Regressions seen on Linux v6.13-rc7-42957-g02381519c075 Good: v6.13-rc7-42937-g304d0ef6990b Bad: v6.13-rc7-42957-g02381519c075 Reported-by: Linux Kernel Functional Testing Boot regression: qemu-arm64, log-parser-boot/internal-error-oops-oops-smp Boot log: --------- [ 25.528342] Internal error: Oops: 0000000096000005 [#1] SMP [ 25.535426] Modules linked in: [ 25.537398] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G N 6.16.0-rc3 #1 PREEMPT [ 25.538918] Tainted: [N]=TEST [ 25.539399] Hardware name: linux,dummy-virt (DT) [ 25.540259] pstate: 81400009 (Nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [ 25.540973] pc : kunit_test_null_dereference+0x2c/0x114 [ 25.541840] lr : kunit_generic_run_threadfn_adapter+0x84/0x104 [ 25.542416] sp : ffff800080f77db0 [ 25.542927] x29: ffff800080f77dc0 x28: dfff800000000000 x27: 1ffe000018eda945 [ 25.543877] x26: fff00000c72dd9a0 x25: ffff800080f67b48 x24: fff00000c5e98f90 [ 25.544641] x23: 1ffe000018e5bb21 x22: dfff800000000000 x21: dfff800000000000 [ 25.545159] x20: ffff9267fa5ac534 x19: fff00000c72dd908 x18: ffff800080097930 [ 25.545538] x17: ffff80008009792c x16: 0000000000000000 x15: 0000000000000001 [ 25.545921] x14: 1ffe000018edaa33 x13: 0000000000000000 x12: 0000000000000000 [ 25.546376] x11: fffd800018edaa34 x10: dfff800000000000 x9 : 1ffe000018e5bb22 [ 25.546872] x8 : 130504fd9ad79a00 x7 : ffff80008009793c x6 : 0000000000000014 [ 25.547383] x5 : 0000000085fe4194 x4 : 0000000000000000 x3 : ffff9267fc45a424 [ 25.548153] x2 : 0000000000000001 x1 : 0000000000000001 x0 : ffff800080087b08 [ 25.549063] Call trace: [ 25.549505] kunit_test_null_dereference+0x2c/0x114 (P) [ 25.550217] kunit_generic_run_threadfn_adapter+0x84/0x104 [ 25.550992] kthread+0x3f4/0x51c [ 25.551411] ret_from_fork+0x10/0x20 [ 25.552158] Code: d2d00015 f9426d08 f2fbfff5 f90007e8 (39c002a8) [ 25.553027] ---[ end trace 0000000000000000 ]--- Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28922499/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28922499/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28922048/suite/log-parser-boot/test/internal-error-oops-oops-smp-5aed34198771770d956480dd13297543d685fef998a9a208b17d3006518fa730/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28922048/suite/log-parser-boot/test/internal-error-oops-oops-smp-5aed34198771770d956480dd13297543d685fef998a9a208b17d3006518fa730/attachments/reproducer Boot regression: qemu-arm64, log-parser-boot/exception-warning-cpu-pid-at-libmathint_log-intlog10 Boot log: --------- ------------[ cut here ]------------ [ 25.784555] WARNING: CPU: 1 PID: 434 at lib/math/int_log.c:120 intlog10+0xc8/0x128 [ 25.785353] Modules linked in: [ 25.785608] CPU: 1 UID: 0 PID: 434 Comm: kunit_try_catch Tainted: G D W N 6.16.0-rc3 #1 PREEMPT [ 25.786119] Tainted: [D]=DIE, [W]=WARN, [N]=TEST [ 25.786367] Hardware name: linux,dummy-virt (DT) [ 25.787014] pstate: 81400009 (Nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [ 25.787462] pc : intlog10+0xc8/0x128 [ 25.787770] lr : intlog10_test+0x88/0x180 [ 25.788090] sp : ffff8000821f7cd0 [ 25.788358] x29: ffff8000821f7cf0 x28: dfff800000000000 x27: 1ffe000018f9bb95 [ 25.789024] x26: fff00000c77ec420 x25: ffff8000800878a8 x24: 0000000000000000 [ 25.789432] x23: dfff800000000000 x22: fff00000c7cde698 x21: ffff9d717095e890 [ 25.789896] x20: ffff9d716edd6b20 x19: ffff800080087b08 x18: 0000000000000002 [ 25.790384] x17: 0000000000000004 x16: 0000000000000000 x15: 0000000000000001 [ 25.790846] x14: 1ffff3ae2e3e2280 x13: 0000000000000000 x12: 0000000000000000 [ 25.791315] x11: ffff73ae2e3e2281 x10: 0000000000000017 x9 : 0000000000000007 [ 25.792105] x8 : 0000000000000000 x7 : ffff9d716edc8b20 x6 : ffff9d716edd66a0 [ 25.792668] x5 : 0000000000000001 x4 : 0000000000000001 x3 : ffff9d716c37db5c [ 25.793337] x2 : 0000000000000000 x1 : 00000000004c9837 x0 : 0000000000000000 [ 25.793935] Call trace: [ 25.794353] intlog10+0xc8/0x128 (P) [ 25.794714] intlog10_test+0x88/0x180 [ 25.794939] kunit_try_run_case+0x118/0x31c [ 25.795306] kunit_generic_run_threadfn_adapter+0x84/0x104 [ 25.795683] kthread+0x3f4/0x51c [ 25.795981] ret_from_fork+0x10/0x20 [ 25.796285] ---[ end