Regressions seen on Linux v6.13-rc7-42785-gc9b3cfdb79f8 Good: v6.13-rc7-42772-g439f25a2460a Bad: v6.13-rc7-42785-gc9b3cfdb79f8 Reported-by: Linux Kernel Functional Testing Boot regression: qemu-arm64, log-parser-boot/exception-warning-cpu-pid-at-libmathint_log-intlog10 Boot log: --------- ------------[ cut here ]------------ [ 25.524988] WARNING: CPU: 0 PID: 433 at lib/math/int_log.c:120 intlog10+0xc8/0x128 [ 25.526536] Modules linked in: [ 25.526757] CPU: 0 UID: 0 PID: 433 Comm: kunit_try_catch Tainted: G D W N 6.16.0-rc3 #1 PREEMPT [ 25.527130] Tainted: [D]=DIE, [W]=WARN, [N]=TEST [ 25.527363] Hardware name: linux,dummy-virt (DT) [ 25.527888] pstate: 82402009 (Nzcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--) [ 25.528661] pc : intlog10+0xc8/0x128 [ 25.529175] lr : intlog10_test+0x88/0x180 [ 25.529711] sp : ffff800080ff7cd0 [ 25.530117] x29: ffff800080ff7cf0 x28: dfff800000000000 x27: 1ffe000018f66b95 [ 25.530909] x26: fff00000c7ae2aa0 x25: ffff8000800878a8 x24: 0000000000000000 [ 25.531698] x23: dfff800000000000 x22: fff00000c7b36698 x21: ffff9d80e575e890 [ 25.532510] x20: ffff9d80e3bd6b20 x19: ffff800080087b08 x18: ffff800080097940 [ 25.533500] x17: ffff80008009793c x16: 0000000000000000 x15: 0000000000000001 [ 25.533861] x14: 1ffff3b01cda2280 x13: 0000000000000000 x12: 0000000000000000 [ 25.534223] x11: ffff73b01cda2281 x10: 0000000000000017 x9 : 0000000000000007 [ 25.534711] x8 : 0000000000000000 x7 : ffff80008009794c x6 : 0000000000000014 [ 25.535473] x5 : 00000000a3c8a1f6 x4 : 0000000000000001 x3 : ffff9d80e117db5c [ 25.536207] x2 : 0000000000000000 x1 : 00000000006b9a4d x0 : 0000000000000000 [ 25.536999] Call trace: [ 25.537367] intlog10+0xc8/0x128 (P) [ 25.537792] intlog10_test+0x88/0x180 [ 25.538209] kunit_try_run_case+0x118/0x31c [ 25.538582] kunit_generic_run_threadfn_adapter+0x84/0x104 [ 25.538820] kthread+0x3f4/0x51c [ 25.538995] ret_from_fork+0x10/0x20 [ 25.539178] ---[ end trace 0000000000000000 ]--- Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891601/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891601/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28892245/suite/log-parser-boot/test/exception-warning-cpu-pid-at-libmathint_log-intlog10-4740407759b4f3fa13c4b738cdf803651dcf005e24a66895092c47ada2bb428f/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28892245/suite/log-parser-boot/test/exception-warning-cpu-pid-at-libmathint_log-intlog10-4740407759b4f3fa13c4b738cdf803651dcf005e24a66895092c47ada2bb428f/attachments/reproducer Boot regression: qemu-arm64, log-parser-boot/exception-warning-cpu-pid-at-libmathint_log-intlog2 Boot log: --------- ------------[ cut here ]------------ [ 25.487584] WARNING: CPU: 0 PID: 415 at lib/math/int_log.c:63 intlog2+0xb8/0x118 [ 25.489161] Modules linked in: [ 25.489485] CPU: 0 UID: 0 PID: 415 Comm: kunit_try_catch Tainted: G D N 6.16.0-rc3 #1 PREEMPT [ 25.490005] Tainted: [D]=DIE, [N]=TEST [ 25.490239] Hardware name: linux,dummy-virt (DT) [ 25.490518] pstate: 82402009 (Nzcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--) [ 25.490900] pc : intlog2+0xb8/0x118 [ 25.491137] lr : intlog2_test+0x88/0x180 [ 25.491393] sp : ffff800080fe7cd0 [ 25.491608] x29: ffff800080fe7cf0 x28: dfff800000000000 x27: 1ffe000018f59945 [ 25.492065] x26: fff00000c7a70e20 x25: ffff8000800878a8 x24: 0000000000000000 [ 25.492513] x23: dfff800000000000 x22: fff00000c7acd418 x21: ffff9d80e575e890 [ 25.492968] x20: ffff9d80e3bd6840 x19: ffff800080087b08 x18: ffff800080097940 [ 25.493339] x17: ffff80008009793c x16: 0000000000000000 x15: 0000000000000001 [ 25.493915] x14: 1ffff3b01cda2280 x13: 0000000000000000 x12: 0000000000000000 [ 25.494405] x11: ffff73b01cda2281 x10: 0000000000000017 x9 : 0000000000000007 [ 25.495845] x8 : 0000000000000000 x7 : ffff80008009794c x6 : 0000000000000014 [ 25.497008] x5 : 00000000d77f0ed5 x4 : 0000000000000000 x3 : ffff9d80e117db5c [ 25.498264] x2 : 0000000000000000 x1 : 00000000001b4b1c x0 : 0000000000000000 [ 25.499002] Call trace: [ 25.499499] intlog2+0xb8/0x118 (P) [ 25.500121] intlog2_test+0x88/0x180 [ 25.500706] kunit_try_run_case+0x118/0x31c [ 25.501341] kunit_generic_run_threadfn_adapter+0x84/0x104 [ 25.501975] kthread+0x3f4/0x51c [ 25.502472] ret_from_fork+0x10/0x20 [ 25.503334] ---[ end trace 0000000000000000 ]--- Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891601/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891601/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28892245/suite/log-parser-boot/test/exception-warning-cpu-pid-at-libmathint_log-intlog2-4f72630d0261106074c94ccb0be1523e795d69f894a1338bd21884d98872d314/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28892245/suite/log-parser-boot/test/exception-warning-cpu-pid-at-libmathint_log-intlog2-4f72630d0261106074c94ccb0be1523e795d69f894a1338bd21884d98872d314/attachments/reproducer Boot regression: qemu-arm64, log-parser-boot/internal-error-oops-oops-smp Boot log: --------- [ 24.858183] Internal error: Oops: 0000000096000005 [#1] SMP [ 24.863656] Modules linked in: [ 24.866260] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G N 6.16.0-rc3 #1 PREEMPT [ 24.867252] Tainted: [N]=TEST [ 24.867634] Hardware name: linux,dummy-virt (DT) [ 24.868313] pstate: 81400009 (Nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [ 24.869344] pc : kunit_test_null_dereference+0x2c/0x114 [ 24.870579] lr : kunit_generic_run_threadfn_adapter+0x84/0x104 [ 24.871173] sp : ffff800080b97db0 [ 24.871584] x29: ffff800080b97dc0 x28: dfff800000000000 x27: 1ffe000018ec9945 [ 24.872227] x26: fff00000c73829a0 x25: ffff800080ce7b48 x24: fff00000c7380f90 [ 24.873102] x23: 1ffe000018e70521 x22: dfff800000000000 x21: dfff800000000000 [ 24.873929] x20: ffff9d80e1b9ddfc x19: fff00000c7382908 x18: 0000000000000002 [ 24.874704] x17: 0000000000000075 x16: 0000000000000000 x15: 0000000000000001 [ 24.875257] x14: 1ffe000018ec9a33 x13: 0000000000000000 x12: 0000000000000000 [ 24.875634] x11: fffd800018ec9a34 x10: dfff800000000000 x9 : 1ffe000018e70522 [ 24.876037] x8 : 90e10f9066077b00 x7 : ffff9d80e3bc8b20 x6 : ffff9d80e3bcc420 [ 24.876408] x5 : ffff9d80e3ba4e80 x4 : 0000000000000001 x3 : ffff9d80e3a4b398 [ 24.877281] x2 : 0000000000000001 x1 : 0000000000000001 x0 : ffff800080087b08 [ 24.878272] Call trace: [ 24.878766] kunit_test_null_dereference+0x2c/0x114 (P) [ 24.879472] kunit_generic_run_threadfn_adapter+0x84/0x104 [ 24.880032] kthread+0x3f4/0x51c [ 24.880459] ret_from_fork+0x10/0x20 [ 24.881324] Code: d2d00015 f9426d08 f2fbfff5 f90007e8 (39c002a8) [ 24.882198] ---[ end trace 0000000000000000 ]--- Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891601/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891601/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28892245/suite/log-parser-boot/test/internal-error-oops-oops-smp-5aed34198771770d956480dd13297543d685fef998a9a208b17d3006518fa730/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28892245/suite/log-parser-boot/test/internal-error-oops-oops-smp-5aed34198771770d956480dd13297543d685fef998a9a208b17d3006518fa730/attachments/reproducer Boot regression: qemu-arm64, log-parser-boot/bug-bug-kasan-slab-out-of-bounds-in-kasan_bitops_modifyconstprop Boot log: --------- [ 20.831296] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x2b4/0xbc0 --- [ 20.849842] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0xaec/0xbc0 Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891601/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891601/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28892381/suite/log-parser-boot/test/bug-bug-kasan-slab-out-of-bounds-in-kasan_bitops_modifyconstprop-1ee5ef2511e07f294af6095e9c2c6a1e7272557b15c1870b935050db6cd94142/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28892381/suite/log-parser-boot/test/bug-bug-kasan-slab-out-of-bounds-in-kasan_bitops_modifyconstprop-1ee5ef2511e07f294af6095e9c2c6a1e7272557b15c1870b935050db6cd94142/attachments/reproducer Boot regression: qemu-arm64, log-parser-boot/bug-bug-kasan-slab-out-of-bounds-in-kasan_bitops_test_and_modifyconstprop Boot log: --------- [ 20.927500] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x1d8/0xbc0 --- [ 20.936272] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xa48/0xbc0 Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891601/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891601/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28892381/suite/log-parser-boot/test/bug-bug-kasan-slab-out-of-bounds-in-kasan_bitops_test_and_modifyconstprop-70648883f18883535aba2525c004f1abad27c70796a6777f22bdcf1c7a6a91da/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28892381/suite/log-parser-boot/test/bug-bug-kasan-slab-out-of-bounds-in-kasan_bitops_test_and_modifyconstprop-70648883f18883535aba2525c004f1abad27c70796a6777f22bdcf1c7a6a91da/attachments/reproducer Boot regression: qemu-arm64, log-parser-boot/kasan-bug-kasan-double-free-in-kfree_sensitive Boot log: --------- [ 18.159371] ================================================================== [ 18.159518] BUG: KASAN: double-free in kfree_sensitive+0x3c/0xb0 [ 18.159837] Free of addr fff00000c3f2a5e0 by task kunit_try_catch/193 [ 18.159965] [ 18.160096] CPU: 1 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3 #1 PREEMPT [ 18.160297] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.160350] Hardware name: linux,dummy-virt (DT) [ 18.160416] Call trace: [ 18.160467] show_stack+0x20/0x38 (C) [ 18.160873] dump_stack_lvl+0x8c/0xd0 [ 18.161194] print_report+0x118/0x608 [ 18.161366] kasan_report_invalid_free+0xc0/0xe8 [ 18.161490] check_slab_allocation+0xd4/0x108 [ 18.161619] __kasan_slab_pre_free+0x2c/0x48 [ 18.161775] kfree+0xe8/0x3c8 [ 18.161903] kfree_sensitive+0x3c/0xb0 [ 18.162034] kmalloc_double_kzfree+0x168/0x308 [ 18.162177] kunit_try_run_case+0x170/0x3f0 [ 18.162334] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.162518] kthread+0x328/0x630 [ 18.162611] ret_from_fork+0x10/0x20 [ 18.162779] [ 18.162915] Allocated by task 193: [ 18.162972] kasan_save_stack+0x3c/0x68 [ 18.163057] kasan_save_track+0x20/0x40 [ 18.163151] kasan_save_alloc_info+0x40/0x58 [ 18.163228] __kasan_kmalloc+0xd4/0xd8 [ 18.163295] __kmalloc_cache_noprof+0x16c/0x3c0 [ 18.163374] kmalloc_double_kzfree+0xb8/0x308 [ 18.163786] kunit_try_run_case+0x170/0x3f0 [ 18.163916] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.164024] kthread+0x328/0x630 [ 18.164101] ret_from_fork+0x10/0x20 [ 18.164221] [ 18.164262] Freed by task 193: [ 18.164322] kasan_save_stack+0x3c/0x68 [ 18.164397] kasan_save_track+0x20/0x40 [ 18.164500] kasan_save_free_info+0x4c/0x78 [ 18.164582] __kasan_slab_free+0x6c/0x98 [ 18.164758] kfree+0x214/0x3c8 [ 18.164855] kfree_sensitive+0x80/0xb0 [ 18.164973] kmalloc_double_kzfree+0x11c/0x308 [ 18.165059] kunit_try_run_case+0x170/0x3f0 [ 18.165160] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.165267] kthread+0x328/0x630 [ 18.165340] ret_from_fork+0x10/0x20 [ 18.165430] [ 18.165476] The buggy address belongs to the object at fff00000c3f2a5e0 [ 18.165476] which belongs to the cache kmalloc-16 of size 16 [ 18.165588] The buggy address is located 0 bytes inside of [ 18.165588] 16-byte region [fff00000c3f2a5e0, fff00000c3f2a5f0) [ 18.165741] [ 18.165799] The buggy address belongs to the physical page: [ 18.165899] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103f2a [ 18.166046] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.166171] page_type: f5(slab) [ 18.166251] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 18.166359] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 18.166446] page dumped because: kasan: bad access detected [ 18.166555] [ 18.166596] Memory state around the buggy address: [ 18.166688] fff00000c3f2a480: 00 00 fc fc 00 00 fc fc 00 00 fc fc fa fb fc fc [ 18.166776] fff00000c3f2a500: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 18.166876] >fff00000c3f2a580: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 18.166979] ^ [ 18.167100] fff00000c3f2a600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.167231] fff00000c3f2a680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.167324] ================================================================== Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891601/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891601/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28892381/suite/log-parser-boot/test/kasan-bug-kasan-double-free-in-kfree_sensitive-9578456858e11274bd23810727f7185091147c4e7f9b1a7f51d41bfcddfa528d/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28892381/suite/log-parser-boot/test/kasan-bug-kasan-double-free-in-kfree_sensitive-9578456858e11274bd23810727f7185091147c4e7f9b1a7f51d41bfcddfa528d/attachments/reproducer Boot regression: qemu-arm64, log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kasan_atomics_helper Boot log: --------- [ 21.227853] ================================================================== [ 21.227969] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x42d8/0x4858 [ 21.228120] Read of size 4 at addr fff00000c3fc6130 by task kunit_try_catch/266 [ 21.228250] [ 21.228305] CPU: 1 UID: 0 PID: 266 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3 #1 PREEMPT [ 21.228459] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.228517] Hardware name: linux,dummy-virt (DT) [ 21.228617] Call trace: [ 21.228679] show_stack+0x20/0x38 (C) [ 21.228785] dump_stack_lvl+0x8c/0xd0 [ 21.228879] print_report+0x118/0x608 [ 21.229147] __asan_report_load4_noabort+0x20/0x30 [ 21.230513] __kasan_kmalloc+0xd4/0xd8 [ 21.230609] __kmalloc_cache_noprof+0x16c/0x3c0 [ 21.230711] kasan_atomics+0xb8/0x2e0 [ 21.230802] kunit_try_run_case+0x170/0x3f0 [ 21.230915] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.231253] The buggy address belongs to the object at fff00000c3fc6100 [ 21.231253] which belongs to the cache kmalloc-64 of size 64 [ 21.233610] fff00000c3fc6180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.236537] Call trace: [ 21.236590] show_stack+0x20/0x38 (C) [ 21.236960] dump_stack_lvl+0x8c/0xd0 [ 21.237157] print_report+0x118/0x608 [ 21.237281] kasan_report+0xdc/0x128 [ 21.237399] kasan_check_range+0x100/0x1a8 [ 21.237501] __kasan_check_write+0x20/0x30 [ 21.237600] kasan_atomics_helper+0x934/0x4858 [ 21.238022] kasan_atomics+0x198/0x2e0 [ 21.238215] kunit_try_run_case+0x170/0x3f0 [ 21.238369] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.238675] kthread+0x328/0x630 [ 21.238809] ret_from_fork+0x10/0x20 [ 21.238965] [ 21.239025] Allocated by task 266: [ 21.239121] kasan_save_stack+0x3c/0x68 [ 21.239246] kasan_save_track+0x20/0x40 [ 21.239330] kasan_save_alloc_info+0x40/0x58 [ 21.239416] __kasan_kmalloc+0xd4/0xd8 [ 21.239527] __kmalloc_cache_noprof+0x16c/0x3c0 [ 21.239702] kasan_atomics+0xb8/0x2e0 [ 21.239984] kunit_try_run_case+0x170/0x3f0 [ 