_fork+0x10/0x34
[ 4.765966] ==================================================================
[ 4.766536] ok 5 - test_use_after_free_read
[ 4.766983] # test_use_after_free_read-memcache: setup_test_cache: size=32, ctor=0x0
[ 4.767509] # test_use_after_free_read-memcache: test_alloc: size=32, gfp=cc0, policy=any, cache=1
[ 4.870163] ==================================================================
[ 4.870388] BUG: KFENCE: use-after-free read in test_use_after_free_read+0xb8/0x144
[ 4.870388]
[ 4.870651] Use-after-free read at 0xffff000005dacfe0 (in kfence-#37):
[ 4.870846] test_use_after_free_read+0xb8/0x144
[ 4.870991] kunit_try_run_case+0x40/0xa0
[ 4.871112] kunit_generic_run_threadfn_adapter+0x20/0x30
[ 4.871269] kthread+0x140/0x160
[ 4.871374] ret_from_fork+0x10/0x34
[ 4.871481]
[ 4.871546] kfence-#37 [0xffff000005dacfe0-0xffff000005dacfff, size=32, cache=test] allocated by task 98:
[ 4.871823] test_alloc+0xe8/0x300
[ 4.871938] test_use_after_free_read+0x78/0x144
[ 4.872080] kunit_try_run_case+0x40/0xa0
[ 4.872204] kunit_generic_run_threadfn_adapter+0x20/0x30
[ 4.872362] kthread+0x140/0x160
[ 4.872474] ret_from_fork+0x10/0x34
[ 4.872563]
[ 4.872563] freed by task 98:
[ 4.872721] test_use_after_free_read+0x98/0x144
[ 4.872844] kunit_try_run_case+0x40/0xa0
[ 4.872971] kunit_generic_run_threadfn_adapter+0x20/0x30
[ 4.873131] kthread+0x140/0x160
[ 4.873239] ret_from_fork+0x10/0x34
[ 4.873351]
[ 4.873424] CPU: 0 PID: 98 Comm: kunit_try_catch Tainted: G B 5.10.0-00010-gdc23e832cfe7 #1
[ 4.873657] Hardware name: linux,dummy-virt (DT)
[ 4.873795] pstate: 60000005 (nZCv daif -PAN -UAO -TCO BTYPE=--)
[ 4.873981] pc : test_use_after_free_read+0xb8/0x144
[ 4.874101] lr : test_use_after_free_read+0x98/0x144
[ 4.874238] sp : ffff80001240bd60
[ 4.874317] x29: ffff80001240bd60 x28: 0000000000000000
[ 4.874483] x27: ffff80001225bb78 x26: ffff0000040c2548
[ 4.874647] x25: ffff80001216a680 x24: ffff80001225bd00
[ 4.874808] x23: ffff80001051b4d0 x22: 0000000000000000
[ 4.874968] x21: ffff000005119c80 x20: ffff8000121e92b0
[ 4.875131] x19: ffff80001225bce8 x18: 0000000000000002
[ 4.875295] x17: 0000000000000001 x16: 0000000000000019
[ 4.875462] x15: 0000000000000001 x14: 000000000000304d
[ 4.875621] x13: ffff00000511a0f8 x12: 00000000ffffffea
[ 4.875787] x11: ffff800011e6ac28 x10: 0000000000000001
[ 4.875947] x9 : ffff8000115177f0 x8 : ffff8000115ba540
[ 4.876113] x7 : 0000000000000002 x6 : 0000000000000000
[ 4.876276] x5 : 0000000000000001 x4 : ffff800011e962e8
[ 4.876441] x3 : ffff000005dacfe0 x2 : ffff8000115177b0
[ 4.876604] x1 : ffff80001051b000 x0 : ffff00000511a0f8
[ 4.876772] Call trace:
[ 4.876863] test_use_after_free_read+0xb8/0x144
[ 4.877001] kunit_try_run_case+0x40/0xa0
[ 4.877123] kunit_generic_run_threadfn_adapter+0x20/0x30
[ 4.877280] kthread+0x140/0x160
[ 4.877390] ret_from_fork+0x10/0x34
[ 4.877504] ==================================================================
[ 4.878210] ok 6 - test_use_after_free_read-memcache
[ 4.878728] # test_double_free: test_alloc: size=32, gfp=cc0, policy=any, cache=0
[ 4.982293] ==================================================================
[ 4.982514] BUG: KFENCE: invalid free in test_double_free+0xbc/0x158
[ 4.982514]
[ 4.982738] Invalid free of 0xffff000005dae000 (in kfence-#38):
[ 4.982924] test_double_free+0xbc/0x158
[ 4.983049] kunit_try_run_case+0x40/0xa0
[ 4.983177] kunit_generic_run_threadfn_adapter+0x20/0x30
[ 4.983338] kthread+0x140/0x160
[ 4.983444] ret_from_fork+0x10/0x34
[ 4.983551]
[ 4.983616] kfence-#38 [0xffff000005dae000-0xffff000005dae01f, size=32, cache=kmalloc-128] allocated by task 99:
[ 4.983893] test_alloc+0xf8/0x300
[ 4.984008] test_double_free+0x78/0x158
[ 4.984132] kunit_try_run_case+0x40/0xa0
[ 4.984254] kunit_generic_run_threadfn_adapter+0x20/0x30
[ 4.984409] kthread+0x140/0x160
[ 4.984521] ret_from_fork+0x10/0x34
[ 4.984626]
[ 4.984626] freed by task 99:
[ 4.984772] test_double_free+0xa0/0x158
[ 4.984890] kunit_try_run_case+0x40/0xa0
[ 4.985012] kunit_generic_run_threadfn_adapter+0x20/0x30
[ 4.985168] kthread+0x140/0x160
[ 4.985276] ret_from_fork+0x10/0x34
[ 4.985385]
[ 4.985464] CPU: 0 PID: 99 Comm: kunit_try_catch Tainted: G B 5.10.0-00010-gdc23e832cfe7 #1
[ 4.985730] Hardware name: linux,dummy-virt (DT)
[ 4.985881] ==================================================================
[ 4.986319] ok 7 - test_double_free
[ 4.986677] # test_double_free-memcache: setup_test_cache: size=32, ctor=0x0
[ 4.987148] # test_double_free-memcache: test_alloc: size=32, gfp=cc0, policy=any, cache=1
[ 5.094154] ==================================================================
[ 5.094369] BUG: KFENCE: invalid free in test_double_free+0xb0/0x158
[ 5.094369]
[ 5.094586] Invalid free of 0xffff000005db0fe0 (in kfence-#39):
[ 5.094759] test_double_free+0xb0/0x158
[ 5.094885] kunit_try_run_case+0x40/0xa0
[ 5.095008] kunit_generic_run_threadfn_adapter+0x20/0x30
[ 5.095167] kthread+0x140/0x160
[ 5.095270] ret_from_fork+0x10/0x34
[ 5.095375]
[ 5.095441] kfence-#39 [0xffff000005db0fe0-0xffff000005db0fff, size=32, cache=test] allocated by task 100:
[ 5.095702] test_alloc+0xe8/0x300
[ 5.095815] test_double_free+0x78/0x158
[ 5.095937] kunit_try_run_case+0x40/0xa0
[ 5.096056] kunit_generic_run_threadfn_adapter+0x20/0x30
[ 5.096205] kthread+0x140/0x160
[ 5.096309] ret_from_fork+0x10/0x34
[ 5.096417]
[ 5.096417] freed by task 100:
[ 5.096569] test_double_free+0x98/0x158
[ 5.096685] kunit_try_run_case+0x40/0xa0
[ 5.096809] kunit_generic_run_threadfn_adapter+0x20/0x30
[ 5.096966] kthread+0x140/0x160
[ 5.097069] ret_from_fork+0x10/0x34
[ 5.097175]
[ 5.097244] CPU: 0 PID: 100 Comm: kunit_try_catch Tainted: G B 5.10.0-00010-gdc23e832cfe7 #1
[ 5.097504] Hardware name: linux,dummy-virt (DT)
[ 5.097624] ==================================================================
[ 5.098124] ok 8 - test_double_free-memcache