trace 0000000000000000 ]--- Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28922499/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28922499/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28922586/suite/log-parser-boot/test/exception-warning-cpu-pid-at-libmathint_log-intlog10-82627b3954d9c0ab0d6c157e30385a70902cf0762e3ba394464100348ffb2e88/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28922586/suite/log-parser-boot/test/exception-warning-cpu-pid-at-libmathint_log-intlog10-82627b3954d9c0ab0d6c157e30385a70902cf0762e3ba394464100348ffb2e88/attachments/reproducer Boot regression: qemu-arm64, log-parser-boot/exception-warning-cpu-pid-at-libmathint_log-intlog2 Boot log: --------- ------------[ cut here ]------------ [ 25.744016] WARNING: CPU: 1 PID: 416 at lib/math/int_log.c:63 intlog2+0xb8/0x118 [ 25.746173] Modules linked in: [ 25.746617] CPU: 1 UID: 0 PID: 416 Comm: kunit_try_catch Tainted: G D N 6.16.0-rc3 #1 PREEMPT [ 25.747710] Tainted: [D]=DIE, [N]=TEST [ 25.748084] Hardware name: linux,dummy-virt (DT) [ 25.748561] pstate: 81400009 (Nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [ 25.749518] pc : intlog2+0xb8/0x118 [ 25.749958] lr : intlog2_test+0x88/0x180 [ 25.750488] sp : ffff8000821d7cd0 [ 25.750856] x29: ffff8000821d7cf0 x28: dfff800000000000 x27: 1ffe000018fa1945 [ 25.751709] x26: fff00000c7bd54a0 x25: ffff8000800878a8 x24: 0000000000000000 [ 25.752088] x23: dfff800000000000 x22: fff00000c7d0d418 x21: ffff9d717095e890 [ 25.752610] x20: ffff9d716edd6840 x19: ffff800080087b08 x18: ffff800080097940 [ 25.753582] x17: ffff80008009793c x16: 0000000000000000 x15: 0000000000000001 [ 25.754444] x14: 1ffff3ae2e3e2280 x13: 0000000000000000 x12: 0000000000000000 [ 25.755221] x11: ffff73ae2e3e2281 x10: 0000000000000017 x9 : 0000000000000007 [ 25.755998] x8 : 0000000000000000 x7 : ffff80008009794c x6 : 0000000000000014 [ 25.756771] x5 : 000000005c319f3e x4 : 0000000000000000 x3 : ffff9d716c37db5c [ 25.757437] x2 : 0000000000000000 x1 : 00000000003c3faa x0 : 0000000000000000 [ 25.757812] Call trace: [ 25.757953] intlog2+0xb8/0x118 (P) [ 25.758152] intlog2_test+0x88/0x180 [ 25.758339] kunit_try_run_case+0x118/0x31c [ 25.758797] kunit_generic_run_threadfn_adapter+0x84/0x104 [ 25.759351] kthread+0x3f4/0x51c [ 25.759741] ret_from_fork+0x10/0x20 [ 25.760208] ---[ end trace 0000000000000000 ]--- Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28922499/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28922499/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28922586/suite/log-parser-boot/test/exception-warning-cpu-pid-at-libmathint_log-intlog2-cc3c1ddd2f52152e38ac42d6899e7f82d94f3731df486bfb4820325bcba7bb70/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28922586/suite/log-parser-boot/test/exception-warning-cpu-pid-at-libmathint_log-intlog2-cc3c1ddd2f52152e38ac42d6899e7f82d94f3731df486bfb4820325bcba7bb70/attachments/reproducer Boot regression: qemu-arm64, log-parser-boot/exception-dt-test-expect-warning-all Boot log: --------- ------------[ cut here ]------------ [ 2.989407] ### dt-test ### EXPECT \ : WARNING: <> [ 2.989421] ### dt-test ### EXPECT \ : refcount_t: underflow; use-after-free. [ 2.989435] ### dt-test ### EXPECT \ : ---[ end trace <> ]--- [ 2.989452] ### dt-test ### pass of_unittest_lifecycle():3584 [ 2.989831] ------------[ cut here ]------------ [ 2.989864] refcount_t: underflow; use-after-free. [ 2.990355] WARNING: CPU: 1 PID: 1 at lib/refcount.c:28 refcount_warn_saturate+0xf4/0x148 [ 2.994069] Modules linked in: [ 2.995213] CPU: 1 UID: 0 PID: 1 Comm: swapper/0 Tainted: G N 6.16.0-rc3 #1 PREEMPT [ 2.996445] Tainted: [N]=TEST [ 2.996795] Hardware name: linux,dummy-virt (DT) [ 2.997346] pstate: 62402009 (nZCv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--) [ 2.997964] pc : refcount_warn_saturate+0xf4/0x148 [ 2.998155] lr : refcount_warn_saturate+0xf4/0x148 [ 2.998321] sp : ffff80008002bbe0 [ 2.998439] x29: ffff80008002bbe0 x28: ffffaa7de1fc4058 x27: ffffaa7de21d2e28 [ 2.998786] x26: ffffaa7de1aa8308 x25: ffffaa7de1fc4058 x24: ffffaa7de1aa8c68 [ 2.999114] x23: ffffaa7de21d2e28 x22: fff00000c170ec10 x21: ffffaa7de2ec3000 [ 