21.240119] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.240245] kthread+0x328/0x630 [ 21.240325] ret_from_fork+0x10/0x20 [ 21.240411] [ 21.240462] The buggy address belongs to the object at fff00000c3fc6100 [ 21.240462] which belongs to the cache kmalloc-64 of size 64 [ 21.240588] The buggy address is located 0 bytes to the right of [ 21.240588] allocated 48-byte region [fff00000c3fc6100, fff00000c3fc6130) [ 21.240734] [ 21.240796] The buggy address belongs to the physical page: [ 21.240896] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103fc6 [ 21.241050] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.241166] page_type: f5(slab) [ 21.241246] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 21.241360] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 21.241602] page dumped because: kasan: bad access detected [ 21.241698] [ 21.241747] Memory state around the buggy address: [ 21.241853] fff00000c3fc6000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 21.242071] fff00000c3fc6080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 21.242218] >fff00000c3fc6100: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 21.242311] ^ [ 21.242386] fff00000c3fc6180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.242533] fff00000c3fc6200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.242943] ================================================================== Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891601/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891601/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28892381/suite/log-parser-boot/test/kasan-bug-kasan-slab-out-of-bounds-in-kasan_atomics_helper-475b9f27d774cde5b55023c0ea2dbf8145d3b31dad18d35b4acd11506bfd709c/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28892381/suite/log-parser-boot/test/kasan-bug-kasan-slab-out-of-bounds-in-kasan_atomics_helper-475b9f27d774cde5b55023c0ea2dbf8145d3b31dad18d35b4acd11506bfd709c/attachments/reproducer Boot regression: qemu-arm64, log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kasan_strings Boot log: --------- [ 20.747288] ================================================================== [ 20.747408] BUG: KASAN: slab-use-after-free in kasan_strings+0x95c/0xb00 [ 20.747519] Read of size 1 at addr fff00000c3fca510 by task kunit_try_catch/260 [ 20.747631] [ 20.747706] CPU: 1 UID: 0 PID: 260 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3 #1 PREEMPT [ 20.747888] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.747954] Hardware name: linux,dummy-virt (DT) [ 20.748029] Call trace: [ 20.748084] show_stack+0x20/0x38 (C) [ 20.748207] dump_stack_lvl+0x8c/0xd0 [ 20.748309] print_report+0x118/0x608 [ 20.748416] kasan_report+0xdc/0x128 [ 20.748521] __asan_report_load1_noabort+0x20/0x30 [ 20.748636] kasan_strings+0x95c/0xb00 [ 20.748738] kunit_try_run_case+0x170/0x3f0 [ 20.748842] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.748960] kthread+0x328/0x630 [ 20.749062] ret_from_fork+0x10/0x20 [ 20.749696] [ 20.749912] Allocated by task 260: [ 20.750104] kasan_save_stack+0x3c/0x68 [ 20.750668] kasan_save_track+0x20/0x40 [ 20.750789] kasan_save_alloc_info+0x40/0x58 [ 20.750967] __kasan_kmalloc+0xd4/0xd8 [ 20.751119] __kmalloc_cache_noprof+0x16c/0x3c0 [ 20.751209] kasan_strings+0xc8/0xb00 [ 20.751553] kunit_try_run_case+0x170/0x3f0 [ 20.751850] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.751948] kthread+0x328/0x630 [ 20.752207] ret_from_fork+0x10/0x20 [ 20.752369] [ 20.752424] Freed by task 260: [ 20.752492] kasan_save_stack+0x3c/0x68 [ 20.752585] kasan_save_track+0x20/0x40 [ 20.752669] kasan_save_free_info+0x4c/0x78 [ 20.752755] __kasan_slab_free+0x6c/0x98 [ 20.752880] kfree+0x214/0x3c8 [ 20.753144] kasan_strings+0x24c/0xb00 [ 20.753438] kunit_try_run_case+0x170/0x3f0 [ 20.753539] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.753792] kthread+0x328/0x630 [ 20.753894] ret_from_fork+0x10/0x20 [ 20.753981] [ 20.754247] The buggy address belongs to the object at fff00000c3fca500 [ 20.754247] which belongs to the cache kmalloc-32 of size 32 [ 20.754593] The buggy address is located 16 bytes inside of [ 20.754593] freed 32-byte region [fff00000c3fca500, fff00000c3fca520) [ 20.754988] [ 20.755059] The buggy address belongs to the physical page: [ 20.755123] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103fca [ 20.755623] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.755927] page_type: f5(slab) [ 20.756156] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000 [ 20.756341] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 20.756435] page dumped because: kasan: bad access detected [ 20.756510] [ 20.756558] Memory state around the buggy address: [ 20.756633] fff00000c3fca400: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 20.756736] fff00000c3fca480: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 20.756843] >fff00000c3fca500: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 20.756937] ^ [ 20.757009] fff00000c3fca580: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 20.757521] fff00000c3fca600: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 20.757893] ================================================================== Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891601/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891601/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28892381/suite/log-parser-boot/test/kasan-bug-kasan-slab-use-after-free-in-kasan_strings-3f9c986b73b47477a32ad39a1c221556facc6e83e5200a5b21593b842ea9936f/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28892381/suite/log-parser-boot/test/kasan-bug-kasan-slab-use-after-free-in-kasan_strings-3f9c986b73b47477a32ad39a1c221556facc6e83e5200a5b21593b842ea9936f/attachments/reproducer Boot regression: qemu-x86_64, log-parser-boot/exception-warning-cpu-pid-at-driversgpudrmdrm_connector-drm_connector_dynamic_register Boot log: --------- ------------[ cut here ]------------ [ 137.481930] WARNING: CPU: 0 PID: 1976 at drivers/gpu/drm/drm_connector.c:861 drm_connector_dynamic_register+0xbf/0x110 [ 137.482295] Modules linked in: [ 137.482473] CPU: 0 UID: 0 PID: 1976 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc3 #1 PREEMPT(voluntary) [ 137.482806] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 137.482995] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 137.483258] RIP: 0010:drm_connector_dynamic_register+0xbf/0x110 [ 137.483453] Code: 49 8d 7c 24 60 48 89 fa 48 c1 ea 03 0f b6 04 02 84 c0 74 02 7e 36 31 c0 41 80 7c 24 60 00 75 1b 5b 41 5c 5d c3 cc cc cc cc 90 <0f> 0b 90 b8 ea ff ff ff 5b 41 5c 5d c3 cc cc cc cc 48 89 df e8 68 [ 137.483972] RSP: 0000:ffff88810d907c90 EFLAGS: 00010246 [ 137.484546] RAX: dffffc0000000000 RBX: ffff88810d90c000 RCX: 0000000000000000 [ 137.485124] RDX: 1ffff11021b21832 RSI: ffffffff98805448 RDI: ffff88810d90c190 [ 137.486534] RBP: ffff88810d907ca0 R08: 1ffff11020073f69 R09: ffffed1021b20f65 [ 137.487083] R10: 0000000000000003 R11: ffffffff97d87188 R12: 0000000000000000 [ 137.487351] R13: ffff88810d907d38 R14: ffff88810039fc50 R15: ffff88810039fc58 [ 137.487683] FS: 0000000000000000(0000) GS:ffff8881bda74000(0000) knlGS:0000000000000000 [ 137.488038] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 137.488318] CR2: 00007ffff7ffe000 CR3: 0000000032cbc000 CR4: 00000000000006f0 [ 137.488652] DR0: ffffffff9d650440 DR1: ffffffff9d650441 DR2: ffffffff9d650443 [ 137.489151] DR3: ffffffff9d650445 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 137.489444] Call Trace: [ 137.489782] [ 137.489934] drm_test_drm_connector_dynamic_register_early_no_init+0x104/0x290 [ 137.490265] ? __pfx_drm_test_drm_connector_dynamic_register_early_no_init+0x10/0x10 [ 137.490755] ? __schedule+0x10cc/0x2b60 [ 137.490962] ? __pfx_read_tsc+0x10/0x10 [ 137.491194] ? ktime_get_ts64+0x86/0x230 [ 137.491368] kunit_try_run_case+0x1a5/0x480 [ 137.491618] ? __pfx_kunit_try_run_case+0x10/0x10 [ 137.491914] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 137.492179] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 137.492407] ? __kthread_parkme+0x82/0x180 [ 137.492751] ? preempt_count_sub+0x50/0x80 [ 137.493006] ? __pfx_kunit_try_run_case+0x10/0x10 [ 137.493218] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 137.493455] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 137.493920] kthread+0x337/0x6f0 [ 137.494179] ? trace_preempt_on+0x20/0xc0 [ 137.494417] ? __pfx_kthread+0x10/0x10 [ 137.494620] ? _raw_spin_unlock_irq+0x47/0x80 [ 137.494854] ? calculate_sigpending+0x7b/0xa0 [ 137.495221] ? __pfx_kthread+0x10/0x10 [ 137.495436] ret_from_fork+0x116/0x1d0 [ 137.495732] ? __pfx_kthread+0x10/0x10 [ 137.495939] ret_from_fork_asm+0x1a/0x30 [ 137.496167] [ 137.496262] ---[ end trace 0000000000000000 ]--- Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28890568/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28890568/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891238/suite/log-parser-boot/test/exception-warning-cpu-pid-at-driversgpudrmdrm_connector-drm_connector_dynamic_register-4a982841260e621f7342c2de56366119f846de5f3605d4f369d0d603af4931ec/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891238/suite/log-parser-boot/test/exception-warning-cpu-pid-at-driversgpudrmdrm_connector-drm_connector_dynamic_register-4a982841260e621f7342c2de56366119f846de5f3605d4f369d0d603af4931ec/attachments/reproducer Boot regression: qemu-x86_64, log-parser-boot/kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_left Boot log: --------- [ 13.718086] ================================================================== [ 13.719529] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_left+0x320/0x380 [ 13.720686] Read of size 1 at addr ffff88810399fc3f by task kunit_try_catch/269 [ 13.721745] [ 13.721934] CPU: 1 UID: 0 PID: 269 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3 #1 PREEMPT(voluntary) [ 13.721995] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.722008] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.722029] Call Trace: [ 13.722042] [ 13.722060] dump_stack_lvl+0x73/0xb0 [ 13.722091] print_report+0xd1/0x650 [ 13.722114] ? __virt_addr_valid+0x1db/0x2d0 [ 13.722136] ? kasan_alloca_oob_left+0x320/0x380 [ 13.722157] ? kasan_addr_to_slab+0x11/0xa0 [ 13.722176] ? kasan_alloca_oob_left+0x320/0x380 [ 13.722198] kasan_report+0x141/0x180 [ 13.722219] ? kasan_alloca_oob_left+0x320/0x380 [ 13.722245] __asan_report_load1_noabort+0x18/0x20 [ 13.722269] kasan_alloca_oob_left+0x320/0x380 [ 13.722288] ? __kasan_check_write+0x18/0x20 [ 13.722307] ? __pfx_sched_clock_cpu+0x10/0x10 [ 13.722328] ? finish_task_switch.isra.0+0x153/0x700 [ 13.722588] ? out_of_line_wait_on_bit_timeout+0x7e/0x190 [ 13.722627] ? trace_hardirqs_on+0x37/0xe0 [ 13.722697] ? __pfx_kasan_alloca_oob_left+0x10/0x10 [ 13.722723] ? __schedule+0x10cc/0x2b60 [ 13.722743] ? __pfx_read_tsc+0x10/0x10 [ 13.722765] ? ktime_get_ts64+0x86/0x230 [ 13.722788] kunit_try_run_case+0x1a5/0x480 [ 13.722812] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.722834] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.722855] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.722876] ? __kthread_parkme+0x82/0x180 [ 13.722897] ? preempt_count_sub+0x50/0x80 [ 13.722919] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.722941] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.722972] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.722995] kthread+0x337/0x6f0 [ 13.723013] ? trace_preempt_on+0x20/0xc0 [ 13.723033] ? __pfx_kthread+0x10/0x10 [ 13.723053] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.723072] ? calculate_sigpending+0x7b/0xa0 [ 13.723095] ? __pfx_kthread+0x10/0x10 [ 13.723115] ret_from_fork+0x116/0x1d0 [ 13.723133] ? __pfx_kthread+0x10/0x10 [ 13.723152] ret_from_fork_asm+0x1a/0x30 [ 13.723182] [ 13.723192] [ 13.738643] The buggy address belongs to stack of task kunit_try_catch/269 [ 13.739541] [ 13.739819] The buggy address belongs to the physical page: [ 13.740471] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10399f [ 13.741339] flags: 0x200000000000000(node=0|zone=2) [ 13.741939] raw: 0200000000000000 ffffea00040e67c8 ffffea00040e67c8 0000000000000000 [ 13.742743] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 13.743512] page dumped because: kasan: bad access detected [ 13.744133] [ 13.744271] Memory state around the buggy address: [ 13.744443] ffff88810399fb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.744665] ffff88810399fb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.745265] >ffff88810399fc00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 13.745929] ^ [ 13.746536] ffff88810399fc80: 00 00 00 f1 f1 f1 f1 01 f2 04 f2 00 f2 f2 f2 00 [ 13.746855] ffff88810399fd00: 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 13.747080] ================================================================== Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28890568/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28890568/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891238/suite/log-parser-boot/test/kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_left-522a42bd4683847268588f630d8fa5e8a5c835a096001045eb6315722489c157/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891238/suite/log-parser-boot/test/kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_left-522a42bd4683847268588f630d8fa5e8a5c835a096001045eb6315722489c157/attachments/reproducer Boot regression: qemu-x86_64, log-parser-boot/kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_right Boot log: --------- [ 13.751223] ================================================================== [ 13.752378] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_right+0x329/0x390 [ 13.752650] Read of size 1 at addr ffff888103b37c4a by task kunit_try_catch/271 [ 13.752874] [ 13.753992] CPU: 0 UID: 0 PID: 271 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3 #1 PREEMPT(voluntary) [ 13.754049] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.754061] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.754084] Call Trace: [ 13.754096] [ 13.754113] dump_stack_lvl+0x73/0xb0 [ 13.754144] print_report+0xd1/0x650 [ 13.754167] ? __virt_addr_valid+0x1db/0x2d0 [ 13.754189] ? kasan_alloca_oob_right+0x329/0x390 [ 13.754211] ? kasan_addr_to_slab+0x11/0xa0 [ 13.754230] ? kasan_alloca_oob_right+0x329/0x390 [ 13.754252] kasan_report+0x141/0x180 [ 13.754272] ? kasan_alloca_oob_right+0x329/0x390 [ 13.754298] __asan_report_load1_noabort+0x18/0x20 [ 13.754321] kasan_alloca_oob_right+0x329/0x390 [ 13.754342] ? __pfx_sched_clock_cpu+0x10/0x10 [ 13.754365] ? finish_task_switch.isra.0+0x153/0x700 [ 13.754387] ? out_of_line_wait_on_bit_timeout+0x7e/0x190 [ 13.754411] ? trace_hardirqs_on+0x37/0xe0 [ 13.754436] ? __pfx_kasan_alloca_oob_right+0x10/0x10 [ 13.754460] ? __schedule+0x10cc/0x2b60 [ 