[ 5.098551] # test_invalid_addr_free: test_alloc: size=32, gfp=cc0, policy=any, cache=0
[ 5.206096] ==================================================================
[ 5.206305] BUG: KFENCE: invalid free in test_invalid_addr_free+0xa0/0x158
[ 5.206305]
[ 5.206514] Invalid free of 0xffff000005db2f81 (in kfence-#40):
[ 5.206691] test_invalid_addr_free+0xa0/0x158
[ 5.206830] kunit_try_run_case+0x40/0xa0
[ 5.206951] kunit_generic_run_threadfn_adapter+0x20/0x30
[ 5.207113] kthread+0x140/0x160
[ 5.207220] ret_from_fork+0x10/0x34
[ 5.207326]
[ 5.207393] kfence-#40 [0xffff000005db2f80-0xffff000005db2f9f, size=32, cache=kmalloc-128] allocated by task 101:
[ 5.207687] test_alloc+0xf8/0x300
[ 5.207799] test_invalid_addr_free+0x7c/0x158
[ 5.207937] kunit_try_run_case+0x40/0xa0
[ 5.208059] kunit_generic_run_threadfn_adapter+0x20/0x30
[ 5.208215] kthread+0x140/0x160
[ 5.208315] ret_from_fork+0x10/0x34
[ 5.208422]
[ 5.208498] CPU: 0 PID: 101 Comm: kunit_try_catch Tainted: G B 5.10.0-00010-gdc23e832cfe7 #1
[ 5.208752] Hardware name: linux,dummy-virt (DT)
[ 5.208880] ==================================================================
[ 5.209248] ok 9 - test_invalid_addr_free
[ 5.209613] # test_invalid_addr_free-memcache: setup_test_cache: size=32, ctor=0x0
[ 5.210262] # test_invalid_addr_free-memcache: test_alloc: size=32, gfp=cc0, policy=any, cache=1
[ 5.318089] ==================================================================
[ 5.318299] BUG: KFENCE: invalid free in test_invalid_addr_free+0x94/0x158
[ 5.318299]
[ 5.318531] Invalid free of 0xffff000005db4001 (in kfence-#41):
[ 5.318711] test_invalid_addr_free+0x94/0x158
[ 5.318846] kunit_try_run_case+0x40/0xa0
[ 5.318970] kunit_generic_run_threadfn_adapter+0x20/0x30
[ 5.319129] kthread+0x140/0x160
[ 5.319236] ret_from_fork+0x10/0x34
[ 5.319335]
[ 5.319401] kfence-#41 [0xffff000005db4000-0xffff000005db401f, size=32, cache=test] allocated by task 102:
[ 5.319653] test_alloc+0xe8/0x300
[ 5.319765] test_invalid_addr_free+0x7c/0x158
[ 5.319898] kunit_try_run_case+0x40/0xa0
[ 5.320019] kunit_generic_run_threadfn_adapter+0x20/0x30
[ 5.320177] kthread+0x140/0x160
[ 5.320278] ret_from_fork+0x10/0x34
[ 5.320386]
[ 5.320456] CPU: 0 PID: 102 Comm: kunit_try_catch Tainted: G B 5.10.0-00010-gdc23e832cfe7 #1
[ 5.320709] Hardware name: linux,dummy-virt (DT)
[ 5.320834] ==================================================================
[ 5.321376] ok 10 - test_invalid_addr_free-memcache
[ 5.321807] # test_corruption: test_alloc: size=32, gfp=cc0, policy=left, cache=0
[ 5.654148] ==================================================================
[ 5.654379] BUG: KFENCE: memory corruption in test_corruption+0xb0/0x1e4
[ 5.654379]
[ 5.654620] Corrupted memory at 0xffff000005dba020 [ 0x2a . . . . . . . . . . . . . . . ] (in kfence-#44):
[ 5.655047] test_corruption+0xb0/0x1e4
[ 5.655180] kunit_try_run_case+0x40/0xa0
[ 5.655310] kunit_generic_run_threadfn_adapter+0x20/0x30
[ 5.655473] kthread+0x140/0x160
[ 5.655583] ret_from_fork+0x10/0x34
[ 5.655694]
[ 5.655763] kfence-#44 [0xffff000005dba000-0xffff000005dba01f, size=32, cache=kmalloc-128] allocated by task 103:
[ 5.656037] test_alloc+0xf8/0x300
[ 5.656154] test_corruption+0x84/0x1e4
[ 5.656282] kunit_try_run_case+0x40/0xa0
[ 5.656410] kunit_generic_run_threadfn_adapter+0x20/0x30
[ 5.656581] kthread+0x140/0x160
[ 5.656687] ret_from_fork+0x10/0x34
[ 5.656794]
[ 5.656866] CPU: 0 PID: 103 Comm: kunit_try_catch Tainted: G B 5.10.0-00010-gdc23e832cfe7 #1
[ 5.657125] Hardware name: linux,dummy-virt (DT)
[ 5.657267] ==================================================================
[ 5.657571] # test_corruption: test_alloc: size=32, gfp=cc0, policy=right, cache=0
[ 5.878191] ==================================================================
[ 5.878406] BUG: KFENCE: memory corruption in test_corruption+0x15c/0x1e4
[ 5.878406]
[ 5.878627] Corrupted memory at 0xffff000005dbef7f [ 0x2a ] (in kfence-#46):
[ 5.878830] test_corruption+0x15c/0x1e4
[ 5.878934] kunit_try_run_case+0x40/0xa0
[ 5.879033] kunit_generic_run_threadfn_adapter+0x20/0x30
[ 5.879163] kthread+0x140/0x160
[ 5.879251] ret_from_fork+0x10/0x34
[ 5.879359]
[ 5.879426] kfence-#46 [0xffff000005dbef80-0xffff000005dbef9f, size=32, cache=kmalloc-128] allocated by task 103:
[ 5.879702] test_alloc+0xf8/0x300
[ 5.879822] test_corruption+0x130/0x1e4
[ 5.879953] kunit_try_run_case+0x40/0xa0
[ 5.880076] kunit_generic_run_threadfn_adapter+0x20/0x30
[ 5.880232] kthread+0x140/0x160
[ 5.880343] ret_from_fork+0x10/0x34
[ 5.880457]
[ 5.880531] CPU: 0 PID: 103 Comm: kunit_try_catch Tainted: G B 5.10.0-00010-gdc23e832cfe7 #1
[ 5.880796] Hardware name: linux,dummy-virt (DT)
[ 5.880935] ==================================================================
[ 5.881298] ok 11 - test_corruption
[ 5.881642] # test_corruption-memcache: setup_test_cache: size=32, ctor=0x0
[ 5.882217] # test_corruption-memcache: test_alloc: size=32, gfp=cc0, policy=left, cache=1
[ 6.214131] ==================================================================
[ 6.214376] BUG: KFENCE: memory corruption in test_corruption+0xa8/0x1e4
[ 6.214376]
[ 6.214611] Corrupted memory at 0xffff000005dc4020 [ 0x2a . . . . . . . . . . . . . . . ] (in kfence-#49):
[ 6.214982] test_corruption+0xa8/0x1e4
[ 6.215111] kunit_try_run_case+0x40/0xa0
[ 6.215231] kunit_generic_run_threadfn_adapter+0x20/0x30
[ 6.215366] kthread+0x140/0x160
[ 6.215462] ret_from_fork+0x10/0x34
[ 6.215574]
[ 6.215642] kfence-#49 [0xffff000005dc4000-0xffff000005dc401f, size=32, cache=test] allocated by task 104:
[ 6.215918] test_alloc+0xe8/0x300
[ 6.216035] test_corruption+0x84/0x1e4
[ 6.216159] kunit_try_run_case+0x40/0xa0
[ 6.216284] kunit_generic_run_threadfn_adapter+0x20/0x30
[ 6.216444] kthread+0x140/0x160
[ 6.216558] ret_from_fork+0x10/0x34
[ 6.216672]