2.999410] x20: ffffaa7de21d2e18 x19: fff00000c170ec90 x18: 0000000000000000 [ 2.999715] x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000 [ 3.000017] x14: 0000000000000000 x13: 00000000ffffffff x12: 0000000000000000 [ 3.000325] x11: fff00000c18d7060 x10: ffffaa7de27afca8 x9 : ffffaa7ddff53930 [ 3.000610] x8 : ffff80008002b808 x7 : 0000000000000001 x6 : ffffaa7de2730000 [ 3.001095] x5 : fff00000c02f0000 x4 : ffffaa7de27303e0 x3 : 0000000000000001 [ 3.001402] x2 : 0000000000000000 x1 : 0000000000000000 x0 : fff00000c02f0000 [ 3.001780] Call trace: [ 3.002071] refcount_warn_saturate+0xf4/0x148 (P) [ 3.002361] kobject_put+0x164/0x210 [ 3.002535] of_node_put+0x20/0x38 [ 3.002709] of_unittest+0x1f80/0x2e10 [ 3.002902] do_one_initcall+0x60/0x290 [ 3.003081] kernel_init_freeable+0x1fc/0x3d0 [ 3.003287] kernel_init+0x28/0x1f0 [ 3.003442] ret_from_fork+0x10/0x20 [ 3.003697] ---[ end trace 0000000000000000 ]--- Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28922499/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28922499/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28922459/suite/log-parser-boot/test/exception-dt-test-expect-warning-all-a8a31bc8eb1a5fea2a1e3c67240a84bf029c3cde0b15aff0b1ccbbd1bc9062af/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28922459/suite/log-parser-boot/test/exception-dt-test-expect-warning-all-a8a31bc8eb1a5fea2a1e3c67240a84bf029c3cde0b15aff0b1ccbbd1bc9062af/attachments/reproducer Boot regression: qemu-arm64, log-parser-boot/kasan-bug-kasan-double-free-in-kfree_sensitive Boot log: --------- [ 18.748109] ================================================================== [ 18.748290] BUG: KASAN: double-free in kfree_sensitive+0x3c/0xb0 [ 18.748406] Free of addr fff00000c3f158e0 by task kunit_try_catch/193 [ 18.749135] [ 18.749601] CPU: 1 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3 #1 PREEMPT [ 18.749880] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.749942] Hardware name: linux,dummy-virt (DT) [ 18.750065] Call trace: [ 18.750130] show_stack+0x20/0x38 (C) [ 18.750494] dump_stack_lvl+0x8c/0xd0 [ 18.750858] print_report+0x118/0x608 [ 18.751045] kasan_report_invalid_free+0xc0/0xe8 [ 18.751434] check_slab_allocation+0xd4/0x108 [ 18.751567] __kasan_slab_pre_free+0x2c/0x48 [ 18.751678] kfree+0xe8/0x3c8 [ 18.751771] kfree_sensitive+0x3c/0xb0 [ 18.752008] kmalloc_double_kzfree+0x168/0x308 [ 18.752221] kunit_try_run_case+0x170/0x3f0 [ 18.752764] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.753019] kthread+0x328/0x630 [ 18.753188] ret_from_fork+0x10/0x20 [ 18.753362] [ 18.753402] Allocated by task 193: [ 18.753643] kasan_save_stack+0x3c/0x68 [ 18.753956] kasan_save_track+0x20/0x40 [ 18.754121] kasan_save_alloc_info+0x40/0x58 [ 18.754220] __kasan_kmalloc+0xd4/0xd8 [ 18.754362] __kmalloc_cache_noprof+0x16c/0x3c0 [ 18.754462] kmalloc_double_kzfree+0xb8/0x308 [ 18.754553] kunit_try_run_case+0x170/0x3f0 [ 18.754631] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.755153] kthread+0x328/0x630 [ 18.755277] ret_from_fork+0x10/0x20 [ 18.755442] [ 18.755524] Freed by task 193: [ 18.755945] kasan_save_stack+0x3c/0x68 [ 18.756106] kasan_save_track+0x20/0x40 [ 18.756286] kasan_save_free_info+0x4c/0x78 [ 18.756385] __kasan_slab_free+0x6c/0x98 [ 18.756499] kfree+0x214/0x3c8 [ 18.756576] kfree_sensitive+0x80/0xb0 [ 18.756664] kmalloc_double_kzfree+0x11c/0x308 [ 18.757343] kunit_try_run_case+0x170/0x3f0 [ 18.757689] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.758050] kthread+0x328/0x630 [ 18.758166] ret_from_fork+0x10/0x20 [ 18.758350] [ 18.758404] The buggy address belongs to the object at fff00000c3f158e0 [ 18.758404] which belongs to the cache kmalloc-16 of size 16 [ 18.758545] The buggy address is located 0 bytes inside of [ 18.758545] 16-byte region [fff00000c3f158e0, fff00000c3f158f0) [ 18.758675] [ 18.759422] The buggy address belongs to the physical page: [ 18.759703] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103f15 [ 18.760332] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.760577] page_type: f5(slab) [ 18.760660] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 18.761230] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 