13.754481] ? __pfx_read_tsc+0x10/0x10 [ 13.754512] ? ktime_get_ts64+0x86/0x230 [ 13.754535] kunit_try_run_case+0x1a5/0x480 [ 13.754561] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.754583] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.754606] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.754629] ? __kthread_parkme+0x82/0x180 [ 13.754649] ? preempt_count_sub+0x50/0x80 [ 13.754671] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.754694] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.754716] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.754739] kthread+0x337/0x6f0 [ 13.754757] ? trace_preempt_on+0x20/0xc0 [ 13.754778] ? __pfx_kthread+0x10/0x10 [ 13.754798] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.754818] ? calculate_sigpending+0x7b/0xa0 [ 13.754842] ? __pfx_kthread+0x10/0x10 [ 13.754863] ret_from_fork+0x116/0x1d0 [ 13.754880] ? __pfx_kthread+0x10/0x10 [ 13.754899] ret_from_fork_asm+0x1a/0x30 [ 13.754930] [ 13.754942] [ 13.764051] The buggy address belongs to stack of task kunit_try_catch/271 [ 13.764302] [ 13.764428] The buggy address belongs to the physical page: [ 13.764695] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103b37 [ 13.765010] flags: 0x200000000000000(node=0|zone=2) [ 13.765187] raw: 0200000000000000 ffffea00040ecdc8 ffffea00040ecdc8 0000000000000000 [ 13.765549] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 13.766078] page dumped because: kasan: bad access detected [ 13.766330] [ 13.766426] Memory state around the buggy address: [ 13.766596] ffff888103b37b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.766863] ffff888103b37b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.767203] >ffff888103b37c00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 13.767489] ^ [ 13.767721] ffff888103b37c80: 00 00 00 f1 f1 f1 f1 01 f2 04 f2 00 f2 f2 f2 00 [ 13.768355] ffff888103b37d00: 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 13.768596] ================================================================== Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28890568/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28890568/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891238/suite/log-parser-boot/test/kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_right-96e7967f43affe49d1ddb2c69f55b29249fd64360eefbceb549418a9f9bd81c0/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891238/suite/log-parser-boot/test/kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_right-96e7967f43affe49d1ddb2c69f55b29249fd64360eefbceb549418a9f9bd81c0/attachments/reproducer Boot regression: qemu-x86_64, log-parser-boot/kasan-bug-kasan-invalid-free-in-kfree Boot log: --------- [ 11.332450] ================================================================== [ 11.333947] BUG: KASAN: invalid-free in kfree+0x274/0x3f0 [ 11.334519] Free of addr ffff888102bc0001 by task kunit_try_catch/168 [ 11.335118] [ 11.335216] CPU: 0 UID: 0 PID: 168 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3 #1 PREEMPT(voluntary) [ 11.335260] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.335271] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.335291] Call Trace: [ 11.335303] [ 11.335318] dump_stack_lvl+0x73/0xb0 [ 11.335344] print_report+0xd1/0x650 [ 11.335366] ? __virt_addr_valid+0x1db/0x2d0 [ 11.335388] ? kasan_addr_to_slab+0x11/0xa0 [ 11.335407] ? kfree+0x274/0x3f0 [ 11.335428] kasan_report_invalid_free+0x10a/0x130 [ 11.335451] ? kfree+0x274/0x3f0 [ 11.335473] ? kfree+0x274/0x3f0 [ 11.335494] __kasan_kfree_large+0x86/0xd0 [ 11.335514] free_large_kmalloc+0x4b/0x110 [ 11.335536] kfree+0x274/0x3f0 [ 11.335559] kmalloc_large_invalid_free+0x120/0x2b0 [ 11.335580] ? __pfx_kmalloc_large_invalid_free+0x10/0x10 [ 11.335602] ? __schedule+0x10cc/0x2b60 [ 11.335623] ? __pfx_read_tsc+0x10/0x10 [ 11.335642] ? ktime_get_ts64+0x86/0x230 [ 11.335665] kunit_try_run_case+0x1a5/0x480 [ 11.335687] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.335707] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.335729] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.335750] ? __kthread_parkme+0x82/0x180 [ 11.335769] ? preempt_count_sub+0x50/0x80 [ 11.335791] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.335812] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.335833] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.335854] kthread+0x337/0x6f0 [ 11.335872] ? trace_preempt_on+0x20/0xc0 [ 11.335895] ? __pfx_kthread+0x10/0x10 [ 11.335914] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.335933] ? calculate_sigpending+0x7b/0xa0 [ 11.335968] ? __pfx_kthread+0x10/0x10 [ 11.335988] ret_from_fork+0x116/0x1d0 [ 11.336005] ? __pfx_kthread+0x10/0x10 [ 11.336024] ret_from_fork_asm+0x1a/0x30 [ 11.336053] [ 11.336063] [ 11.350440] The buggy address belongs to the physical page: [ 11.350778] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102bc0 [ 11.351056] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.351387] flags: 0x200000000000040(head|node=0|zone=2) [ 11.351713] page_type: f8(unknown) [ 11.351896] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.352245] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.352744] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.353064] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.353379] head: 0200000000000002 ffffea00040af001 00000000ffffffff 00000000ffffffff [ 11.353708] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 11.354070] page dumped because: kasan: bad access detected [ 11.354331] [ 11.354448] Memory state around the buggy address: [ 11.354680] ffff888102bbff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.354985] ffff888102bbff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.355306] >ffff888102bc0000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.355712] ^ [ 11.355880] ffff888102bc0080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.356176] ffff888102bc0100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.356706] ================================================================== Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28890568/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28890568/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891238/suite/log-parser-boot/test/kasan-bug-kasan-invalid-free-in-kfree-dc7fbfd7288b9b548c3b22468c50ba0e8a6a60b4a7d88f00f2c09772ffcb2f9f/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891238/suite/log-parser-boot/test/kasan-bug-kasan-invalid-free-in-kfree-dc7fbfd7288b9b548c3b22468c50ba0e8a6a60b4a7d88f00f2c09772ffcb2f9f/attachments/reproducer Boot regression: qemu-x86_64, log-parser-boot/kasan-bug-kasan-invalid-free-in-mempool_kmalloc_invalid_free_helper Boot log: --------- [ 13.629272] ================================================================== [ 13.629694] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.629946] Free of addr ffff888103b24001 by task kunit_try_catch/261 [ 13.630645] [ 13.630836] CPU: 1 UID: 0 PID: 261 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3 #1 PREEMPT(voluntary) [ 13.630892] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.630904] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.630924] Call Trace: [ 13.630934] [ 13.630947] dump_stack_lvl+0x73/0xb0 [ 13.630991] print_report+0xd1/0x650 [ 13.631012] ? __virt_addr_valid+0x1db/0x2d0 [ 13.631034] ? kasan_addr_to_slab+0x11/0xa0 [ 13.631053] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.631077] kasan_report_invalid_free+0x10a/0x130 [ 13.631101] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.631127] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.631150] __kasan_mempool_poison_object+0x102/0x1d0 [ 13.631174] mempool_free+0x2ec/0x380 [ 13.631195] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.631219] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 13.631255] ? __kasan_check_write+0x18/0x20 [ 13.631274] ? __pfx_sched_clock_cpu+0x10/0x10 [ 13.631294] ? finish_task_switch.isra.0+0x153/0x700 [ 13.631325] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 13.631348] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 13.631374] ? __pfx_mempool_kmalloc+0x10/0x10 [ 13.631396] ? __pfx_mempool_kfree+0x10/0x10 [ 13.631420] ? __pfx_read_tsc+0x10/0x10 [ 13.631440] ? ktime_get_ts64+0x86/0x230 [ 13.631462] kunit_try_run_case+0x1a5/0x480 [ 13.631486] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.631507] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.631529] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.631551] ? __kthread_parkme+0x82/0x180 [ 13.631570] ? preempt_count_sub+0x50/0x80 [ 13.631592] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.631615] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.631636] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.631658] kthread+0x337/0x6f0 [ 13.631676] ? trace_preempt_on+0x20/0xc0 [ 13.631698] ? __pfx_kthread+0x10/0x10 [ 13.631718] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.631738] ? calculate_sigpending+0x7b/0xa0 [ 13.631760] ? __pfx_kthread+0x10/0x10 [ 13.631780] ret_from_fork+0x116/0x1d0 [ 13.631798] ? __pfx_kthread+0x10/0x10 [ 13.631817] ret_from_fork_asm+0x1a/0x30 [ 13.631848] [ 13.631858] [ 13.647545] The buggy address belongs to the physical page: [ 13.648103] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103b24 [ 13.648784] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.649523] flags: 0x200000000000040(head|node=0|zone=2) [ 13.649977] page_type: f8(unknown) [ 13.650107] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.650885] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.651350] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.651980] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.652796] head: 0200000000000002 ffffea00040ec901 00000000ffffffff 00000000ffffffff [ 13.653375] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 13.653977] page dumped because: kasan: bad access detected [ 13.654539] [ 13.654631] Memory state around the buggy address: [ 13.654791] ffff888103b23f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.655016] ffff888103b23f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.655231] >ffff888103b24000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.655650] ^ [ 13.656031] ffff888103b24080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.656799] ffff888103b24100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.657616] ================================================================== Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28890568/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28890568/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891238/suite/log-parser-boot/test/kasan-bug-kasan-invalid-free-in-mempool_kmalloc_invalid_free_helper-75857767448e63dbceb19b8df3c4bb6baa98518d687254c8efea2cba013ba60d/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891238/suite/log-parser-boot/test/kasan-bug-kasan-invalid-free-in-mempool_kmalloc_invalid_free_helper-75857767448e63dbceb19b8df3c4bb6baa98518d687254c8efea2cba013ba60d/attachments/reproducer Boot regression: qemu-x86_64, log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_large_oob_right Boot log: --------- [ 11.280936] ================================================================== [ 11.281425] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x2e9/0x330 [ 11.281805] Write of size 1 at addr ffff888102a4200a by task kunit_try_catch/164 [ 11.282168] [ 11.282305] CPU: 1 UID: 0 PID: 164 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3 #1 PREEMPT(voluntary) [ 11.282359] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.282372] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.282393] Call Trace: [ 11.282415] [ 11.282430] dump_stack_lvl+0x73/0xb0 [ 11.282458] print_report+0xd1/0x650 [ 11.282491] ? __virt_addr_valid+0x1db/0x2d0 [ 11.282513] ? kmalloc_large_oob_right+0x2e9/0x330 [ 11.282542] ? kasan_addr_to_slab+0x11/0xa0 [ 11.282561] ? kmalloc_large_oob_right+0x2e9/0x330 [ 11.282583] kasan_report+0x141/0x180 [ 11.282613] ? kmalloc_large_oob_right+0x2e9/0x330 [ 11.282639] __asan_report_store1_noabort+0x1b/0x30 [ 11.282658] kmalloc_large_oob_right+0x2e9/0x330 [ 11.282680] ? __pfx_kmalloc_large_oob_right+0x10/0x10 [ 11.282741] ? __schedule+0x10cc/0x2b60 [ 11.282762] ? __pfx_read_tsc+0x10/0x10 [ 11.282783] ? ktime_get_ts64+0x86/0x230 [ 11.282806] kunit_try_run_case+0x1a5/0x480 [ 11.282829] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.282850] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.282871] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.282892] ? __kthread_parkme+0x82/0x180 [ 11.282911] ? preempt_count_sub+0x50/0x80 [ 11.282933] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.282965] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.282996] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.283019] kthread+0x337/0x6f0 [ 11.283037] ? trace_preempt_on+0x20/0xc0 [ 11.283071] ? __pfx_kthread+0x10/0x10 [ 11.283091] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.283119] ? calculate_sigpending+0x7b/0xa0 [ 11.283142] ? __pfx_kthread+0x10/0x10 [ 11.283162] ret_from_fork+0x116/0x1d0 [ 11.283189] ? __pfx_kthread+0x10/0x10 [ 11.283209] ret_from_fork_asm+0x1a/0x30 [ 11.283239] [ 11.283250] [ 11.290904] The buggy address belongs to the physical page: [ 11.291147] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a40 [ 11.291688] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.292106] flags: 0x200000000000040(head|node=0|zone=2) [ 11.292351] page_type: f8(unknown) [ 11.292725] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.293090] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.293456] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.293853] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.294405] head: 0200000000000002 ffffea00040a9001 00000000ffffffff 00000000ffffffff [ 11.294779] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 11.295133] page dumped because: kasan: bad access detected [ 11.295363] [ 11.295435] Memory state around the buggy address: [ 11.295591] ffff888102a41f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.295979] ffff888102a41f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.296311] >ffff888102a42000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.296657] ^ [ 11.296779] ffff888102a42080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.297158] ffff888102a42100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.297484] ================================================================== Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28890568/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28890568/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891238/suite/log-parser-boot/test/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_large_oob_right-49d77898b96bdbb6acaf6e8af322c20c1bbd2ca91458dce40a5adf38382a0131/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891238/suite/log-parser-boot/test/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_large_oob_right-49d77898b96bdbb6acaf6e8af322c20c1bbd2ca91458dce40a5adf38382a0131/attachments/reproducer