[ 6.216745] CPU: 0 PID: 104 Comm: kunit_try_catch Tainted: G B 5.10.0-00010-gdc23e832cfe7 #1
[ 6.217009] Hardware name: linux,dummy-virt (DT)
[ 6.217147] ==================================================================
[ 6.217400] # test_corruption-memcache: test_alloc: size=32, gfp=cc0, policy=right, cache=1
[ 6.438099] ==================================================================
[ 6.438310] BUG: KFENCE: memory corruption in test_corruption+0x154/0x1e4
[ 6.438310]
[ 6.438539] Corrupted memory at 0xffff000005dc8fdf [ 0x2a ] (in kfence-#51):
[ 6.438746] test_corruption+0x154/0x1e4
[ 6.438875] kunit_try_run_case+0x40/0xa0
[ 6.438995] kunit_generic_run_threadfn_adapter+0x20/0x30
[ 6.439156] kthread+0x140/0x160
[ 6.439267] ret_from_fork+0x10/0x34
[ 6.439377]
[ 6.439445] kfence-#51 [0xffff000005dc8fe0-0xffff000005dc8fff, size=32, cache=test] allocated by task 104:
[ 6.439715] test_alloc+0xe8/0x300
[ 6.439833] test_corruption+0x130/0x1e4
[ 6.439959] kunit_try_run_case+0x40/0xa0
[ 6.440086] kunit_generic_run_threadfn_adapter+0x20/0x30
[ 6.440244] kthread+0x140/0x160
[ 6.440349] ret_from_fork+0x10/0x34
[ 6.440461]
[ 6.440540] CPU: 0 PID: 104 Comm: kunit_try_catch Tainted: G B 5.10.0-00010-gdc23e832cfe7 #1
[ 6.440801] Hardware name: linux,dummy-virt (DT)
[ 6.440934] ==================================================================
[ 6.441403] ok 12 - test_corruption-memcache
[ 6.442028] # test_free_bulk: test_alloc: size=262, gfp=cc0, policy=right, cache=0
[ 6.550089] # test_free_bulk: test_alloc: size=262, gfp=cc0, policy=none, cache=0
[ 6.550325] # test_free_bulk: test_alloc: size=262, gfp=cc0, policy=left, cache=0
[ 6.886058] # test_free_bulk: test_alloc: size=262, gfp=cc0, policy=none, cache=0
[ 6.886299] # test_free_bulk: test_alloc: size=262, gfp=cc0, policy=none, cache=0
[ 6.886906] # test_free_bulk: test_alloc: size=225, gfp=cc0, policy=right, cache=0
[ 6.998049] # test_free_bulk: test_alloc: size=225, gfp=cc0, policy=none, cache=0
[ 6.998272] # test_free_bulk: test_alloc: size=225, gfp=cc0, policy=left, cache=0
[ 7.110036] # test_free_bulk: test_alloc: size=225, gfp=cc0, policy=none, cache=0
[ 7.110251] # test_free_bulk: test_alloc: size=225, gfp=cc0, policy=none, cache=0
[ 7.110604] # test_free_bulk: test_alloc: size=212, gfp=cc0, policy=right, cache=0
[ 7.334073] # test_free_bulk: test_alloc: size=212, gfp=cc0, policy=none, cache=0
[ 7.334289] # test_free_bulk: test_alloc: size=212, gfp=cc0, policy=left, cache=0
[ 7.558074] # test_free_bulk: test_alloc: size=212, gfp=cc0, policy=none, cache=0
[ 7.558294] # test_free_bulk: test_alloc: size=212, gfp=cc0, policy=none, cache=0
[ 7.558631] # test_free_bulk: test_alloc: size=217, gfp=cc0, policy=right, cache=0
[ 7.670071] # test_free_bulk: test_alloc: size=217, gfp=cc0, policy=none, cache=0
[ 7.670286] # test_free_bulk: test_alloc: size=217, gfp=cc0, policy=left, cache=0
[ 7.782063] # test_free_bulk: test_alloc: size=217, gfp=cc0, policy=none, cache=0
[ 7.782279] # test_free_bulk: test_alloc: size=217, gfp=cc0, policy=none, cache=0
[ 7.782632] # test_free_bulk: test_alloc: size=14, gfp=cc0, policy=right, cache=0
[ 8.006072] # test_free_bulk: test_alloc: size=14, gfp=cc0, policy=none, cache=0
[ 8.006283] # test_free_bulk: test_alloc: size=14, gfp=cc0, policy=left, cache=0
[ 8.454042] # test_free_bulk: test_alloc: size=14, gfp=cc0, policy=none, cache=0
[ 8.454265] # test_free_bulk: test_alloc: size=14, gfp=cc0, policy=none, cache=0
[ 8.454686] ok 13 - test_free_bulk
[ 8.455163] # test_free_bulk-memcache: setup_test_cache: size=270, ctor=0x0
[ 8.455648] # test_free_bulk-memcache: test_alloc: size=270, gfp=cc0, policy=right, cache=1
[ 8.566057] # test_free_bulk-memcache: test_alloc: size=270, gfp=cc0, policy=none, cache=1
[ 8.566297] # test_free_bulk-memcache: test_alloc: size=270, gfp=cc0, policy=left, cache=1
[ 8.678102] # test_free_bulk-memcache: test_alloc: size=270, gfp=cc0, policy=none, cache=1
[ 8.678366] # test_free_bulk-memcache: test_alloc: size=270, gfp=cc0, policy=none, cache=1
[ 8.678973] # test_free_bulk-memcache: setup_test_cache: size=25, ctor=ctor_set_x
[ 8.679374] # test_free_bulk-memcache: test_alloc: size=25, gfp=cc0, policy=right, cache=1
[ 8.790062] # test_free_bulk-memcache: test_alloc: size=25, gfp=cc0, policy=none, cache=1
[ 8.790298] # test_free_bulk-memcache: test_alloc: size=25, gfp=cc0, policy=left, cache=1
[ 9.126092] # test_free_bulk-memcache: test_alloc: size=25, gfp=cc0, policy=none, cache=1
[ 9.126364] # test_free_bulk-memcache: test_alloc: size=25, gfp=cc0, policy=none, cache=1
[ 9.126926] # test_free_bulk-memcache: setup_test_cache: size=25, ctor=0x0
[ 9.127312] # test_free_bulk-memcache: test_alloc: size=25, gfp=cc0, policy=right, cache=1
[ 9.462058] # test_free_bulk-memcache: test_alloc: size=25, gfp=cc0, policy=none, cache=1
[ 9.462289] # test_free_bulk-memcache: test_alloc: size=25, gfp=cc0, policy=left, cache=1
[ 10.694067] # test_free_bulk-memcache: test_alloc: size=25, gfp=cc0, policy=none, cache=1
[ 10.694332] # test_free_bulk-memcache: test_alloc: size=25, gfp=cc0, policy=none, cache=1
[ 10.694902] # test_free_bulk-memcache: setup_test_cache: size=41, ctor=ctor_set_x
[ 10.695291] # test_free_bulk-memcache: test_alloc: size=41, gfp=cc0, policy=right, cache=1
[ 10.806056] # test_free_bulk-memcache: test_alloc: size=41, gfp=cc0, policy=none, cache=1
[ 10.806297] # test_free_bulk-memcache: test_alloc: size=41, gfp=cc0, policy=left, cache=1
[ 11.030067] # test_free_bulk-memcache: test_alloc: size=41, gfp=cc0, policy=none, cache=1
[ 11.030335] # test_free_bulk-memcache: test_alloc: size=41, gfp=cc0, policy=none, cache=1
[ 11.030890] # test_free_bulk-memcache: setup_test_cache: size=103, ctor=0x0
[ 11.031268] # test_free_bulk-memcache: test_alloc: size=103, gfp=cc0, policy=right, cache=1
[ 11.254050] # test_free_bulk-memcache: test_alloc: size=103, gfp=cc0, policy=none, cache=1