18.761472] page dumped because: kasan: bad access detected [ 18.761544] [ 18.761618] Memory state around the buggy address: [ 18.762192] fff00000c3f15780: 00 06 fc fc 00 06 fc fc 00 02 fc fc 00 06 fc fc [ 18.762520] fff00000c3f15800: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 18.763033] >fff00000c3f15880: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 18.763151] ^ [ 18.763403] fff00000c3f15900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.763945] fff00000c3f15980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.765456] ================================================================== Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28922499/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28922499/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28922269/suite/log-parser-boot/test/kasan-bug-kasan-double-free-in-kfree_sensitive-9578456858e11274bd23810727f7185091147c4e7f9b1a7f51d41bfcddfa528d/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28922269/suite/log-parser-boot/test/kasan-bug-kasan-double-free-in-kfree_sensitive-9578456858e11274bd23810727f7185091147c4e7f9b1a7f51d41bfcddfa528d/attachments/reproducer Boot regression: qemu-arm64, log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kasan_atomics_helper Boot log: --------- [ 21.010108] ================================================================== [ 21.010192] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3dcc/0x4858 [ 21.010678] Read of size 4 at addr fff00000c40122b0 by task kunit_try_catch/266 [ 21.010977] [ 21.011161] CPU: 0 UID: 0 PID: 266 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3 #1 PREEMPT [ 21.011253] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.011679] Hardware name: linux,dummy-virt (DT) [ 21.011956] Call trace: [ 21.012002] show_stack+0x20/0x38 (C) [ 21.012072] dump_stack_lvl+0x8c/0xd0 [ 21.012379] print_report+0x118/0x608 [ 21.012498] kasan_report+0xdc/0x128 [ 21.012601] __asan_report_load4_noabort+0x20/0x30 [ 21.012773] kasan_atomics_helper+0x3dcc/0x4858 [ 21.012849] kasan_atomics+0x198/0x2e0 [ 21.013096] kunit_try_run_case+0x170/0x3f0 [ 21.013161] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.013376] kthread+0x328/0x630 [ 21.013436] ret_from_fork+0x10/0x20 [ 21.013627] [ 21.013694] Allocated by task 266: [ 21.013735] kasan_save_stack+0x3c/0x68 [ 21.014183] kasan_save_track+0x20/0x40 [ 21.014264] kasan_save_alloc_info+0x40/0x58 [ 21.014311] __kasan_kmalloc+0xd4/0xd8 [ 21.014352] __kmalloc_cache_noprof+0x16c/0x3c0 [ 21.014596] kasan_atomics+0xb8/0x2e0 [ 21.014782] kunit_try_run_case+0x170/0x3f0 [ 21.014940] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.015017] kthread+0x328/0x630 [ 21.015207] ret_from_fork+0x10/0x20 [ 21.015410] [ 21.015448] The buggy address belongs to the object at fff00000c4012280 [ 21.015448] which belongs to the cache kmalloc-64 of size 64 [ 21.015514] The buggy address is located 0 bytes to the right of [ 21.015514] allocated 48-byte region [fff00000c4012280, fff00000c40122b0) [ 21.015909] [ 21.016107] The buggy address belongs to the physical page: [ 21.016173] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104012 [ 21.016301] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.016361] page_type: f5(slab) [ 21.016410] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 21.016599] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 21.016667] page dumped because: kasan: bad access detected [ 21.016846] [ 21.017008] fff00000c4012180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 21.017165] ^ [ 21.020256] [ 21.020490] CPU: 0 UID: 0 PID: 266 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3 #1 PREEMPT [ 21.023858] __kmalloc_cache_noprof+0x16c/0x3c0 [ 21.023912] kasan_atomics+0xb8/0x2e0 [ 21.024941] [ 21.025274] [ 21.025778] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.026370] page dumped because: kasan: bad access detected [ 21.027173] >fff00000c4012280: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 