Boot regression: qemu-x86_64, log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmem_cache_oob Boot log: --------- [ 12.493597] ================================================================== [ 12.494709] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x402/0x530 [ 12.494942] Read of size 1 at addr ffff888103a830c8 by task kunit_try_catch/225 [ 12.495178] [ 12.495268] CPU: 0 UID: 0 PID: 225 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3 #1 PREEMPT(voluntary) [ 12.495310] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.495321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.495348] Call Trace: [ 12.495360] [ 12.495375] dump_stack_lvl+0x73/0xb0 [ 12.495402] print_report+0xd1/0x650 [ 12.495423] ? __virt_addr_valid+0x1db/0x2d0 [ 12.495445] ? kmem_cache_oob+0x402/0x530 [ 12.495466] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.495486] ? kmem_cache_oob+0x402/0x530 [ 12.495508] kasan_report+0x141/0x180 [ 12.495528] ? kmem_cache_oob+0x402/0x530 [ 12.495555] __asan_report_load1_noabort+0x18/0x20 [ 12.495579] kmem_cache_oob+0x402/0x530 [ 12.495601] ? __pfx_kmem_cache_oob+0x10/0x10 [ 12.495622] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 12.495649] ? __pfx_kmem_cache_oob+0x10/0x10 [ 12.495675] kunit_try_run_case+0x1a5/0x480 [ 12.495697] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.495718] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.495740] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.495761] ? __kthread_parkme+0x82/0x180 [ 12.495779] ? preempt_count_sub+0x50/0x80 [ 12.495802] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.495825] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.495846] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.495868] kthread+0x337/0x6f0 [ 12.495885] ? trace_preempt_on+0x20/0xc0 [ 12.495908] ? __pfx_kthread+0x10/0x10 [ 12.495927] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.495946] ? calculate_sigpending+0x7b/0xa0 [ 12.495979] ? __pfx_kthread+0x10/0x10 [ 12.495999] ret_from_fork+0x116/0x1d0 [ 12.496017] ? __pfx_kthread+0x10/0x10 [ 12.496035] ret_from_fork_asm+0x1a/0x30 [ 12.496065] [ 12.496075] [ 12.512263] Allocated by task 225: [ 12.512757] kasan_save_stack+0x45/0x70 [ 12.513464] kasan_save_track+0x18/0x40 [ 12.513969] kasan_save_alloc_info+0x3b/0x50 [ 12.514601] __kasan_slab_alloc+0x91/0xa0 [ 12.515114] kmem_cache_alloc_noprof+0x123/0x3f0 [ 12.515282] kmem_cache_oob+0x157/0x530 [ 12.515829] kunit_try_run_case+0x1a5/0x480 [ 12.516447] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.517285] kthread+0x337/0x6f0 [ 12.517898] ret_from_fork+0x116/0x1d0 [ 12.518145] ret_from_fork_asm+0x1a/0x30 [ 12.518290] [ 12.518563] The buggy address belongs to the object at ffff888103a83000 [ 12.518563] which belongs to the cache test_cache of size 200 [ 12.520114] The buggy address is located 0 bytes to the right of [ 12.520114] allocated 200-byte region [ffff888103a83000, ffff888103a830c8) [ 12.521439] [ 12.521524] The buggy address belongs to the physical page: [ 12.521702] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a83 [ 12.521950] flags: 0x200000000000000(node=0|zone=2) [ 12.522128] page_type: f5(slab) [ 12.522252] raw: 0200000000000000 ffff8881009ffdc0 dead000000000122 0000000000000000 [ 12.522483] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 12.522710] page dumped because: kasan: bad access detected [ 12.522880] [ 12.522951] Memory state around the buggy address: [ 12.524122] ffff888103a82f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.524972] ffff888103a83000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.525832] >ffff888103a83080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 12.526695] ^ [ 12.527296] ffff888103a83100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.528144] ffff888103a83180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.529007] ================================================================== Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28890568/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28890568/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891238/suite/log-parser-boot/test/kasan-bug-kasan-slab-out-of-bounds-in-kmem_cache_oob-b7ee3fd7dbc596c1812cff7cfa0703e7c0e267f0a3f6ec144af370cee5204399/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891238/suite/log-parser-boot/test/kasan-bug-kasan-slab-out-of-bounds-in-kmem_cache_oob-b7ee3fd7dbc596c1812cff7cfa0703e7c0e267f0a3f6ec144af370cee5204399/attachments/reproducer Boot regression: qemu-x86_64, log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper Boot log: --------- [ 11.518463] ================================================================== [ 11.519062] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 11.519518] Write of size 1 at addr ffff888100aa1eda by task kunit_try_catch/176 [ 11.519885] [ 11.520008] CPU: 1 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3 #1 PREEMPT(voluntary) [ 11.520050] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.520061] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.520079] Call Trace: [ 11.520091] [ 11.520104] dump_stack_lvl+0x73/0xb0 [ 11.520130] print_report+0xd1/0x650 [ 11.520152] ? __virt_addr_valid+0x1db/0x2d0 [ 11.520173] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 11.520195] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.520215] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 11.520238] kasan_report+0x141/0x180 [ 11.520258] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 11.520285] __asan_report_store1_noabort+0x1b/0x30 [ 11.520304] krealloc_less_oob_helper+0xec6/0x11d0 [ 11.520328] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.520872] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 11.520911] ? __pfx_krealloc_less_oob+0x10/0x10 [ 11.520938] krealloc_less_oob+0x1c/0x30 [ 11.520970] kunit_try_run_case+0x1a5/0x480 [ 11.520993] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.521014] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.521034] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.521056] ? __kthread_parkme+0x82/0x180 [ 11.521074] ? preempt_count_sub+0x50/0x80 [ 11.521096] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.521118] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.521139] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.521160] kthread+0x337/0x6f0 [ 11.521178] ? trace_preempt_on+0x20/0xc0 [ 11.521200] ? __pfx_kthread+0x10/0x10 [ 11.521220] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.521239] ? calculate_sigpending+0x7b/0xa0 [ 11.521261] ? __pfx_kthread+0x10/0x10 [ 11.521281] ret_from_fork+0x116/0x1d0 [ 11.521298] ? __pfx_kthread+0x10/0x10 [ 11.521317] ret_from_fork_asm+0x1a/0x30 [ 11.521347] [ 11.521357] [ 11.533008] Allocated by task 176: [ 11.533297] kasan_save_stack+0x45/0x70 [ 11.533813] kasan_save_track+0x18/0x40 [ 11.534164] kasan_save_alloc_info+0x3b/0x50 [ 11.534495] __kasan_krealloc+0x190/0x1f0 [ 11.534903] krealloc_noprof+0xf3/0x340 [ 11.535068] krealloc_less_oob_helper+0x1aa/0x11d0 [ 11.535305] krealloc_less_oob+0x1c/0x30 [ 11.535749] kunit_try_run_case+0x1a5/0x480 [ 11.535933] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.536343] kthread+0x337/0x6f0 [ 11.536523] ret_from_fork+0x116/0x1d0 [ 11.537018] ret_from_fork_asm+0x1a/0x30 [ 11.537182] [ 11.537491] The buggy address belongs to the object at ffff888100aa1e00 [ 11.537491] which belongs to the cache kmalloc-256 of size 256 [ 11.538271] The buggy address is located 17 bytes to the right of [ 11.538271] allocated 201-byte region [ffff888100aa1e00, ffff888100aa1ec9) [ 11.539343] [ 11.539491] The buggy address belongs to the physical page: [ 11.539993] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aa0 [ 11.540559] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.541015] flags: 0x200000000000040(head|node=0|zone=2) [ 11.541265] page_type: f5(slab) [ 11.541669] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.541994] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.542452] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.542894] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.543334] head: 0200000000000001 ffffea000402a801 00000000ffffffff 00000000ffffffff [ 11.544099] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 11.544626] page dumped because: kasan: bad access detected [ 11.544987] [ 11.545087] Memory state around the buggy address: [ 11.545305] ffff888100aa1d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.545872] ffff888100aa1e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.546182] >ffff888100aa1e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 11.546717] ^ [ 11.546976] ffff888100aa1f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.547297] ffff888100aa1f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.547875] ================================================================== Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28890568/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28890568/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891238/suite/log-parser-boot/test/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper-750743de57642257cafa0f3a6f1953fc1dea20c21bd024e25ddde8fcc8d132cc/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891238/suite/log-parser-boot/test/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper-750743de57642257cafa0f3a6f1953fc1dea20c21bd024e25ddde8fcc8d132cc/attachments/reproducer Boot regression: qemu-x86_64, log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-memcmp Boot log: --------- [ 13.776924] ================================================================== [ 13.777427] BUG: KASAN: slab-out-of-bounds in memcmp+0x1b4/0x1d0 [ 13.777765] Read of size 1 at addr ffff8881026af958 by task kunit_try_catch/275 [ 13.778068] [ 13.778275] CPU: 1 UID: 0 PID: 275 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3 #1 PREEMPT(voluntary) [ 13.778323] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.778334] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.778354] Call Trace: [ 13.778383] [ 13.778396] dump_stack_lvl+0x73/0xb0 [ 13.778423] print_report+0xd1/0x650 [ 13.778446] ? __virt_addr_valid+0x1db/0x2d0 [ 13.778468] ? memcmp+0x1b4/0x1d0 [ 13.778485] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.778507] ? memcmp+0x1b4/0x1d0 [ 13.778524] kasan_report+0x141/0x180 [ 13.778546] ? memcmp+0x1b4/0x1d0 [ 13.778578] __asan_report_load1_noabort+0x18/0x20 [ 13.778603] memcmp+0x1b4/0x1d0 [ 13.778622] kasan_memcmp+0x18f/0x390 [ 13.778641] ? trace_hardirqs_on+0x37/0xe0 [ 13.778664] ? __pfx_kasan_memcmp+0x10/0x10 [ 13.778683] ? finish_task_switch.isra.0+0x153/0x700 [ 13.778703] ? __switch_to+0x47/0xf50 [ 13.778732] ? __pfx_read_tsc+0x10/0x10 [ 13.778752] ? ktime_get_ts64+0x86/0x230 [ 13.778775] kunit_try_run_case+0x1a5/0x480 [ 13.778798] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.778820] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.778841] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.778863] ? __kthread_parkme+0x82/0x180 [ 13.778883] ? preempt_count_sub+0x50/0x80 [ 13.778904] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.778926] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.778949] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.778983] kthread+0x337/0x6f0 [ 13.779002] ? trace_preempt_on+0x20/0xc0 [ 13.779023] ? __pfx_kthread+0x10/0x10 [ 13.779043] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.779063] ? calculate_sigpending+0x7b/0xa0 [ 13.779086] ? __pfx_kthread+0x10/0x10 [ 13.779107] ret_from_fork+0x116/0x1d0 [ 13.779124] ? __pfx_kthread+0x10/0x10 [ 13.779143] ret_from_fork_asm+0x1a/0x30 [ 13.779173] [ 13.779184] [ 13.787207] Allocated by task 275: [ 13.787393] kasan_save_stack+0x45/0x70 [ 13.787601] kasan_save_track+0x18/0x40 [ 13.787790] kasan_save_alloc_info+0x3b/0x50 [ 13.787982] __kasan_kmalloc+0xb7/0xc0 [ 13.788126] __kmalloc_cache_noprof+0x189/0x420 [ 13.788353] kasan_memcmp+0xb7/0x390 [ 13.788540] kunit_try_run_case+0x1a5/0x480 [ 13.788735] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.788944] kthread+0x337/0x6f0 [ 13.789079] ret_from_fork+0x116/0x1d0 [ 13.789245] ret_from_fork_asm+0x1a/0x30 [ 13.789441] [ 13.789536] The buggy address belongs to the object at ffff8881026af940 [ 13.789536] which belongs to the cache kmalloc-32 of size 32 [ 13.790145] The buggy address is located 0 bytes to the right of [ 13.790145] allocated 24-byte region [ffff8881026af940, ffff8881026af958) [ 13.791046] [ 13.791124] The buggy address belongs to the physical page: [ 13.791303] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1026af [ 13.791548] flags: 0x200000000000000(node=0|zone=2) [ 13.791864] page_type: f5(slab) [ 13.792053] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 13.792445] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 13.793109] page dumped because: kasan: bad access detected [ 13.793342] [ 13.793442] Memory state around the buggy address: [ 13.793815] ffff8881026af800: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 13.794061] ffff8881026af880: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 13.794284] >ffff8881026af900: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 13.794503] ^ [ 13.794753] ffff8881026af980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.795247] ffff8881026afa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.795562] ================================================================== Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28890568/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28890568/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891238/suite/log-parser-boot/test/kasan-bug-kasan-slab-out-of-bounds-in-memcmp-6f62c641f979509fbec5f3c614ed13de63ff6026b9044a4d77864b915d316f7f/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891238/suite/log-parser-boot/test/kasan-bug-kasan-slab-out-of-bounds-in-memcmp-6f62c641f979509fbec5f3c614ed13de63ff6026b9044a4d77864b915d316f7f/attachments/reproducer Boot regression: qemu-x86_64, log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-mempool_oob_right_helper Boot log: --------- [ 13.284018] ================================================================== [ 13.284596] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 13.285124] Read of size 1 at addr ffff888103aea001 by task kunit_try_catch/241 [ 13.285604] [ 13.285717] CPU: 0 UID: 0 PID: 241 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3 #1 PREEMPT(voluntary) [ 13.285763] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.285775] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.285797] Call