[ 11.254290] # test_free_bulk-memcache: test_alloc: size=103, gfp=cc0, policy=left, cache=1
[ 11.366064] # test_free_bulk-memcache: test_alloc: size=103, gfp=cc0, policy=none, cache=1
[ 11.366296] # test_free_bulk-memcache: test_alloc: size=103, gfp=cc0, policy=none, cache=1
[ 11.366872] ok 14 - test_free_bulk-memcache
[ 11.367268] ok 15 - test_init_on_free
[ 11.367845] ok 16 - test_init_on_free-memcache
[ 11.368240] # test_kmalloc_aligned_oob_read: test_alloc: size=73, gfp=cc0, policy=right, cache=0
[ 11.590176] ==================================================================
[ 11.590404] BUG: KFENCE: out-of-bounds read in test_kmalloc_aligned_oob_read+0x11c/0x1c4
[ 11.590404]
[ 11.590677] Out-of-bounds read at 0xffff000005e25049 (201B right of kfence-#97):
[ 11.590892] test_kmalloc_aligned_oob_read+0x11c/0x1c4
[ 11.591053] kunit_try_run_case+0x40/0xa0
[ 11.591175] kunit_generic_run_threadfn_adapter+0x20/0x30
[ 11.591335] kthread+0x140/0x160
[ 11.591447] ret_from_fork+0x10/0x34
[ 11.591558]
[ 11.591626] kfence-#97 [0xffff000005e24f80-0xffff000005e24fc8, size=73, cache=kmalloc-128] allocated by task 109:
[ 11.591915] test_alloc+0xf8/0x300
[ 11.592031] test_kmalloc_aligned_oob_read+0x84/0x1c4
[ 11.592184] kunit_try_run_case+0x40/0xa0
[ 11.592311] kunit_generic_run_threadfn_adapter+0x20/0x30
[ 11.592477] kthread+0x140/0x160
[ 11.592583] ret_from_fork+0x10/0x34
[ 11.592695]
[ 11.592772] CPU: 0 PID: 109 Comm: kunit_try_catch Tainted: G B 5.10.0-00010-gdc23e832cfe7 #1
[ 11.593034] Hardware name: linux,dummy-virt (DT)
[ 11.593170] pstate: 60000005 (nZCv daif -PAN -UAO -TCO BTYPE=--)
[ 11.593345] pc : test_kmalloc_aligned_oob_read+0x11c/0x1c4
[ 11.593509] lr : test_kmalloc_aligned_oob_read+0x104/0x1c4
[ 11.593663] sp : ffff80001240bd30
[ 11.593767] x29: ffff80001240bd30 x28: 0000000000000000
[ 11.593963] x27: ffff8000121e92b0 x26: ffff8000115177b0
[ 11.594132] x25: ffff000005118000 x24: ffff8000115178d8
[ 11.594295] x23: 0000000000000080 x22: ffff8000121e9000
[ 11.594457] x21: ffff80001051b210 x20: ffff80001225bce8
[ 11.594615] x19: ffff000005e24f80 x18: 0000000000000010
[ 11.594775] x17: 0000000000000001 x16: 0000000000000019
[ 11.594936] x15: ffff000005118478 x14: 00000000000001f7
[ 11.595097] x13: 0000000000000001 x12: 0000000000000000
[ 11.595256] x11: 0000000000000000 x10: 0000000000000001
[ 11.595395] x9 : ffff8000115177f0 x8 : ffff8000115ba540
[ 11.595538] x7 : ffff80001051b288 x6 : ffff80001150dae0
[ 11.595699] x5 : 0000000000000001 x4 : 000001cd00000001
[ 11.595859] x3 : 000001d200000001 x2 : ffff000005e25049
[ 11.596014] x1 : ffff800011517000 x0 : 00000000000000c9
[ 11.596175] Call trace:
[ 11.596265] test_kmalloc_aligned_oob_read+0x11c/0x1c4
[ 11.596422] kunit_try_run_case+0x40/0xa0
[ 11.596551] kunit_generic_run_threadfn_adapter+0x20/0x30
[ 11.596711] kthread+0x140/0x160
[ 11.596819] ret_from_fork+0x10/0x34
[ 11.596931] ==================================================================
[ 11.597388] ok 17 - test_kmalloc_aligned_oob_read
[ 11.597802] # test_kmalloc_aligned_oob_write: test_alloc: size=73, gfp=cc0, policy=right, cache=0
[ 11.702169] ==================================================================
[ 11.702382] BUG: KFENCE: memory corruption in test_kmalloc_aligned_oob_write+0xf0/0x180
[ 11.702382]
[ 11.702641] Corrupted memory at 0xffff000005e26fc9 [ 0xac . . . . . . . . . . . . . . . ] (in kfence-#98):
[ 11.702997] test_kmalloc_aligned_oob_write+0xf0/0x180
[ 11.703131] kunit_try_run_case+0x40/0xa0
[ 11.703253] kunit_generic_run_threadfn_adapter+0x20/0x30
[ 11.703412] kthread+0x140/0x160
[ 11.703516] ret_from_fork+0x10/0x34
[ 11.703621]
[ 11.703685] kfence-#98 [0xffff000005e26f80-0xffff000005e26fc8, size=73, cache=kmalloc-128] allocated by task 110:
[ 11.703945] test_alloc+0xf8/0x300
[ 11.704057] test_kmalloc_aligned_oob_write+0x70/0x180
[ 11.704211] kunit_try_run_case+0x40/0xa0
[ 11.704335] kunit_generic_run_threadfn_adapter+0x20/0x30
[ 11.704496] kthread+0x140/0x160
[ 11.704602] ret_from_fork+0x10/0x34
[ 11.704714]
[ 11.704785] CPU: 0 PID: 110 Comm: kunit_try_catch Tainted: G B 5.10.0-00010-gdc23e832cfe7 #1
[ 11.705047] Hardware name: linux,dummy-virt (DT)
[ 11.705179] ==================================================================
[ 11.705520] ok 18 - test_kmalloc_aligned_oob_write
[ 11.706046] # test_shrink_memcache: setup_test_cache: size=32, ctor=0x0
[ 11.706593] # test_shrink_memcache: test_alloc: size=32, gfp=cc0, policy=any, cache=1
[ 11.814697] ok 19 - test_shrink_memcache
[ 11.815114] # test_memcache_ctor: setup_test_cache: size=32, ctor=ctor_set_x
[ 11.815601] # test_memcache_ctor: test_alloc: size=32, gfp=cc0, policy=any, cache=1
[ 11.926426] ok 20 - test_memcache_ctor
[ 11.926879] ==================================================================
[ 11.927219] BUG: KFENCE: invalid read in test_invalid_access+0x58/0xe8
[ 11.927219]
[ 11.927454] Invalid read at 0xffff000005d6000a:
[ 11.927604] test_invalid_access+0x58/0xe8
[ 11.927732] kunit_try_run_case+0x40/0xa0
[ 11.927857] kunit_generic_run_threadfn_adapter+0x20/0x30
[ 11.928017] kthread+0x140/0x160
[ 11.928122] ret_from_fork+0x10/0x34
[ 11.928231]
[ 11.928304] CPU: 0 PID: 113 Comm: kunit_try_catch Tainted: G B 5.10.0-00010-gdc23e832cfe7 #1
[ 11.928571] Hardware name: linux,dummy-virt (DT)
[ 11.928711] pstate: 60000005 (nZCv daif -PAN -UAO -TCO BTYPE=--)
[ 11.928882] pc : test_invalid_access+0x58/0xe8
[ 11.929016] lr : kunit_try_run_case+0x40/0xa0
[ 11.929144] sp : ffff80001240bd70
[ 11.929246] x29: ffff80001240bd70 x28: 0000000000000000
[ 11.929416] x27: ffff80001225bb78 x26: ffff0000040c2848
[ 11.929571] x25: ffff80001216a680 x24: ffff80001225bd00
[ 11.929729] x23: ffff80001051b4d0 x22: 0000000000000000
[ 11.930050] x21: ffff800011e966b0 x20: ffff80001225bce8
[ 11.930232] x19: ffff000005118000 x18: 000000000000000e