21.027693] ================================================================== Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28922499/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28922499/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28922269/suite/log-parser-boot/test/kasan-bug-kasan-slab-out-of-bounds-in-kasan_atomics_helper-51fbef6d27aae5f9257aaf8d05245139d0c23926f1de04b2c035ffa16a5da906/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28922269/suite/log-parser-boot/test/kasan-bug-kasan-slab-out-of-bounds-in-kasan_atomics_helper-51fbef6d27aae5f9257aaf8d05245139d0c23926f1de04b2c035ffa16a5da906/attachments/reproducer Boot regression: qemu-arm64, log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-memcmp Boot log: --------- [ 20.653906] ================================================================== [ 20.654110] BUG: KASAN: slab-out-of-bounds in memcmp+0x198/0x1d8 [ 20.654231] Read of size 1 at addr fff00000c4010118 by task kunit_try_catch/258 [ 20.654288] [ 20.654464] CPU: 0 UID: 0 PID: 258 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3 #1 PREEMPT [ 20.654599] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.654645] Hardware name: linux,dummy-virt (DT) [ 20.654688] Call trace: [ 20.654753] show_stack+0x20/0x38 (C) [ 20.654854] dump_stack_lvl+0x8c/0xd0 [ 20.654913] print_report+0x118/0x608 [ 20.654973] kasan_report+0xdc/0x128 [ 20.655151] __asan_report_load1_noabort+0x20/0x30 [ 20.655245] memcmp+0x198/0x1d8 [ 20.655293] kasan_memcmp+0x16c/0x300 [ 20.655350] kunit_try_run_case+0x170/0x3f0 [ 20.655448] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.655552] kthread+0x328/0x630 [ 20.655609] ret_from_fork+0x10/0x20 [ 20.655665] [ 20.655842] Allocated by task 258: [ 20.655931] kasan_save_stack+0x3c/0x68 [ 20.656023] kasan_save_track+0x20/0x40 [ 20.656074] kasan_save_alloc_info+0x40/0x58 [ 20.656142] __kasan_kmalloc+0xd4/0xd8 [ 20.656199] __kmalloc_cache_noprof+0x16c/0x3c0 [ 20.656246] kasan_memcmp+0xbc/0x300 [ 20.656284] kunit_try_run_case+0x170/0x3f0 [ 20.656323] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.656495] kthread+0x328/0x630 [ 20.656556] ret_from_fork+0x10/0x20 [ 20.656603] [ 20.656829] The buggy address belongs to the object at fff00000c4010100 [ 20.656829] which belongs to the cache kmalloc-32 of size 32 [ 20.656911] The buggy address is located 0 bytes to the right of [ 20.656911] allocated 24-byte region [fff00000c4010100, fff00000c4010118) [ 20.657065] [ 20.657115] The buggy address belongs to the physical page: [ 20.657162] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104010 [ 20.657231] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.657294] page_type: f5(slab) [ 20.657343] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000 [ 20.657402] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 20.657480] page dumped because: kasan: bad access detected [ 20.657763] [ 20.657902] Memory state around the buggy address: [ 20.658051] fff00000c4010000: 00 00 00 fc fc fc fc fc 00 00 00 04 fc fc fc fc [ 20.658254] fff00000c4010080: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 20.658382] >fff00000c4010100: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.658458] ^ [ 20.658683] fff00000c4010180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.658735] fff00000c4010200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.658778] ================================================================== Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28922499/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28922499/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28922269/suite/log-parser-boot/test/kasan-bug-kasan-slab-out-of-bounds-in-memcmp-341b467defc9bed45c51b24a8d4cbd0ae0163bcb4b89301225d3efd60c9f91a7/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28922269/suite/log-parser-boot/test/kasan-bug-kasan-slab-out-of-bounds-in-memcmp-341b467defc9bed45c51b24a8d4cbd0ae0163bcb4b89301225d3efd60c9f91a7/attachments/reproducer Boot regression: qemu-arm64, log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kasan_strings Boot log: --------- [ 20.692496] ================================================================== [ 20.692577] BUG: KASAN: slab-use-after-free in kasan_strings+0x95c/0xb00 [ 20.692789] Read of size 1 at addr fff00000c40102d0 