Trace: [ 13.285809] [ 13.285822] dump_stack_lvl+0x73/0xb0 [ 13.285850] print_report+0xd1/0x650 [ 13.285872] ? __virt_addr_valid+0x1db/0x2d0 [ 13.285894] ? mempool_oob_right_helper+0x318/0x380 [ 13.285916] ? kasan_addr_to_slab+0x11/0xa0 [ 13.285935] ? mempool_oob_right_helper+0x318/0x380 [ 13.285968] kasan_report+0x141/0x180 [ 13.285989] ? mempool_oob_right_helper+0x318/0x380 [ 13.286016] __asan_report_load1_noabort+0x18/0x20 [ 13.286038] mempool_oob_right_helper+0x318/0x380 [ 13.286062] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 13.286088] ? finish_task_switch.isra.0+0x153/0x700 [ 13.286113] mempool_kmalloc_large_oob_right+0xf2/0x150 [ 13.286136] ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10 [ 13.286164] ? __pfx_mempool_kmalloc+0x10/0x10 [ 13.286186] ? __pfx_mempool_kfree+0x10/0x10 [ 13.286210] ? __pfx_read_tsc+0x10/0x10 [ 13.286229] ? ktime_get_ts64+0x86/0x230 [ 13.286252] kunit_try_run_case+0x1a5/0x480 [ 13.286275] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.286296] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.286318] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.286340] ? __kthread_parkme+0x82/0x180 [ 13.286359] ? preempt_count_sub+0x50/0x80 [ 13.286379] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.286402] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.286423] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.286446] kthread+0x337/0x6f0 [ 13.286464] ? trace_preempt_on+0x20/0xc0 [ 13.286486] ? __pfx_kthread+0x10/0x10 [ 13.286507] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.286527] ? calculate_sigpending+0x7b/0xa0 [ 13.286550] ? __pfx_kthread+0x10/0x10 [ 13.286571] ret_from_fork+0x116/0x1d0 [ 13.286587] ? __pfx_kthread+0x10/0x10 [ 13.286607] ret_from_fork_asm+0x1a/0x30 [ 13.286639] [ 13.286650] [ 13.298521] The buggy address belongs to the physical page: [ 13.298971] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103ae8 [ 13.299635] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.300028] flags: 0x200000000000040(head|node=0|zone=2) [ 13.300370] page_type: f8(unknown) [ 13.300671] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.301116] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.301616] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.301921] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.302365] head: 0200000000000002 ffffea00040eba01 00000000ffffffff 00000000ffffffff [ 13.302873] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 13.303212] page dumped because: kasan: bad access detected [ 13.303851] [ 13.303970] Memory state around the buggy address: [ 13.304365] ffff888103ae9f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.304816] ffff888103ae9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.305139] >ffff888103aea000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 13.305678] ^ [ 13.305979] ffff888103aea080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 13.306372] ffff888103aea100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 13.306864] ================================================================== Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28890568/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28890568/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891238/suite/log-parser-boot/test/kasan-bug-kasan-slab-out-of-bounds-in-mempool_oob_right_helper-2adeb18c67a27690dfc3429d9a1483a27b71de83fe2bfb09acf322b6eedcf16e/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891238/suite/log-parser-boot/test/kasan-bug-kasan-slab-out-of-bounds-in-mempool_oob_right_helper-2adeb18c67a27690dfc3429d9a1483a27b71de83fe2bfb09acf322b6eedcf16e/attachments/reproducer Boot regression: qemu-x86_64, log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-mempool_uaf_helper Boot log: --------- [ 13.423384] ================================================================== [ 13.423921] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x392/0x400 [ 13.424343] Read of size 1 at addr ffff8881026ae240 by task kunit_try_catch/249 [ 13.424795] [ 13.424914] CPU: 1 UID: 0 PID: 249 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3 #1 PREEMPT(voluntary) [ 13.424994] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.425006] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.425037] Call Trace: [ 13.425075] [ 13.425091] dump_stack_lvl+0x73/0xb0 [ 13.425120] print_report+0xd1/0x650 [ 13.425155] ? __virt_addr_valid+0x1db/0x2d0 [ 13.425178] ? mempool_uaf_helper+0x392/0x400 [ 13.425199] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.425220] ? mempool_uaf_helper+0x392/0x400 [ 13.425242] kasan_report+0x141/0x180 [ 13.425263] ? mempool_uaf_helper+0x392/0x400 [ 13.425316] __asan_report_load1_noabort+0x18/0x20 [ 13.425340] mempool_uaf_helper+0x392/0x400 [ 13.425387] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 13.425409] ? update_load_avg+0x1be/0x21b0 [ 13.425436] ? irqentry_exit+0x2a/0x60 [ 13.425458] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 13.425483] mempool_slab_uaf+0xea/0x140 [ 13.425557] ? __pfx_mempool_slab_uaf+0x10/0x10 [ 13.425587] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 13.425607] ? __pfx_mempool_free_slab+0x10/0x10 [ 13.425627] ? __pfx_mempool_slab_uaf+0x10/0x10 [ 13.425651] ? __pfx_mempool_slab_uaf+0x10/0x10 [ 13.425675] kunit_try_run_case+0x1a5/0x480 [ 13.425699] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.425720] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.425742] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.425764] ? __kthread_parkme+0x82/0x180 [ 13.425784] ? preempt_count_sub+0x50/0x80 [ 13.425807] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.425829] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.425851] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.425874] kthread+0x337/0x6f0 [ 13.425892] ? trace_preempt_on+0x20/0xc0 [ 13.425914] ? __pfx_kthread+0x10/0x10 [ 13.425933] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.425964] ? calculate_sigpending+0x7b/0xa0 [ 13.425988] ? __pfx_kthread+0x10/0x10 [ 13.426008] ret_from_fork+0x116/0x1d0 [ 13.426027] ? __pfx_kthread+0x10/0x10 [ 13.426047] ret_from_fork_asm+0x1a/0x30 [ 13.426076] [ 13.426086] [ 13.441011] Allocated by task 249: [ 13.441148] kasan_save_stack+0x45/0x70 [ 13.441300] kasan_save_track+0x18/0x40 [ 13.441678] kasan_save_alloc_info+0x3b/0x50 [ 13.442161] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 13.442914] remove_element+0x11e/0x190 [ 13.443305] mempool_alloc_preallocated+0x4d/0x90 [ 13.443871] mempool_uaf_helper+0x96/0x400 [ 13.444272] mempool_slab_uaf+0xea/0x140 [ 13.444659] kunit_try_run_case+0x1a5/0x480 [ 13.444854] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.445277] kthread+0x337/0x6f0 [ 13.445599] ret_from_fork+0x116/0x1d0 [ 13.446051] ret_from_fork_asm+0x1a/0x30 [ 13.446317] [ 13.446509] Freed by task 249: [ 13.446804] kasan_save_stack+0x45/0x70 [ 13.447290] kasan_save_track+0x18/0x40 [ 13.447561] kasan_save_free_info+0x3f/0x60 [ 13.448098] __kasan_mempool_poison_object+0x131/0x1d0 [ 13.448537] mempool_free+0x2ec/0x380 [ 13.448938] mempool_uaf_helper+0x11a/0x400 [ 13.449273] mempool_slab_uaf+0xea/0x140 [ 13.449426] kunit_try_run_case+0x1a5/0x480 [ 13.449796] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.450278] kthread+0x337/0x6f0 [ 13.450420] ret_from_fork+0x116/0x1d0 [ 13.450857] ret_from_fork_asm+0x1a/0x30 [ 13.451292] [ 13.451480] The buggy address belongs to the object at ffff8881026ae240 [ 13.451480] which belongs to the cache test_cache of size 123 [ 13.452167] The buggy address is located 0 bytes inside of [ 13.452167] freed 123-byte region [ffff8881026ae240, ffff8881026ae2bb) [ 13.452966] [ 13.453164] The buggy address belongs to the physical page: [ 13.453800] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1026ae [ 13.454679] flags: 0x200000000000000(node=0|zone=2) [ 13.455150] page_type: f5(slab) [ 13.455287] raw: 0200000000000000 ffff8881026ac000 dead000000000122 0000000000000000 [ 13.456038] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 13.456776] page dumped because: kasan: bad access detected [ 13.457261] [ 13.457337] Memory state around the buggy address: [ 13.457862] ffff8881026ae100: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.458322] ffff8881026ae180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.459002] >ffff8881026ae200: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 13.459270] ^ [ 13.459820] ffff8881026ae280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.460458] ffff8881026ae300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.460987] ================================================================== Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28890568/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28890568/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891238/suite/log-parser-boot/test/kasan-bug-kasan-slab-use-after-free-in-mempool_uaf_helper-df876faab15184907eb3ab3f4bd76703a17e5023144bbe89d33405bfd441cca3/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891238/suite/log-parser-boot/test/kasan-bug-kasan-slab-use-after-free-in-mempool_uaf_helper-df876faab15184907eb3ab3f4bd76703a17e5023144bbe89d33405bfd441cca3/attachments/reproducer Boot regression: qemu-x86_64, log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-rcu_uaf_reclaim Boot log: --------- [ 12.400601] ================================================================== [ 12.401105] BUG: KASAN: slab-use-after-free in rcu_uaf_reclaim+0x50/0x60 [ 12.401429] Read of size 4 at addr ffff88810269c1c0 by task swapper/1/0 [ 12.401897] [ 12.402020] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G B N 6.16.0-rc3 #1 PREEMPT(voluntary) [ 12.402099] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.402111] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.402130] Call Trace: [ 12.402160] [ 12.402177] dump_stack_lvl+0x73/0xb0 [ 12.402205] print_report+0xd1/0x650 [ 12.402264] ? __virt_addr_valid+0x1db/0x2d0 [ 12.402287] ? rcu_uaf_reclaim+0x50/0x60 [ 12.402306] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.402327] ? rcu_uaf_reclaim+0x50/0x60 [ 12.402346] kasan_report+0x141/0x180 [ 12.402367] ? rcu_uaf_reclaim+0x50/0x60 [ 12.402390] __asan_report_load4_noabort+0x18/0x20 [ 12.402413] rcu_uaf_reclaim+0x50/0x60 [ 12.402432] rcu_core+0x66f/0x1c40 [ 12.402488] ? __pfx_rcu_core+0x10/0x10 [ 12.402532] ? ktime_get+0x6b/0x150 [ 12.402557] rcu_core_si+0x12/0x20 [ 12.402575] handle_softirqs+0x209/0x730 [ 12.402596] ? hrtimer_interrupt+0x2fe/0x780 [ 12.402617] ? __pfx_handle_softirqs+0x10/0x10 [ 12.402640] __irq_exit_rcu+0xc9/0x110 [ 12.402659] irq_exit_rcu+0x12/0x20 [ 12.402678] sysvec_apic_timer_interrupt+0x81/0x90 [ 12.402701] [ 12.402727] [ 12.402737] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 12.402822] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 12.403056] Code: 1f 84 00 00 00 00 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d 03 8a 21 00 fb f4 7c 1d 02 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 [ 12.403135] RSP: 0000:ffff888100877dc8 EFLAGS: 00010216 [ 12.403221] RAX: ffff8881bdb74000 RBX: ffff888100853000 RCX: ffffffff9b0730e5 [ 12.403267] RDX: ffffed102b62618b RSI: 0000000000000004 RDI: 0000000000012a7c [ 12.403312] RBP: ffff888100877dd0 R08: 0000000000000001 R09: ffffed102b62618a [ 12.403354] R10: ffff88815b130c53 R11: 0000000000023000 R12: 0000000000000001 [ 12.403395] R13: ffffed102010a600 R14: ffffffff9cdb0690 R15: 0000000000000000 [ 12.403452] ? ct_kernel_exit.constprop.0+0xa5/0xd0 [ 12.403504] ? default_idle+0xd/0x20 [ 12.403524] arch_cpu_idle+0xd/0x20 [ 12.403545] default_idle_call+0x48/0x80 [ 12.403565] do_idle+0x379/0x4f0 [ 12.403591] ? __pfx_do_idle+0x10/0x10 [ 12.403617] cpu_startup_entry+0x5c/0x70 [ 12.403639] start_secondary+0x211/0x290 [ 12.403659] ? __pfx_start_secondary+0x10/0x10 [ 12.403683] common_startup_64+0x13e/0x148 [ 12.403713] [ 12.403723] [ 12.416651] Allocated by task 216: [ 12.416792] kasan_save_stack+0x45/0x70 [ 12.417085] kasan_save_track+0x18/0x40 [ 12.417275] kasan_save_alloc_info+0x3b/0x50 [ 12.417714] __kasan_kmalloc+0xb7/0xc0 [ 12.417891] __kmalloc_cache_noprof+0x189/0x420 [ 12.418254] rcu_uaf+0xb0/0x330 [ 12.418563] kunit_try_run_case+0x1a5/0x480 [ 12.418882] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.419213] kthread+0x337/0x6f0 [ 12.419685] ret_from_fork+0x116/0x1d0 [ 12.419907] ret_from_fork_asm+0x1a/0x30 [ 12.420114] [ 12.420246] Freed by task 0: [ 12.420383] kasan_save_stack+0x45/0x70 [ 12.420872] kasan_save_track+0x18/0x40 [ 12.421196] kasan_save_free_info+0x3f/0x60 [ 12.421473] __kasan_slab_free+0x56/0x70 [ 12.421744] kfree+0x222/0x3f0 [ 12.421911] rcu_uaf_reclaim+0x1f/0x60 [ 12.422267] rcu_core+0x66f/0x1c40 [ 12.422474] rcu_core_si+0x12/0x20 [ 12.422802] handle_softirqs+0x209/0x730 [ 12.422991] __irq_exit_rcu+0xc9/0x110 [ 12.423293] irq_exit_rcu+0x12/0x20 [ 12.423495] sysvec_apic_timer_interrupt+0x81/0x90 [ 12.423875] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 12.424121] [ 12.424365] Last potentially related work creation: [ 12.424569] kasan_save_stack+0x45/0x70 [ 12.425059] kasan_record_aux_stack+0xb2/0xc0 [ 12.425268] __call_rcu_common.constprop.0+0x7b/0x9e0 [ 12.425673] call_rcu+0x12/0x20 [ 12.426025] rcu_uaf+0x168/0x330 [ 12.426242] kunit_try_run_case+0x1a5/0x480 [ 12.426657] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.427052] kthread+0x337/0x6f0 [ 12.427225] ret_from_fork+0x116/0x1d0 [ 12.427600] ret_from_fork_asm+0x1a/0x30 [ 12.428058] [ 12.428183] The buggy address belongs to the object at ffff88810269c1c0 [ 12.428183] which belongs to the cache kmalloc-32 of size 32 [ 12.428979] The buggy address is located 0 bytes inside of [ 12.428979] freed 32-byte region [ffff88810269c1c0, ffff88810269c1e0) [ 12.429754] [ 12.429836] The buggy address belongs to the physical page: [ 12.430213] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10269c [ 12.430773] flags: 0x200000000000000(node=0|zone=2) [ 12.431130] page_type: f5(slab) [ 12.431293] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 12.431592] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 12.431971] page dumped because: kasan: bad access detected [ 12.432363] [ 12.432434] Memory state around the buggy address: [ 12.432665] ffff88810269c080: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 12.432932] ffff88810269c100: 00 00 00 fc fc fc fc fc 00 00 05 fc fc fc fc fc [ 12.433252] >ffff88810269c180: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 12.433633] ^ [ 