[ 11.930395] x17: 0000000000000001 x16: 0000000000000019
[ 11.930559] x15: 0000000000000004 x14: 0000000000000220
[ 11.930722] x13: 0000000000000001 x12: ffffffffffffffff
[ 11.930884] x11: 0000000000000007 x10: fffffffffffffffd
[ 11.931047] x9 : 0000000000000008 x8 : 0000000000000005
[ 11.931208] x7 : ffffffffffffffff x6 : 0c0904073e020b06
[ 11.931367] x5 : ffff000005d60000 x4 : ffff8000115177b0
[ 11.931525] x3 : ffff000005d6000a x2 : 0000000000000001
[ 11.931685] x1 : ffff8000121e92b0 x0 : ffff80001225bce8
[ 11.931848] Call trace:
[ 11.931939] test_invalid_access+0x58/0xe8
[ 11.932068] kunit_try_run_case+0x40/0xa0
[ 11.932196] kunit_generic_run_threadfn_adapter+0x20/0x30
[ 11.932357] kthread+0x140/0x160
[ 11.932468] ret_from_fork+0x10/0x34
[ 11.932586] ==================================================================
[ 11.932951] ok 21 - test_invalid_access
[ 11.933297] # test_gfpzero: test_alloc: size=4096, gfp=cc0, policy=any, cache=0
[ 12.038134] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 12.150077] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 12.262054] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 12.374041] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 12.486047] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 12.598050] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 12.710044] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 12.822044] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 12.934049] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 13.046047] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 13.158043] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 13.270049] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 13.382050] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 13.494046] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 13.606043] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 13.718048] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 13.830048] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 13.942049] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 14.054045] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 14.166044] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 14.278050] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 14.390043] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 14.502046] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 14.614041] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 14.726046] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 14.838040] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 14.950047] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 15.062046] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 15.174048] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 15.286047] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 15.398047] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 15.510044] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 15.622041] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 15.734043] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 15.846046] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 15.958041] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 16.070049] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 16.182048] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 16.294050] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 16.406045] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 16.518047] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 16.630046] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 16.742048] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 16.854086] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 16.966060] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 17.078045] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 17.190057] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 17.302050] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 17.414044] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 17.526048] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 17.638047] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 17.750045] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 17.862041] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 17.974046] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 18.086045] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 18.198045] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 18.310050] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 18.422046] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 18.534047] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 18.646042] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 18.758042] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 18.870030] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 18.982059] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 19.094048] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 19.206050] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 19.318042] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 19.430042] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 19.542044] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 19.654044] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 19.766048] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 19.878045] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 19.990051] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 20.102050] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 20.214049] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 20.326045] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 20.438042] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 