by task kunit_try_catch/260 [ 20.692871] [ 20.692950] CPU: 0 UID: 0 PID: 260 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3 #1 PREEMPT [ 20.693167] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.693358] Hardware name: linux,dummy-virt (DT) [ 20.693594] Call trace: [ 20.693632] show_stack+0x20/0x38 (C) [ 20.693733] dump_stack_lvl+0x8c/0xd0 [ 20.693790] print_report+0x118/0x608 [ 20.693942] kasan_report+0xdc/0x128 [ 20.694033] __asan_report_load1_noabort+0x20/0x30 [ 20.694119] kasan_strings+0x95c/0xb00 [ 20.694179] kunit_try_run_case+0x170/0x3f0 [ 20.694230] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.694283] kthread+0x328/0x630 [ 20.694328] ret_from_fork+0x10/0x20 [ 20.694419] [ 20.694470] Allocated by task 260: [ 20.694506] kasan_save_stack+0x3c/0x68 [ 20.694558] kasan_save_track+0x20/0x40 [ 20.694621] kasan_save_alloc_info+0x40/0x58 [ 20.694724] __kasan_kmalloc+0xd4/0xd8 [ 20.694771] __kmalloc_cache_noprof+0x16c/0x3c0 [ 20.694823] kasan_strings+0xc8/0xb00 [ 20.694864] kunit_try_run_case+0x170/0x3f0 [ 20.694906] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.694957] kthread+0x328/0x630 [ 20.695049] ret_from_fork+0x10/0x20 [ 20.695116] [ 20.695154] Freed by task 260: [ 20.695186] kasan_save_stack+0x3c/0x68 [ 20.695288] kasan_save_track+0x20/0x40 [ 20.695349] kasan_save_free_info+0x4c/0x78 [ 20.695394] __kasan_slab_free+0x6c/0x98 [ 20.695436] kfree+0x214/0x3c8 [ 20.695473] kasan_strings+0x24c/0xb00 [ 20.695513] kunit_try_run_case+0x170/0x3f0 [ 20.695554] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.695627] kthread+0x328/0x630 [ 20.695664] ret_from_fork+0x10/0x20 [ 20.695704] [ 20.695728] The buggy address belongs to the object at fff00000c40102c0 [ 20.695728] which belongs to the cache kmalloc-32 of size 32 [ 20.695791] The buggy address is located 16 bytes inside of [ 20.695791] freed 32-byte region [fff00000c40102c0, fff00000c40102e0) [ 20.695867] [ 20.695893] The buggy address belongs to the physical page: [ 20.696504] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104010 [ 20.696822] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.696911] page_type: f5(slab) [ 20.696965] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000 [ 20.697136] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 20.697195] page dumped because: kasan: bad access detected [ 20.697322] [ 20.697349] Memory state around the buggy address: [ 20.697389] fff00000c4010180: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 20.697496] fff00000c4010200: 00 00 00 fc fc fc fc fc 00 00 07 fc fc fc fc fc [ 20.697576] >fff00000c4010280: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 20.697831] ^ [ 20.697883] fff00000c4010300: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 20.698190] fff00000c4010380: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 20.698449] ================================================================== Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28922499/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28922499/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28922269/suite/log-parser-boot/test/kasan-bug-kasan-slab-use-after-free-in-kasan_strings-3ace6aed6039e6e38dfe946c8103ffacdee6c7a8df06d6e160a31014e245b46c/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28922269/suite/log-parser-boot/test/kasan-bug-kasan-slab-use-after-free-in-kasan_strings-3ace6aed6039e6e38dfe946c8103ffacdee6c7a8df06d6e160a31014e245b46c/attachments/reproducer Boot regression: qemu-arm64, log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-workqueue_uaf Boot log: --------- [ 19.105463] ================================================================== [ 19.105658] BUG: KASAN: slab-use-after-free in workqueue_uaf+0x480/0x4a8 [ 19.105747] Read of size 8 at addr fff00000c779df80 by task kunit_try_catch/201 [ 19.105811] [ 19.105858] CPU: 1 UID: 0 PID: 201 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3 #1 PREEMPT [ 19.105976] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.106074] Hardware name: linux,dummy-virt (DT) [ 19.106130] Call trace: [ 19.106161] show_stack+0x20/0x38 (C) [ 19.106268] dump_stack_lvl+0x8c/0xd0 [ 19.106326] print_report+0x118/0x608 [ 19.106617] kasan_report+0xdc/0x128 [ 19.106706] __asan_report_load8_noabort+0x20/0x30 [ 19.106773] workqueue_uaf+0x480/0x4a8 [ 19.106865] kunit_try_run_case+0x170/0x3f0 [ 19.106914] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.107006] kthread+0x328/0x630 [ 19.107092] ret_from_fork+0x10/0x20 [ 19.107190] [ 19.107236] Allocated by task 201: [ 19.107270] kasan_save_stack+0x3c/0x68 [ 19.107315] kasan_save_track+0x20/0x40 [ 19.107353] kasan_save_alloc_info+0x40/0x58 [ 19.107392] __kasan_kmalloc+0xd4/0xd8 [ 19.107435] __kmalloc_cache_noprof+0x16c/0x3c0 [ 19.107522] workqueue_uaf+0x13c/0x4a8 [ 19.107563] kunit_try_run_case+0x170/0x3f0 [ 19.107601] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.107643] kthread+0x328/0x630 [ 19.107676] ret_from_fork+0x10/0x20 [ 19.107711] [ 19.107732] Freed by task 47: [ 19.107758] kasan_save_stack+0x3c/0x68 [ 19.107795] kasan_save_track+0x20/0x40 [ 19.107847] kasan_save_free_info+0x4c/0x78 [ 19.107886] __kasan_slab_free+0x6c/0x98 [ 19.107921] kfree+0x214/0x3c8 [ 19.107952] workqueue_uaf_work+0x18/0x30 [ 19.107988] process_one_work+0x530/0xf98 [ 19.108024] worker_thread+0x618/0xf38 [ 19.108059] kthread+0x328/0x630 [ 19.108089] ret_from_fork+0x10/0x20 [ 19.108126] [ 19.108158] Last potentially related work creation: [ 19.108203] kasan_save_stack+0x3c/0x68 [ 19.108248] kasan_record_aux_stack+0xb4/0xc8 [ 19.108290] __queue_work+0x65c/0x1008 [ 19.108326] queue_work_on+0xbc/0xf8 [ 19.108363] workqueue_uaf+0x210/0x4a8 [ 19.108399] kunit_try_run_case+0x170/0x3f0 [ 19.108437] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.108480] kthread+0x328/0x630 [ 19.108514] ret_from_fork+0x10/0x20 [ 19.108555] [ 19.108581] The buggy address belongs to the object at fff00000c779df80 [ 19.108581] which belongs to the cache kmalloc-32 of size 32 [ 19.108684] The buggy address is located 0 bytes inside of [ 19.108684] freed 32-byte region [fff00000c779df80, fff00000c779dfa0) [ 19.108776] [ 19.108807] The buggy address belongs to the physical page: [ 19.108846] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10779d [ 19.108907] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.108963] page_type: f5(slab) [ 19.109008] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000 [ 19.109060] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 19.109102] page dumped because: kasan: bad access detected [ 19.109272] [ 19.109296] Memory state around the buggy address: [ 19.109332] fff00000c779de80: 00 00 07 fc fc fc fc fc 00 00 07 fc fc fc fc fc [ 19.109379] fff00000c779df00: 00 00 00 fc fc fc fc fc 00 00 00 07 fc fc fc fc [ 19.109433] >fff00000c779df80: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 19.109472] ^ [ 19.109502] fff00000c779e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.109544] fff00000c779e080: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc [ 19.109582] ================================================================== Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28922499/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28922499/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28922269/suite/log-parser-boot/test/kasan-bug-kasan-slab-use-after-free-in-workqueue_uaf-6ea227cc10a9ee3b1937105567bb85656e7cc5e6a922592167fddcfd9566157c/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28922269/suite/log-parser-boot/test/kasan-bug-kasan-slab-use-after-free-in-workqueue_uaf-6ea227cc10a9ee3b1937105567bb85656e7cc5e6a922592167fddcfd9566157c/attachments/reproducer Boot regression: qemu-arm64, log-parser-boot/kfence-bug-kfence-use-after-free-read-in-rcu_uaf_reclaim Boot log: --------- [ 19.078220] ================================================================== [ 19.078393] BUG: KFENCE: use-after-free read in rcu_uaf_reclaim+0x48/0x70 [ 19.078393] [ 19.078495] Use-after-free read at 0x00000000ce349486 (in kfence-#81): [ 19.078687] rcu_uaf_reclaim+0x48/0x70 [ 19.078734] rcu_core+0x9f4/0x1e20 [ 19.078777] rcu_core_si+0x18/0x30 [ 19.079277] handle_softirqs+0x374/0xb28 [ 19.079331] __do_softirq+0x1c/0x28 [ 19.079477] ____do_softirq+0x18/0x30 [ 19.079535] call_on_irq_stack+0x24/0x30 [ 