12.433976] ffff88810269c200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.434224] ffff88810269c280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.434693] ================================================================== Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28890568/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28890568/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891238/suite/log-parser-boot/test/kasan-bug-kasan-slab-use-after-free-in-rcu_uaf_reclaim-f8b03272e3be3d3b54d87979bc8c5bb350090dfaaa11534bbfc770f265729e59/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891238/suite/log-parser-boot/test/kasan-bug-kasan-slab-use-after-free-in-rcu_uaf_reclaim-f8b03272e3be3d3b54d87979bc8c5bb350090dfaaa11534bbfc770f265729e59/attachments/reproducer Boot regression: qemu-x86_64, log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-workqueue_uaf Boot log: --------- [ 12.439795] ================================================================== [ 12.440301] BUG: KASAN: slab-use-after-free in workqueue_uaf+0x4d6/0x560 [ 12.440540] Read of size 8 at addr ffff888103a79dc0 by task kunit_try_catch/218 [ 12.440764] [ 12.440853] CPU: 0 UID: 0 PID: 218 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3 #1 PREEMPT(voluntary) [ 12.440897] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.440908] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.440928] Call Trace: [ 12.440940] [ 12.440966] dump_stack_lvl+0x73/0xb0 [ 12.440992] print_report+0xd1/0x650 [ 12.441013] ? __virt_addr_valid+0x1db/0x2d0 [ 12.441033] ? workqueue_uaf+0x4d6/0x560 [ 12.441053] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.441073] ? workqueue_uaf+0x4d6/0x560 [ 12.441093] kasan_report+0x141/0x180 [ 12.441114] ? workqueue_uaf+0x4d6/0x560 [ 12.441138] __asan_report_load8_noabort+0x18/0x20 [ 12.441160] workqueue_uaf+0x4d6/0x560 [ 12.441181] ? __pfx_workqueue_uaf+0x10/0x10 [ 12.441202] ? __schedule+0x10cc/0x2b60 [ 12.441222] ? __pfx_read_tsc+0x10/0x10 [ 12.441242] ? ktime_get_ts64+0x86/0x230 [ 12.441263] kunit_try_run_case+0x1a5/0x480 [ 12.441285] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.441306] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.441328] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.441348] ? __kthread_parkme+0x82/0x180 [ 12.441367] ? preempt_count_sub+0x50/0x80 [ 12.441388] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.441410] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.441431] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.441452] kthread+0x337/0x6f0 [ 12.441470] ? trace_preempt_on+0x20/0xc0 [ 12.441492] ? __pfx_kthread+0x10/0x10 [ 12.441511] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.441530] ? calculate_sigpending+0x7b/0xa0 [ 12.441552] ? __pfx_kthread+0x10/0x10 [ 12.441572] ret_from_fork+0x116/0x1d0 [ 12.441589] ? __pfx_kthread+0x10/0x10 [ 12.441608] ret_from_fork_asm+0x1a/0x30 [ 12.441637] [ 12.441646] [ 12.457185] Allocated by task 218: [ 12.457323] kasan_save_stack+0x45/0x70 [ 12.458050] kasan_save_track+0x18/0x40 [ 12.458584] kasan_save_alloc_info+0x3b/0x50 [ 12.459098] __kasan_kmalloc+0xb7/0xc0 [ 12.459600] __kmalloc_cache_noprof+0x189/0x420 [ 12.459762] workqueue_uaf+0x152/0x560 [ 12.459893] kunit_try_run_case+0x1a5/0x480 [ 12.460046] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.460214] kthread+0x337/0x6f0 [ 12.460331] ret_from_fork+0x116/0x1d0 [ 12.461132] ret_from_fork_asm+0x1a/0x30 [ 12.461682] [ 12.461984] Freed by task 9: [ 12.462394] kasan_save_stack+0x45/0x70 [ 12.462891] kasan_save_track+0x18/0x40 [ 12.463370] kasan_save_free_info+0x3f/0x60 [ 12.463972] __kasan_slab_free+0x56/0x70 [ 12.464471] kfree+0x222/0x3f0 [ 12.464922] workqueue_uaf_work+0x12/0x20 [ 12.465503] process_one_work+0x5ee/0xf60 [ 12.465917] worker_thread+0x758/0x1220 [ 12.466495] kthread+0x337/0x6f0 [ 12.466835] ret_from_fork+0x116/0x1d0 [ 12.467103] ret_from_fork_asm+0x1a/0x30 [ 12.467245] [ 12.467316] Last potentially related work creation: [ 12.467475] kasan_save_stack+0x45/0x70 [ 12.467606] kasan_record_aux_stack+0xb2/0xc0 [ 12.467751] __queue_work+0x626/0xeb0 [ 12.467877] queue_work_on+0xb6/0xc0 [ 12.468139] workqueue_uaf+0x26d/0x560 [ 12.469014] kunit_try_run_case+0x1a5/0x480 [ 12.469438] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.470155] kthread+0x337/0x6f0 [ 12.470615] ret_from_fork+0x116/0x1d0 [ 12.471060] ret_from_fork_asm+0x1a/0x30 [ 12.471675] [ 12.471966] The buggy address belongs to the object at ffff888103a79dc0 [ 12.471966] which belongs to the cache kmalloc-32 of size 32 [ 12.473236] The buggy address is located 0 bytes inside of [ 12.473236] freed 32-byte region [ffff888103a79dc0, ffff888103a79de0) [ 12.474331] [ 12.474689] The buggy address belongs to the physical page: [ 12.475120] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a79 [ 12.475360] flags: 0x200000000000000(node=0|zone=2) [ 12.475580] page_type: f5(slab) [ 12.476101] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 12.476910] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 12.477741] page dumped because: kasan: bad access detected [ 12.478289] [ 12.478379] Memory state around the buggy address: [ 12.478993] ffff888103a79c80: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 12.479608] ffff888103a79d00: 00 00 03 fc fc fc fc fc 00 00 07 fc fc fc fc fc [ 12.480015] >ffff888103a79d80: 00 00 00 07 fc fc fc fc fa fb fb fb fc fc fc fc [ 12.480227] ^ [ 12.480434] ffff888103a79e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.481295] ffff888103a79e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.482074] ================================================================== Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28890568/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28890568/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891238/suite/log-parser-boot/test/kasan-bug-kasan-slab-use-after-free-in-workqueue_uaf-9bd5284e386806d7baabab2704305e0a4019f78ac0d6a1edaf51217edd1a538d/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891238/suite/log-parser-boot/test/kasan-bug-kasan-slab-use-after-free-in-workqueue_uaf-9bd5284e386806d7baabab2704305e0a4019f78ac0d6a1edaf51217edd1a538d/attachments/reproducer Boot regression: qemu-x86_64, log-parser-boot/kasan-bug-kasan-stack-out-of-bounds-in-kasan_stack_oob Boot log: --------- [ 13.692658] ================================================================== [ 13.693828] BUG: KASAN: stack-out-of-bounds in kasan_stack_oob+0x2b5/0x300 [ 13.694304] Read of size 1 at addr ffff888103b9fd02 by task kunit_try_catch/267 [ 13.695030] [ 13.695268] CPU: 0 UID: 0 PID: 267 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3 #1 PREEMPT(voluntary) [ 13.695318] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.695330] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.695464] Call Trace: [ 13.695479] [ 13.695495] dump_stack_lvl+0x73/0xb0 [ 13.695525] print_report+0xd1/0x650 [ 13.695548] ? __virt_addr_valid+0x1db/0x2d0 [ 13.695570] ? kasan_stack_oob+0x2b5/0x300 [ 13.695589] ? kasan_addr_to_slab+0x11/0xa0 [ 13.695608] ? kasan_stack_oob+0x2b5/0x300 [ 13.695628] kasan_report+0x141/0x180 [ 13.695649] ? kasan_stack_oob+0x2b5/0x300 [ 13.695672] __asan_report_load1_noabort+0x18/0x20 [ 13.695695] kasan_stack_oob+0x2b5/0x300 [ 13.695714] ? __pfx_kasan_stack_oob+0x10/0x10 [ 13.695734] ? __kasan_check_write+0x18/0x20 [ 13.695753] ? queued_spin_lock_slowpath+0x116/0xb40 [ 13.695774] ? irqentry_exit+0x2a/0x60 [ 13.695796] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 13.695819] ? __pfx_read_tsc+0x10/0x10 [ 13.695840] ? ktime_get_ts64+0x86/0x230 [ 13.695862] kunit_try_run_case+0x1a5/0x480 [ 13.695887] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.695910] ? queued_spin_lock_slowpath+0x116/0xb40 [ 13.695932] ? __kthread_parkme+0x82/0x180 [ 13.695951] ? preempt_count_sub+0x50/0x80 [ 13.695988] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.696010] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.696032] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.696055] kthread+0x337/0x6f0 [ 13.696072] ? trace_preempt_on+0x20/0xc0 [ 13.696094] ? __pfx_kthread+0x10/0x10 [ 13.696113] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.696133] ? calculate_sigpending+0x7b/0xa0 [ 13.696156] ? __pfx_kthread+0x10/0x10 [ 13.696176] ret_from_fork+0x116/0x1d0 [ 13.696194] ? __pfx_kthread+0x10/0x10 [ 13.696214] ret_from_fork_asm+0x1a/0x30 [ 13.696244] [ 13.696254] [ 13.706236] The buggy address belongs to stack of task kunit_try_catch/267 [ 13.706783] and is located at offset 138 in frame: [ 13.707216] kasan_stack_oob+0x0/0x300 [ 13.707634] [ 13.707845] This frame has 4 objects: [ 13.708281] [48, 49) '__assertion' [ 13.708305] [64, 72) 'array' [ 13.708549] [96, 112) '__assertion' [ 13.708680] [128, 138) 'stack_array' [ 13.708820] [ 13.709109] The buggy address belongs to the physical page: [ 13.709657] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103b9f [ 13.710373] flags: 0x200000000000000(node=0|zone=2) [ 13.710825] raw: 0200000000000000 ffffea00040ee7c8 ffffea00040ee7c8 0000000000000000 [ 13.711502] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 13.712148] page dumped because: kasan: bad access detected [ 13.712319] [ 13.712507] Memory state around the buggy address: [ 13.712947] ffff888103b9fc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 13.713586] ffff888103b9fc80: f1 f1 f1 f1 f1 01 f2 00 f2 f2 f2 00 00 f2 f2 00 [ 13.713952] >ffff888103b9fd00: 02 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 13.714527] ^ [ 13.714645] ffff888103b9fd80: f1 f1 f1 00 00 f2 f2 00 00 f2 f2 00 00 f3 f3 00 [ 13.714859] ffff888103b9fe00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.715081] ================================================================== Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28890568/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28890568/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891238/suite/log-parser-boot/test/kasan-bug-kasan-stack-out-of-bounds-in-kasan_stack_oob-0f8e3aae6d9ed0ba53cb311320f9aac658bd3b3fa637a2bef35b93c6445e697e/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891238/suite/log-parser-boot/test/kasan-bug-kasan-stack-out-of-bounds-in-kasan_stack_oob-0f8e3aae6d9ed0ba53cb311320f9aac658bd3b3fa637a2bef35b93c6445e697e/attachments/reproducer Boot regression: qemu-x86_64, log-parser-boot/kasan-bug-kasan-use-after-free-in-mempool_uaf_helper Boot log: --------- [ 13.399497] ================================================================== [ 13.399895] BUG: KASAN: use-after-free in mempool_uaf_helper+0x392/0x400 [ 13.400138] Read of size 1 at addr ffff888103aec000 by task kunit_try_catch/247 [ 13.400471] [ 13.400603] CPU: 0 UID: 0 PID: 247 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3 #1 PREEMPT(voluntary) [ 13.400655] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.400667] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.400714] Call Trace: [ 13.400726] [ 13.400742] dump_stack_lvl+0x73/0xb0 [ 13.400781] print_report+0xd1/0x650 [ 13.400804] ? __virt_addr_valid+0x1db/0x2d0 [ 13.400826] ? mempool_uaf_helper+0x392/0x400 [ 13.400847] ? kasan_addr_to_slab+0x11/0xa0 [ 13.400893] ? mempool_uaf_helper+0x392/0x400 [ 13.400915] kasan_report+0x141/0x180 [ 13.400936] ? mempool_uaf_helper+0x392/0x400 [ 13.400978] __asan_report_load1_noabort+0x18/0x20 [ 13.401002] mempool_uaf_helper+0x392/0x400 [ 13.401024] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 13.401075] ? __kasan_check_write+0x18/0x20 [ 13.401094] ? __pfx_sched_clock_cpu+0x10/0x10 [ 13.401116] ? finish_task_switch.isra.0+0x153/0x700 [ 13.401152] mempool_kmalloc_large_uaf+0xef/0x140 [ 13.401175] ? __pfx_mempool_kmalloc_large_uaf+0x10/0x10 [ 13.401226] ? __pfx_mempool_kmalloc+0x10/0x10 [ 13.401249] ? __pfx_mempool_kfree+0x10/0x10 [ 13.401273] ? __pfx_read_tsc+0x10/0x10 [ 13.401300] ? ktime_get_ts64+0x86/0x230 [ 13.401324] kunit_try_run_case+0x1a5/0x480 [ 13.401347] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.401369] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.401392] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.401413] ? __kthread_parkme+0x82/0x180 [ 13.401433] ? preempt_count_sub+0x50/0x80 [ 13.401455] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.401478] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.401500] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.401521] kthread+0x337/0x6f0 [ 13.401540] ? trace_preempt_on+0x20/0xc0 [ 13.401562] ? __pfx_kthread+0x10/0x10 [ 13.401582] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.401602] ? calculate_sigpending+0x7b/0xa0 [ 13.401646] ? __pfx_kthread+0x10/0x10 [ 13.401668] ret_from_fork+0x116/0x1d0 [ 13.401695] ? __pfx_kthread+0x10/0x10 [ 13.401715] ret_from_fork_asm+0x1a/0x30 [ 13.401746] [ 13.401769] [ 13.411715] The buggy address belongs to the physical page: [ 13.411948] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103aec [ 13.412313] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.412764] flags: 0x200000000000040(head|node=0|zone=2) [ 13.413080] page_type: f8(unknown) [ 13.413235] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.413726] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.414076] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.414485] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.414914] head: 0200000000000002 ffffea00040ebb01 00000000ffffffff 00000000ffffffff [ 13.415261] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 13.415663] page dumped because: kasan: bad access detected [ 13.416219] [ 13.416321] Memory state around the buggy address: [ 13.416564] ffff888103aebf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.416936] ffff888103aebf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.417263] >ffff888103aec000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.417657] ^ [ 13.417856] ffff888103aec080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.418215] ffff888103aec100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.418638] ================================================================== Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28890568/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28890568/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891238/suite/log-parser-boot/test/kasan-bug-kasan-use-after-free-in-mempool_uaf_helper-81ff2088bff549878b074e35e7646d683b95b285ac737dc700b9d21f1d909dd6/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891238/suite/log-parser-boot/test/kasan-bug-kasan-use-after-free-in-mempool_uaf_helper-81ff2088bff549878b074e35e7646d683b95b285ac737dc700b9d21f1d909dd6/attachments/reproducer Boot regression: qemu-x86_64, log-parser-boot/kasan-bug-kasan-use-after-free-in-page_alloc_uaf Boot log: --------- [ 11.363314] ================================================================== [ 11.365046] BUG: KASAN: use-after-free in page_alloc_uaf+0x356/0x3d0 [ 11.365277] Read of size 1 at addr ffff888103af0000 by task kunit_try_catch/172 [ 11.366697] [ 11.367202] CPU: 0 UID: 0 PID: 172 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3 #1 PREEMPT(voluntary) [ 