20.550053] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 20.662047] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 20.774042] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 20.886042] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 20.998041] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 21.110162] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 21.222055] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 21.334051] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 21.446038] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 21.558044] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 21.670045] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 21.782052] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 21.894042] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 22.006039] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 22.118042] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 22.230042] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 22.342039] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 22.454047] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 22.566042] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 22.678047] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 22.790037] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 22.902081] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 23.014049] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 23.126039] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 23.238037] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 23.350052] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 23.462038] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 23.574036] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 23.686048] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 23.798045] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 23.910043] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 24.022049] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 24.134044] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 24.246047] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 24.358045] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 24.470040] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 24.582045] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 24.694044] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 24.806048] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 24.918045] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 25.030060] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 25.142043] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 25.254046] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 25.366047] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 25.478047] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 25.590045] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 25.702043] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 25.814051] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 25.926046] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 26.038044] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 26.150037] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 26.262046] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 26.374046] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 26.486042] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 26.598044] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 26.710047] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 26.822040] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 26.934039] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 27.046035] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 27.158043] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 27.270043] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 27.382040] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 27.494040] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 27.606040] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 27.718044] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 27.830043] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 27.942039] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 28.054042] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 28.166041] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 28.278041] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 28.390042] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 28.502039] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 28.614041] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 28.726040] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 28.838058] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 28.950048] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 29.062046] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 29.174041] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 29.286058] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 29.398048] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 29.510047] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 29.622047] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 29.734043] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 29.846038] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 29.958049] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 30.070046] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 30.182040] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 30.294046] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 30.406043] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 30.518037] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 30.630041] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 30.742042] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 30.854036] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 30.966041] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 31.078036] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 31.190037] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 31.302043] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 31.414043] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 31.526044] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 31.638032] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 31.750043] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 31.862053] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 31.974045] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 32.086045] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 32.198045] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 32.310045] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 32.422050] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 32.534040] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 32.646037] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 32.758043] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 32.870041] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 32.982045] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 33.094160] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 33.206056] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 33.318045] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 33.430046] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 33.542047] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 33.654035] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 33.766038] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 33.878048] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 33.990052] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 34.102043] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 34.214038] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 34.326043] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 34.438039] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 34.550043] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 34.662034] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 34.774039] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 34.886095] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 34.998063] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 35.110055] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 35.222039] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 35.334038] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 35.446046] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 35.558049] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 35.670045] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 35.782037] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 35.894048] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 36.006046] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 36.118049] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 36.230090] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 36.342044] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 36.454050] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 36.566043] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 36.678044] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 36.790045] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 36.902046] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 37.014047] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 37.126044] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 37.238060] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 37.350050] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 37.462049] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 37.574056] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 37.686046] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 37.798047] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 37.910043] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 38.022046] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 38.134051] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 38.246055] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 38.358041] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 38.470046] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 38.582045] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 38.694043] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 38.806038] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 38.918042] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 39.030055] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 39.142047] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 39.254050] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 39.366051] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 39.478047] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 39.590047] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 39.702047] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 39.814050] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 39.926045] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 40.038047] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 40.150499] ok 22 - test_gfpzero
[ 40.150950] # test_memcache_typesafe_by_rcu: setup_test_cache: size=32, ctor=0x0
[ 40.151488] # test_memcache_typesafe_by_rcu: test_alloc: size=32, gfp=cc0, policy=any, cache=1
[ 40.274709] ==================================================================
[ 40.275003] BUG: KFENCE: use-after-free read in test_memcache_typesafe_by_rcu+0x1b8/0x298
[ 40.275003]
[ 40.275279] Use-after-free read at 0xffff000005e2e000 (in kfence-#102):
[ 40.275473] test_memcache_typesafe_by_rcu+0x1b8/0x298