11.367251] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.367263] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.367282] Call Trace: [ 11.367295] [ 11.367315] dump_stack_lvl+0x73/0xb0 [ 11.367344] print_report+0xd1/0x650 [ 11.367365] ? __virt_addr_valid+0x1db/0x2d0 [ 11.367386] ? page_alloc_uaf+0x356/0x3d0 [ 11.367406] ? kasan_addr_to_slab+0x11/0xa0 [ 11.367425] ? page_alloc_uaf+0x356/0x3d0 [ 11.367446] kasan_report+0x141/0x180 [ 11.367466] ? page_alloc_uaf+0x356/0x3d0 [ 11.367491] __asan_report_load1_noabort+0x18/0x20 [ 11.367513] page_alloc_uaf+0x356/0x3d0 [ 11.367533] ? __pfx_page_alloc_uaf+0x10/0x10 [ 11.367554] ? __schedule+0x10cc/0x2b60 [ 11.367575] ? __pfx_read_tsc+0x10/0x10 [ 11.367594] ? ktime_get_ts64+0x86/0x230 [ 11.367615] kunit_try_run_case+0x1a5/0x480 [ 11.367638] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.367658] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.367679] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.367700] ? __kthread_parkme+0x82/0x180 [ 11.367719] ? preempt_count_sub+0x50/0x80 [ 11.367741] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.367763] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.367784] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.367805] kthread+0x337/0x6f0 [ 11.367823] ? trace_preempt_on+0x20/0xc0 [ 11.367846] ? __pfx_kthread+0x10/0x10 [ 11.367865] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.367884] ? calculate_sigpending+0x7b/0xa0 [ 11.367906] ? __pfx_kthread+0x10/0x10 [ 11.367925] ret_from_fork+0x116/0x1d0 [ 11.367942] ? __pfx_kthread+0x10/0x10 [ 11.367971] ret_from_fork_asm+0x1a/0x30 [ 11.368000] [ 11.368011] [ 11.376352] The buggy address belongs to the physical page: [ 11.376753] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103af0 [ 11.377206] flags: 0x200000000000000(node=0|zone=2) [ 11.377652] page_type: f0(buddy) [ 11.377793] raw: 0200000000000000 ffff88817fffb460 ffff88817fffb460 0000000000000000 [ 11.378079] raw: 0000000000000000 0000000000000004 00000000f0000000 0000000000000000 [ 11.378469] page dumped because: kasan: bad access detected [ 11.378747] [ 11.378893] Memory state around the buggy address: [ 11.379539] ffff888103aeff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 11.380023] ffff888103aeff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 11.380479] >ffff888103af0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 11.381033] ^ [ 11.381313] ffff888103af0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 11.381970] ffff888103af0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 11.382508] ================================================================== Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28890568/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28890568/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891238/suite/log-parser-boot/test/kasan-bug-kasan-use-after-free-in-page_alloc_uaf-ae2027e47634ac5988da8eae3958ee3713096a93bd79139aa7c2a8755cbb8571/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891238/suite/log-parser-boot/test/kasan-bug-kasan-use-after-free-in-page_alloc_uaf-ae2027e47634ac5988da8eae3958ee3713096a93bd79139aa7c2a8755cbb8571/attachments/reproducer Test regression: qemu-arm64, kselftest-seccomp/seccomp_seccomp_benchmark Test log: --------- <8>[ 127.169007] exit=1<8>[ 127.177014] seccomp_seccomp_benchmark_native_1_bitmap pass seccomp_seccomp_benchmark_native_1_filter pass seccomp_seccomp_benchmark_per-filter_last_2_diff_per-filter_filters_4 fail seccomp_seccomp_benchmark_1_bitmapped_2_bitmapped fail seccomp_seccomp_benchmark_entry_1_bitmapped skip seccomp_seccomp_benchmark_entry_2_bitmapped skip seccomp_seccomp_benchmark_native_entry_per_filter_4_4_filters_total skip seccomp_seccomp_benchmark fail Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891601/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891601/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28892063/suite/kselftest-seccomp/test/seccomp_seccomp_benchmark/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28892063/suite/kselftest-seccomp/test/seccomp_seccomp_benchmark/attachments/reproducer Test regression: qemu-arm64, kselftest-seccomp/seccomp_seccomp_benchmark_1_bitmapped_2_bitmapped Test log: --------- <8>[ 127.020470] Skipping constant action bitmap expectations: they appear unsupported. <8>[ 127.028630] seccomp_seccomp_benchmark_1_bitmapped_2_bitmapped fail Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891601/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891601/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28892063/suite/kselftest-seccomp/test/seccomp_seccomp_benchmark_1_bitmapped_2_bitmapped/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28892063/suite/kselftest-seccomp/test/seccomp_seccomp_benchmark_1_bitmapped_2_bitmapped/attachments/reproducer Test regression: qemu-arm64, kselftest-seccomp/seccomp_seccomp_benchmark_per-filter_last_2_diff_per-filter_filters_4 Test log: --------- <8>[ 126.974168] 1 bitmapped ≈ 2 bitmapped (544 ≈ 486): ❌ <8>[ 126.982830] seccomp_seccomp_benchmark_per-filter_last_2_diff_per-filter_filters_4 fail Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891601/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891601/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28892063/suite/kselftest-seccomp/test/seccomp_seccomp_benchmark_per-filter_last_2_diff_per-filter_filters_4/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28892063/suite/kselftest-seccomp/test/seccomp_seccomp_benchmark_per-filter_last_2_diff_per-filter_filters_4/attachments/reproducer Test regression: qemu-arm64, kselftest-tc-testing/tc-testing_tdc_sh_5993___QFQ_with_stab_overhead_greater_than_max_packet_len Test log: --------- <8>[ 645.199980] <8>[ 645.208911] tc-testing_tdc_sh_5993___QFQ_with_stab_overhead_greater_than_max_packet_len fail Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891601/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891601/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28892383/suite/kselftest-tc-testing/test/tc-testing_tdc_sh_5993___QFQ_with_stab_overhead_greater_than_max_packet_len/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28892383/suite/kselftest-tc-testing/test/tc-testing_tdc_sh_5993___QFQ_with_stab_overhead_greater_than_max_packet_len/attachments/reproducer Test regression: qemu-arm64, kselftest-arm64/arm64_check_gcr_el1_cswitch Test log: --------- <8>[ 111.598189] TIMEOUT 45 secondstimeout set to 45 selftests: arm64: check_hugetlb_options 1..12 ok 1 Check hugetlb memory with private mapping, sync error mode, mmap memory and tag check off ok 2 Check hugetlb memory with private mapping, no error mode, mmap memory and tag check off ok 3 Check hugetlb memory with private mapping, sync error mode, mmap memory and tag check on ok 4 Check hugetlb memory with private mapping, sync error mode, mmap/mprotect memory and tag check on ok 5 Check hugetlb memory with private mapping, async error mode, mmap memory and tag check on ok 6 Check hugetlb memory with private mapping, async error mode, mmap/mprotect memory and tag check on ok 7 Check clear PROT_MTE flags with private mapping, sync error mode and mmap memory ok 8 Check clear PROT_MTE flags with private mapping and sync error mode and mmap/mprotect memory ok 9 Check child hugetlb memory with private mapping, sync error mode and mmap memory ok 10 Check child hugetlb memory with private mapping, async error mode and mmap memory ok 11 Check child hugetlb memory with private mapping, sync error mode and mmap/mprotect memory ok 12 Check child hugetlb memory with private mapping, async error mode and mmap/mprotect memory # Totals: pass:12 fail:0 xfail:0 xpass:0 skip:0 error:0 <8>[ 111.618296] arm64_check_gcr_el1_cswitch fail Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891601/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891601/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28892017/suite/kselftest-arm64/test/arm64_check_gcr_el1_cswitch/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28892017/suite/kselftest-arm64/test/arm64_check_gcr_el1_cswitch/attachments/reproducer Test regression: qemu-x86_64, kselftest-seccomp/seccomp_seccomp_benchmark_native_entry_per_filter_4_4_filters_total Test log: --------- <8>[ 126.959850] Saw unexpected benchmark result. Try running again with more samples? Totals: pass:5 fail:2 xfail:0 xpass:0 skip:0 error:0 <8>[ 126.970131] seccomp_seccomp_benchmark_native_entry_per_filter_4_4_filters_total fail Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28890568/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28890568/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891211/suite/kselftest-seccomp/test/seccomp_seccomp_benchmark_native_entry_per_filter_4_4_filters_total/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891211/suite/kselftest-seccomp/test/seccomp_seccomp_benchmark_native_entry_per_filter_4_4_filters_total/attachments/reproducer Test regression: qemu-x86_64, kselftest-mm/mm_run_vmtests_sh_uffd-unit-tests Test log: --------- <8>[ 858.883929] exit=1-------------------------------- running ./uffd-stress anon 20 16 -------------------------------- nr_pages: 5120, nr_pages_per_cpu: 2560 bounces: 15, mode: rnd racing ver poll, userfaults: 347 missing (171+176+) 855 wp (443+412+) bounces: 14, mode: racing ver poll, userfaults: 588 missing (362+226+) 883 wp (521+362+) bounces: 13, mode: rnd ver poll, userfaults: 167 missing (84+83+) 522 wp (259+263+) bounces: 12, mode: ver poll, userfaults: 212 missing (169+43+) 984 wp (420+564+) bounces: 11, mode: rnd racing poll, userfaults: 347 missing (181+166+) 947 wp (458+489+) bounces: 10, mode: racing poll, userfaults: 365 missing (192+173+) 887 wp (479+408+) bounces: 9, mode: rnd poll, userfaults: 339 missing (168+171+) 921 wp (498+423+) bounces: 8, mode: poll, userfaults: 212 missing (178+34+) 1104 wp (536+568+) bounces: 7, mode: rnd racing ver read, userfaults: 586 missing (235+351+) 1495 wp (559+936+) bounces: 6, mode: racing ver read, userfaults: 370 missing (217+153+) 931 wp (481+450+) bounces: 5, mode: rnd ver read, userfaults: 544 missing (270+274+) 1370 wp (670+700+) bounces: 4, mode: ver read, userfaults: 288 missing (143+145+) 1809 wp (910+899+) bounces: 3, mode: rnd racing read, userfaults: 629 missing (265+364+) 1537 wp (687+850+) bounces: 2, mode: racing read, userfaults: 353 missing (178+175+) 1156 wp (603+553+) bounces: 1, mode: rnd read, userfaults: 533 missing (211+322+) 1351 wp (613+738+) bounces: 0, mode: read, userfaults: 5 missing (5+0+) 1869 wp (757+1112+) [PASS] <8>[ 858.904720] mm_run_vmtests_sh_uffd-unit-tests fail Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28890568/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28890568/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891657/suite/kselftest-mm/test/mm_run_vmtests_sh_uffd-unit-tests/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891657/suite/kselftest-mm/test/mm_run_vmtests_sh_uffd-unit-tests/attachments/reproducer Test regression: qemu-arm64, log-parser-test/exception-w Test log: --------- ------------[ cut here ]------------ [ 75.273759] W [ 75.273759] WARNING: CPU: 0 PID: 48 at fs/jbd2/transaction.c:334 start_this_handle+0x4c0/0x4e0 [ 75.277150] Modules linked in: btrfs blake2b_generic xor xor_neon raid6_pq zstd_compress sm3_ce sha3_ce sha512_ce fuse drm backlight ip_tables x_tables [ 75.278783] CPU: 0 UID: 0 PID: 48 Comm: kworker/u8:3 Not tainted 6.16.0-rc3 #1 PREEMPT [ 75.279165] Hardware name: linux,dummy-virt (DT) [ 75.279550] Workqueue: writeback wb_workfn (flush-7:0) [ 75.279950] pstate: 63402009 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) [ 75.280253] pc : start_this_handle+0x4c0/0x4e0 [ 75.280451] lr : start_this_handle+0x4c0/0x4e0 [ 75.280670] sp : ffffc000805fb640 [ 75.280836] x29: ffffc000805fb680 x28: fff00000ce3c9000 x27: ffffcca39a4b2000 [ 75.281193] x26: 00000000000001a0 x25: 0000000000000015 x24: 0000000000000002 [ 75.281495] x23: 0000000000000015 x22: 0000000000000c40 x21: 0000000000000008 [ 75.281805] x20: fff00000c230d1b8 x19: fff00000c230d1b8 x18: 0000000000000000 [ 75.282078] x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000 [ 75.282488] x14: 0000000000000000 x13: 00000000ffffffff x12: 0000000000000000 [ 75.282827] x11: 0000000000000000 x10: ffffcca399de8bc8 x9 : ffffcca39754f29c [ 75.283206] x8 : ffffc000805fb268 x7 : 0000000000000000 x6 : 0000000000000001 [ 75.283554] x5 : ffffcca399d69000 x4 : ffffcca399d693d0 x3 : 0000000000000000 [ 75.283905] x2 : 0000000000000000 x1 : fff00000c0e386c0 x0 : 000000000000004c [ 75.284375] Call trace: [ 75.284729] start_this_handle+0x4c0/0x4e0 (P) [ 75.285072] jbd2__journal_start+0x118/0x248 [ 75.285291] __ext4_journal_start_sb+0xf0/0x1c0 [ 75.285535] ext4_do_writepages+0x40c/0xba0 [ 75.285744] ext4_writepages+0x8c/0x120 [ 75.285989] do_writepages+0xb0/0x1a0 [ 75.286149] __writeback_single_inode+0x4c/0x480 [ 75.286402] writeback_sb_inodes+0x234/0x4a8 [ 75.286595] wb_writeback+0xa4/0x3d0 [ 75.286806] wb_workfn+0xf0/0x4f8 [ 75.287003] process_one_work+0x158/0x3b8 [ 75.287194] worker_thread+0x2d4/0x3f0 [ 75.287445] kthread+0x138/0x228 [ 75.287627] ret_from_fork+0x10/0x20 [ 75.287938] ---[ end trace 0000000000000000 ]--- Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891601/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891601/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28892194/suite/log-parser-test/test/exception-w-cdc17f1ef4cd626743512b09832a6f7c572403a871508e943cdc7d73d920c393/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28892194/suite/log-parser-test/test/exception-w-cdc17f1ef4cd626743512b09832a6f7c572403a871508e943cdc7d73d920c393/attachments/reproducer Test regression: qemu-arm64, log-parser-test/exception-warning-cpu-pid-at-fsjbd2transaction-start_this_han Test log: --------- ------------[ cut here ]------------ [ 79.788410] WARNING: CPU: 1 PID: 863 at fs/jbd2/transaction.c:334 start_this_han [ 79.788410] WARNING: CPU: 1 PID: 863 at fs/jbd2/transaction.c:334 start_this_handle+0x4c0/0x4e0 [ 79.789937] Modules linked in: btrfs blake2b_generic xor xor_neon raid6_pq zstd_compress sm3_ce sha3_ce sha512_ce fuse drm backlight ip_tables x_tables [ 79.790677] CPU: 1 UID: 0 PID: 863 Comm: mmap16 Tainted: G W 6.16.0-rc3 #1 PREEMPT [ 79.791513] Tainted: [W]=WARN [ 79.792170] Hardware name: linux,dummy-virt (DT) [ 79.792864] pstate: 63402009 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) [ 79.793768] pc : start_this_handle+0x4c0/0x4e0 [ 79.794391] lr : start_this_handle+0x4c0/0x4e0 [ 79.795033] sp : ffffc00080f139e0 [ 79.795672] x29: ffffc00080f13a20 x28: fff00000ce3c9000 x27: ffffcca39a4b2000 [ 79.796549] x26: 00000000000001a0 x25: 0000000000000000 x24: 0000000000000002 [ 79.797496] x23: 0000000000000000 x22: 0000000000000c40 x21: 0000000000000008 [ 79.798427] x20: fff00000c24fb288 x19: fff00000c24fb288 x18: 0000000000000000 [ 79.799436] x17: 0000000000000000 x16: ffffcca399104700 x15: 0000000000000000 [ 79.800330] x14: 0000000000000000 x13: 00000000ffffffff x12: ffffcca399de8bc8 [ 79.801280] x11: 0000000000009a18 x10: ffffcca399df8e70 x9 : ffffcca39754f29c [ 79.802274] x8 : ffffc00080f13608 x7 : 0000000000000000 x6 : 0000000000000001 [ 79.803108] x5 : ffffcca399d69000 x4 : ffffcca399d693d0 x3 : 0000000000000000 [ 79.804043] x2 : 0000000000000000 x1 : fff00000c6b26040 x0 : 0000000000000045 [ 79.805008] Call trace: [ 79.805353] start_this_handle+0x4c0/0x4e0 (P) [ 79.806872] jbd2__journal_start+0x118/0x248 [ 79.807463] __ext4_journal_start_sb+0xf0/0x1c0 [ 79.808095] ext4_page_mkwrite+0x2a4/0x4f0 [ 79.808670] do_page_mkwrite+0x60/0xf0 [ 79.809231] do_wp_page+0x1d4/0xfc8 [ 79.809677] __handle_mm_fault+0x768/0x1860 [ 79.810201] handle_mm_fault+0x15c/0x298 [ 79.810680] do_page_fault+0x138/0x6b0 [ 79.811273] do_mem_abort+0x4c/0xa8 [ 79.811792] el0_da+0x44/0xb0 [ 79.812207] el0t_64_sync_handler+0xc4/0x138 [ 79.812669] el0t_64_sync+0x198/0x1a0 [ 79.813351] ---[ end trace 0000000000000000 ]--- Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891601/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891601/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28892194/suite/log-parser-test/test/exception-warning-cpu-pid-at-fsjbd2transaction-start_this_han-21afc5edb0a5fc31e2cf82947b16c9bfc572953bcfc3f48123d7ca26756d7e2a/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28892194/suite/log-parser-test/test/exception-warning-cpu-pid-at-fsjbd2transaction-start_this_han-21afc5edb0a5fc31e2cf82947b16c9bfc572953bcfc3f48123d7ca26756d7e2a/attachments/reproducer Test regression: qemu-arm64, log-parser-test/exception-warning-cpu-pid-at-fsjbd2transaction-start_this_handle Test log: --------- ------------[ cut here ]------------ [ 89.330826] WARNING: CPU: 0 PID: 878 at fs/jbd2/transaction.c:334 start_this_handle+0x4c0/0x4e0 [ 89.333368] Modules linked in: btrfs blake2b_generic xor xor_neon raid6_pq zstd_compress sm3_ce sha3_ce sha512_ce fuse drm backlight ip_tables x_tables [ 89.334926] CPU: 0 UID: 0 PID: 878 Comm: mmap16 Tainted: G W 6.16.0-rc3 #1 PREEMPT [ 89.335756] Tainted: [W]=WARN [ 89.336760] Hardware name: linux,dummy-virt (DT) [ 89.337198] pstate: 62402009 (nZCv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--) [ 89.338043] pc : start_this_handle+0x4c0/0x4e0 [ 89.338656] lr : start_this_handle+0x4c0/0x4e0 [ 89.339192] sp : ffffc00080edb9e0 [ 89.339521] x29: ffffc00080edba20 x28: fff00000ce3c9000 x27: ffffcca39a4b2000 [ 89.340147] x26: 00000000000001a0 x25: 0000000000000000 x24: 0000000000000002 [ 89.340866] x23: 0000000000000000 x22: 0000000000000c40 x21: 0000000000000008 [ 89.341808] x20: fff00000c230caf0 x19: fff00000c230caf0 x18: 0000000000000000 [ 89.342365] x17: fff0335d6590c000 x16: ffffc00080000000 x15: 0000000000000000 [ 89.343214] x14: 0000000000000000 x13: 00000000ffffffff x12: ffffcca399de8bc8 [ 89.344106] x11: 00000000000d98a8 x10: ffffcca399deb628 x9 : ffffcca39754f29c [ 89.344370] x8 : ffffc00080edb608 x7 : 0000000000000000 x6 : 0000000000000001 [ 89.345197] x5 : ffffcca399d69000 x4 : ffffcca399d693d0 x3 : 0000000000000000 [ 89.346280] x2 : 0000000000000000 x1 : fff00000c6244d00 x0 : 0000000000000045 [ 89.347164] Call trace: [ 89.347569] start_this_handle+0x4c0/0x4e0 (P) [ 89.348068] jbd2__journal_start+0x118/0x248 [ 89.348579] __ext4_journal_start_sb+0xf0/0x1c0 [ 89.349155] ext4_page_mkwrite+0x2a4/0x4f0 [ 89.349353] do_page_mkwrite+0x60/0xf0 [ 89.349915] do_wp_page+0x1d4/0xfc8 [ 89.350462] __handle_mm_fault+0x768/0x1860 [ 89.350937] handle_mm_fault+0x15c/0x298 [ 89.351466] do_page_fault+0x138/0x6b0 [ 89.351893] do_mem_abort+0x4c/0xa8 [ 89.352395] el0_da+0x44/0xb0 [ 89.352866] el0t_64_sync_handler+0xc4/0x138 [ 89.353311] el0t_64_sync+0x198/0x1a0 [ 89.353799] ---[ end trace 0000000000000000 ]--- --- ------------[ cut here ]------------ [ 82.939088] WARNING: CPU: 0 PID: 875 at fs/jbd2/transaction.c:334 start_this_handle+0x4c0/0x4e0 [ 82.941288] Modules linked in: btrfs blake2b_generic xor xor_neon raid6_pq zstd_compress sm3_ce sha3_ce sha512_ce fuse drm backlight ip_tables x_tables [ 82.942568] CPU: 0 UID: 0 PID: 875 Comm: mmap16 Tainted: G W 6.16.0-rc3 #1 PREEMPT [ 82.943332] Tainted: [W]=WARN [ 82.943784] Hardware name: linux,dummy-virt (DT) [ 82.944234] pstate: 62402009 (nZCv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--) [ 82.944909] pc : start_this_handle+0x4c0/0x4e0 [ 82.945472] lr : start_this_handle+0x4c0/0x4e0 [ 82.945899] sp : ffffc00080edb9e0 [ 82.946344] x29: ffffc00080edba20 x28: fff00000ce3c9000 x27: ffffcca39a4b2000 [ 82.947047] x26: 00000000000001a0 x25: 0000000000000000 x24: 0000000000000002 [ 82.947830] x23: 0000000000000000 x22: 0000000000000c40 x21: 0000000000000008 [ 82.948404] x20: fff00000c230caf0 x19: fff00000c230caf0 x18: 0000000000000000 [ 82.948681] x17: fff0335d6590c000 x16: ffffc00080000000 x15: 0000000000000000 [ 82.948922] x14: 0000000000000000 x13: 00000000ffffffff x12: ffffcca399de8bc8 [ 82.949329] x11: 0000000000049be0 x10: ffffcca399dfa568 x9 : ffffcca39754f29c [ 82.949883] x8 : ffffc00080edb608 x7 : 0000000000000000 x6 : 0000000000000001 [ 82.950408] x5 : ffffcca399d69000 x4 : ffffcca399d693d0 x3 : 0000000000000000 [ 82.950658] x2 : 0000000000000000 x1 : fff00000c6b26040 x0 : 0000000000000045 [ 82.950900] Call trace: [ 82.950994] start_this_handle+0x4c0/0x4e0 (P) [ 82.951152] jbd2__journal_start+0x118/0x248 [ 82.951298] __ext4_journal_start_sb+0xf0/0x1c0 [ 82.951458] ext4_page_mkwrite+0x2a4/0x4f0 [ 82.951612] do_page_mkwrite+0x60/0xf0 [ 82.951795] do_wp_page+0x1d4/0xfc8 [ 82.951968] __handle_mm_fault+0x768/0x1860 [ 82.952175] handle_mm_fault+0x15c/0x298 [ 82.952315] do_page_fault+0x138/0x6b0 [ 82.952482] do_mem_abort+0x4c/0xa8 [ 82.952675] el0_da+0x44/0xb0 [ 82.952865] el0t_64_sync_handler+0xc4/0x138 [ 82.953024] el0t_64_sync+0x198/0x1a0 [ 82.953158] ---[ end trace 0000000000000000 ]--- Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891601/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891601/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28892194/suite/log-parser-test/test/exception-warning-cpu-pid-at-fsjbd2transaction-start_this_handle-17ece2a9772699652718a09b1478874b2475b875c538003fc0f8f4a50d917325/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28892194/suite/log-parser-test/test/exception-warning-cpu-pid-at-fsjbd2transaction-start_this_handle-17ece2a9772699652718a09b1478874b2475b875c538003fc0f8f4a50d917325/attachments/reproducer Test regression: qemu-arm64, log-parser-test/exception-warning-cpu-pid-at-mmslub-__kvmalloc_node_noprof Test log: --------- ------------[ cut here ]------------ [ 33.012023] WARNING: CPU: 0 PID: 494 at mm/slub.c:5027 __kvmalloc_node_noprof+0x430/0x484 [ 33.015331] Modules linked in: sm3_ce sha3_ce sha512_ce drm backlight fuse ip_tables x_tables [ 33.017763] CPU: 0 UID: 0 PID: 494 Comm: unshare_test Not tainted 6.16.0-rc3 #1 PREEMPT [ 33.018759] Hardware name: linux,dummy-virt (DT) [ 33.019628] pstate: 23402009 (nzCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) [ 33.019954] pc : __kvmalloc_node_noprof+0x430/0x484 [ 33.020153] lr : __kvmalloc_node_noprof+0x388/0x484 [ 33.021049] sp : ffff800080bd3c80 [ 33.021426] x29: ffff800080bd3cb0 x28: fff00000c72f0000 x27: 0000000000000000 [ 33.022494] x26: 0000000000000000 x25: 00000000004028c0 x24: 55af9cf1f575d818 [ 33.023126] x23: 0000000000000000 x22: 00000000ffffffff x21: 0000000000400cc0 [ 33.023648] x20: 0000000200001e00 x19: 0000000000000000 x18: 0000000000000000 [ 33.024440] x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000 [ 33.025070] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000 [ 33.025617] x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000 [ 33.026501] x8 : 0000000000000001 x7 : fff00000c72f0000 x6 : fff00000ff6cfd40 [ 33.027169] x5 : 0000000000000000 x4 : fff00000c72f0000 x3 : 0000000000000000 [ 33.027446] x2 : 0000000000000000 x1 : 0000000000000000 x0 : 000000007fffffff [ 33.027873] Call trace: [ 33.028231] __kvmalloc_node_noprof+0x430/0x484 (P) [ 33.029508] alloc_fdtable+0x84/0x12c [ 33.029797] expand_files+0x74/0x2ec [ 33.029965] ksys_dup3+0x60/0x120 [ 33.030096] __arm64_sys_dup3+0x20/0x30 [ 33.030238] invoke_syscall+0x48/0x10c [ 33.030459] el0_svc_common.constprop.0+0x40/0xe0 [ 33.030797] do_el0_svc+0x1c/0x28 [ 33.031524] el0_svc+0xbc/0x104 [ 33.032012] el0t_64_sync_handler+0x10c/0x138 [ 33.032831] el0t_64_sync+0x198/0x19c [ 33.033314] ---[ end trace 0000000000000000 ]--- Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891601/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891601/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891916/suite/log-parser-test/test/exception-warning-cpu-pid-at-mmslub-__kvmalloc_node_noprof-0b3d6c8f17936685be8d79f1ee0e6f8772d40e2b62775c96c45cea5c5e4bb920/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891916/suite/log-parser-test/test/exception-warning-cpu-pid-at-mmslub-__kvmalloc_node_noprof-0b3d6c8f17936685be8d79f1ee0e6f8772d40e2b62775c96c45cea5c5e4bb920/attachments/reproducer Fixes: qemu-arm64-compat, ltp-mm/kallsyms Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891601/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891601/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28892223/suite/ltp-mm/test/kallsyms/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28892223/suite/ltp-mm/test/kallsyms/attachments/reproducer Fixes: qemu-arm64, kselftest-arm64/arm64_check_gcr_el1_cswitch Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891601/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891601/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28892362/suite/kselftest-arm64/test/arm64_check_gcr_el1_cswitch/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28892362/suite/kselftest-arm64/test/arm64_check_gcr_el1_cswitch/attachments/reproducer Fixes: qemu-arm64, kselftest-timers/timers_posix_timers Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891601/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891601/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28892492/suite/kselftest-timers/test/timers_posix_timers/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28892492/suite/kselftest-timers/test/timers_posix_timers/attachments/reproducer Fixes: qemu-arm64, kselftest-cgroup/cgroup_test_freezer_test_cgfreezer_ptrace Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891601/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891601/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28892070/suite/kselftest-cgroup/test/cgroup_test_freezer_test_cgfreezer_ptrace/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28892070/suite/kselftest-cgroup/test/cgroup_test_freezer_test_cgfreezer_ptrace/attachments/reproducer Fixes: qemu-arm64, kselftest-cgroup/cgroup_test_kmem_test_kmem_dead_cgroups Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891601/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891601/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28892070/suite/kselftest-cgroup/test/cgroup_test_kmem_test_kmem_dead_cgroups/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28892070/suite/kselftest-cgroup/test/cgroup_test_kmem_test_kmem_dead_cgroups/attachments/reproducer Fixes: qemu-arm64, perf/_22_2_Write_Only_Watchpoint Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891601/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891601/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891664/suite/perf/test/_22_2_Write_Only_Watchpoint/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891664/suite/perf/test/_22_2_Write_Only_Watchpoint/attachments/reproducer Fixes: qemu-arm64, xfstests-f2fs/f2fs-004 Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891601/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891601/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891874/suite/xfstests-f2fs/test/f2fs-004/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891874/suite/xfstests-f2fs/test/f2fs-004/attachments/reproducer Fixes: qemu-armv7, kselftest-seccomp/seccomp_seccomp_benchmark_entry_2_bitmapped Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28890914/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28890914/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891643/suite/kselftest-seccomp/test/seccomp_seccomp_benchmark_entry_2_bitmapped/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891643/suite/kselftest-seccomp/test/seccomp_seccomp_benchmark_entry_2_bitmapped/attachments/reproducer Fixes: qemu-armv7, kselftest-timers/timers_posix_timers Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28890914/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28890914/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891683/suite/kselftest-timers/test/timers_posix_timers/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891683/suite/kselftest-timers/test/timers_posix_timers/attachments/reproducer Fixes: qemu-x86_64, kselftest-x86/x86_syscall_numbering_64 Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28890568/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28890568/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891157/suite/kselftest-x86/test/x86_syscall_numbering_64/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891157/suite/kselftest-x86/test/x86_syscall_numbering_64/attachments/reproducer Fixes: qemu-x86_64, kselftest-tc-testing/tc-testing_tdc_sh_5993___QFQ_with_stab_overhead_greater_than_max_packet_len Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28890568/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28890568/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891595/suite/kselftest-tc-testing/test/tc-testing_tdc_sh_5993___QFQ_with_stab_overhead_greater_than_max_packet_len/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28891595/suite/kselftest-tc-testing/test/tc-testing_tdc_sh_5993___QFQ_with_stab_overhead_greater_than_max_packet_len/attachments/reproducer Fixes: qemu-x86_64, kselftest-x86/x86_syscall_numbering_64 Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28890568/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28890568/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28890725/suite/kselftest-x86/test/x86_syscall_numbering_64/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8/testrun/28890725/suite/kselftest-x86/test/x86_syscall_numbering_64/attachments/reproducer Source: ------- - Kernel version: 6.16.0-rc3 - Git Tree: https://kernel.googlesource.com/pub/scm/linux/kernel/git/sashal/linus-next.git - Git SHA: c9b3cfdb79f806588b9c0985619d9acc958c0c16 - Git Describe: v6.13-rc7-42785-gc9b3cfdb79f8 - Test Details: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42785-gc9b3cfdb79f8 -- Linaro LKFT https://lkft.linaro.org