[ 40.275635] kunit_try_run_case+0x40/0xa0
[ 40.275754] kunit_generic_run_threadfn_adapter+0x20/0x30
[ 40.275904] kthread+0x140/0x160
[ 40.276007] ret_from_fork+0x10/0x34
[ 40.276112]
[ 40.276177] kfence-#102 [0xffff000005e2e000-0xffff000005e2e01f, size=32, cache=test] allocated by task 115:
[ 40.276436] test_alloc+0xe8/0x300
[ 40.276555] test_memcache_typesafe_by_rcu+0xc8/0x298
[ 40.276704] kunit_try_run_case+0x40/0xa0
[ 40.276822] kunit_generic_run_threadfn_adapter+0x20/0x30
[ 40.276977] kthread+0x140/0x160
[ 40.277073] ret_from_fork+0x10/0x34
[ 40.277167]
[ 40.277167] freed by task 0:
[ 40.277402] rcu_guarded_free+0x1c/0x28
[ 40.277528] rcu_core+0x26c/0x970
[ 40.277631] rcu_core_si+0x10/0x20
[ 40.277737] __do_softirq+0x130/0x3d8
[ 40.277858] irq_exit+0xc0/0xe0
[ 40.277940] __handle_domain_irq+0x68/0xc0
[ 40.278041] gic_handle_irq+0xa8/0xe0
[ 40.278145] el1_irq+0xc4/0x180
[ 40.278226] arch_cpu_idle+0x18/0x28
[ 40.278319] default_idle_call+0x3c/0x1d4
[ 40.278443] do_idle+0x21c/0x268
[ 40.278538] cpu_startup_entry+0x24/0x68
[ 40.278660] rest_init+0xd8/0xe8
[ 40.278766] arch_call_rest_init+0x10/0x1c
[ 40.278887] start_kernel+0x51c/0x558
[ 40.278997]
[ 40.279071] CPU: 0 PID: 115 Comm: kunit_try_catch Tainted: G B 5.10.0-00010-gdc23e832cfe7 #1
[ 40.279320] Hardware name: linux,dummy-virt (DT)
[ 40.279458] pstate: 60000005 (nZCv daif -PAN -UAO -TCO BTYPE=--)
[ 40.279622] pc : test_memcache_typesafe_by_rcu+0x1b8/0x298
[ 40.279775] lr : test_memcache_typesafe_by_rcu+0x1a0/0x298
[ 40.279934] sp : ffff80001240bd20
[ 40.280035] x29: ffff80001240bd20 x28: 000000000000002a
[ 40.280196] x27: ffff80001051b288 x26: ffff80001150dae0
[ 40.280353] x25: ffff800011517b20 x24: ffff800011517b30
[ 40.280511] x23: ffff000005118000 x22: ffff80001051b210
[ 40.280671] x21: ffff8000115177b0 x20: ffff8000121e92b8
[ 40.280819] x19: ffff80001225bce8 x18: 000000000000000e
[ 40.280965] x17: 0000000000000001 x16: 0000000000000019
[ 40.281122] x15: 0000000000000004 x14: 00000000000003eb
[ 40.281268] x13: 0000000000000000 x12: 0000000000000000
[ 40.281425] x11: 0000000000000000 x10: 00000000000009f0
[ 40.281573] x9 : ffff80001240bb00 x8 : ffff000005118a50
[ 40.281734] x7 : ffff000005fa5bc0 x6 : 00000000967f5a1d
[ 40.281881] x5 : 0000029f00000001 x4 : 0000000000000000
[ 40.282039] x3 : 0000000000000000 x2 : ffff000005e2e000
[ 40.282199] x1 : ffff80001240bda0 x0 : ffff80001225bce8
[ 40.282341] Call trace:
[ 40.282430] test_memcache_typesafe_by_rcu+0x1b8/0x298
[ 40.282585] kunit_try_run_case+0x40/0xa0
[ 40.282702] kunit_generic_run_threadfn_adapter+0x20/0x30
[ 40.282847] kthread+0x140/0x160
[ 40.282950] ret_from_fork+0x10/0x34
[ 40.283056] ==================================================================
[ 40.283837] ok 23 - test_memcache_typesafe_by_rcu
[ 40.284352] # test_krealloc: test_alloc: size=32, gfp=cc0, policy=any, cache=0
[ 40.374565] ==================================================================
[ 40.374785] BUG: KFENCE: use-after-free read in test_krealloc+0x3b8/0x444
[ 40.374785]
[ 40.374983] Use-after-free read at 0xffff000005e30000 (in kfence-#103):
[ 40.375172] test_krealloc+0x3b8/0x444
[ 40.375290] kunit_try_run_case+0x40/0xa0
[ 40.375413] kunit_generic_run_threadfn_adapter+0x20/0x30
[ 40.375567] kthread+0x140/0x160
[ 40.375672] ret_from_fork+0x10/0x34
[ 40.375777]
[ 40.375839] kfence-#103 [0xffff000005e30000-0xffff000005e3001f, size=32, cache=kmalloc-128] allocated by task 116:
[ 40.376122] test_alloc+0xf8/0x300
[ 40.376231] test_krealloc+0x6c/0x444
[ 40.376346] kunit_try_run_case+0x40/0xa0
[ 40.376465] kunit_generic_run_threadfn_adapter+0x20/0x30
[ 40.376612] kthread+0x140/0x160
[ 40.376708] ret_from_fork+0x10/0x34
[ 40.376807]
[ 40.376807] freed by task 116:
[ 40.376953] krealloc+0x94/0x118
[ 40.377055] test_krealloc+0x154/0x444
[ 40.377171] kunit_try_run_case+0x40/0xa0
[ 40.377292] kunit_generic_run_threadfn_adapter+0x20/0x30
[ 40.377437] kthread+0x140/0x160
[ 40.377538] ret_from_fork+0x10/0x34
[ 40.377645]
[ 40.377715] CPU: 0 PID: 116 Comm: kunit_try_catch Tainted: G B 5.10.0-00010-gdc23e832cfe7 #1
[ 40.377965] Hardware name: linux,dummy-virt (DT)
[ 40.378101] pstate: 60000005 (nZCv daif -PAN -UAO -TCO BTYPE=--)
[ 40.378270] pc : test_krealloc+0x3b8/0x444
[ 40.378391] lr : test_krealloc+0x3a4/0x444
[ 40.378511] sp : ffff800012413d00
[ 40.378606] x29: ffff800012413d00 x28: ffff0000040c26ff
[ 40.378768] x27: 0000000000000041 x26: ffff800011517000
[ 40.378924] x25: ffff0000040c2700 x24: ffff800011517970
[ 40.379072] x23: ffff80001051b210 x22: ffff80001150dae0
[ 40.379210] x21: ffff8000121e92b0 x20: ffff8000115177b0
[ 40.379364] x19: ffff80001225bce8 x18: 0000000000000010
[ 40.379524] x17: 0000000000000001 x16: 0000000000000019
[ 40.379682] x15: ffff00000511bd78 x14: 00000000000000f7
[ 40.379841] x13: 0000000000000001 x12: 0000000000000000
[ 40.379997] x11: 0000000000000000 x10: 0000000000000001
[ 40.380143] x9 : ffff8000115177f0 x8 : 000002c400000001
[ 40.380290] x7 : 0000000000000010 x6 : ffff800011517ad0
[ 40.380444] x5 : 0000000000000000 x4 : ffff8000115178d8
[ 40.380596] x3 : 000002c800000000 x2 : ffff000005e30000
[ 40.380748] x1 : 0000000000000001 x0 : ffff800011517b08
[ 40.380908] Call trace:
[ 40.380992] test_krealloc+0x3b8/0x444
[ 40.381105] kunit_try_run_case+0x40/0xa0
[ 40.381221] kunit_generic_run_threadfn_adapter+0x20/0x30
[ 40.381376] kthread+0x140/0x160
[ 40.381476] ret_from_fork+0x10/0x34
[ 40.381579] ==================================================================
[ 40.382155] ok 24 - test_krealloc
[ 40.382612] # test_memcache_alloc_bulk: setup_test_cache: size=32, ctor=0x0
[ 40.486489] ok 25 - test_memcache_alloc_bulk
[ 40.486552] ok 1 - kfence
总结
使用 QEMU 进行模拟,需要一点勇气来面对这些个参数。
面对一个新的模拟任务,多花一点时间探索最佳的参数是值得的。
在遇到问题的时候,灵活的查阅资料和进行尝试,使用控制变量法来确定可行的参数。
This
post
by Yingjie Shang is licensed under
CC BY 4.0