19.079576] do_softirq_own_stack+0x24/0x38 [ 19.079613] __irq_exit_rcu+0x1fc/0x318 [ 19.079651] irq_exit_rcu+0x1c/0x80 [ 19.079684] el1_interrupt+0x38/0x58 [ 19.079848] el1h_64_irq_handler+0x18/0x28 [ 19.079914] el1h_64_irq+0x6c/0x70 [ 19.080010] arch_local_irq_enable+0x4/0x8 [ 19.080203] do_idle+0x384/0x4e8 [ 19.080248] cpu_startup_entry+0x64/0x80 [ 19.080681] secondary_start_kernel+0x288/0x340 [ 19.080775] __secondary_switched+0xc0/0xc8 [ 19.080862] [ 19.081142] kfence-#81: 0x00000000ce349486-0x00000000de1cdfab, size=24, cache=kmalloc-32 [ 19.081142] [ 19.081725] allocated by task 199 on cpu 1 at 18.918320s (0.163328s ago): [ 19.082287] rcu_uaf+0xb0/0x2d8 [ 19.082388] kunit_try_run_case+0x170/0x3f0 [ 19.082434] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.082489] kthread+0x328/0x630 [ 19.082532] ret_from_fork+0x10/0x20 [ 19.082653] [ 19.082864] freed by task 0 on cpu 1 at 19.076895s (0.005837s ago): [ 19.083028] rcu_uaf_reclaim+0x28/0x70 [ 19.083071] rcu_core+0x9f4/0x1e20 [ 19.083109] rcu_core_si+0x18/0x30 [ 19.083176] handle_softirqs+0x374/0xb28 [ 19.083216] __do_softirq+0x1c/0x28 [ 19.083273] ____do_softirq+0x18/0x30 [ 19.083359] call_on_irq_stack+0x24/0x30 [ 19.083397] do_softirq_own_stack+0x24/0x38 [ 19.083435] __irq_exit_rcu+0x1fc/0x318 [ 19.083472] irq_exit_rcu+0x1c/0x80 [ 19.083505] el1_interrupt+0x38/0x58 [ 19.083543] el1h_64_irq_handler+0x18/0x28 [ 19.083612] el1h_64_irq+0x6c/0x70 [ 19.083651] arch_local_irq_enable+0x4/0x8 [ 19.083697] do_idle+0x384/0x4e8 [ 19.083763] cpu_startup_entry+0x64/0x80 [ 19.083995] secondary_start_kernel+0x288/0x340 [ 19.084038] __secondary_switched+0xc0/0xc8 [ 19.084147] [ 19.085574] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G B N 6.16.0-rc3 #1 PREEMPT [ 19.086057] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.086374] Hardware name: linux,dummy-virt (DT) [ 19.086677] ================================================================== Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28922499/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28922499/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28922269/suite/log-parser-boot/test/kfence-bug-kfence-use-after-free-read-in-rcu_uaf_reclaim-2a34178bfd6e6d479c04f410a378cf611732f2e44d1110495ad0b11c2ef80ca9/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28922269/suite/log-parser-boot/test/kfence-bug-kfence-use-after-free-read-in-rcu_uaf_reclaim-2a34178bfd6e6d479c04f410a378cf611732f2e44d1110495ad0b11c2ef80ca9/attachments/reproducer Boot regression: qemu-x86_64, log-parser-boot/exception-warning-cpu-pid-at-driversgpudrmdrm_connector-drm_connector_dynamic_register Boot log: --------- ------------[ cut here ]------------ [ 148.031194] WARNING: CPU: 1 PID: 1983 at drivers/gpu/drm/drm_connector.c:861 drm_connector_dynamic_register+0xbf/0x110 [ 148.032536] Modules linked in: [ 148.032893] CPU: 1 UID: 0 PID: 1983 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc3 #1 PREEMPT(voluntary) [ 148.033976] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 148.034323] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 148.035161] RIP: 0010:drm_connector_dynamic_register+0xbf/0x110 [ 148.035694] Code: 49 8d 7c 24 60 48 89 fa 48 c1 ea 03 0f b6 04 02 84 c0 74 02 7e 36 31 c0 41 80 7c 24 60 00 75 1b 5b 41 5c 5d c3 cc cc cc cc 90 <0f> 0b 90 b8 ea ff ff ff 5b 41 5c 5d c3 cc cc cc cc 48 89 df e8 68 [ 148.036914] RSP: 0000:ffff888108c87c90 EFLAGS: 00010246 [ 148.037296] RAX: dffffc0000000000 RBX: ffff888108e04000 RCX: 0000000000000000 [ 148.037760] RDX: 1ffff110211c0832 RSI: ffffffffb3205768 RDI: ffff888108e04190 [ 148.038494] RBP: ffff888108c87ca0 R08: 1ffff11020073f69 R09: ffffed1021190f65 [ 148.039000] R10: 0000000000000003 R11: ffffffffb2787188 R12: 0000000000000000 [ 148.039642] R13: ffff888108c87d38 R14: ffff88810039fc50 R15: ffff88810039fc58 [ 148.039892] FS: 0000000000000000(0000) GS:ffff8881a3174000(0000) knlGS:0000000000000000 [ 148.040772] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 148.041168] CR2: 00007ffff7ffe000 CR3: 00000001278bc000 CR4: 00000000000006f0 [ 148.041700] DR0: ffffffffb8050444 DR1: ffffffffb8050449 DR2: ffffffffb805044a [ 148.042092] DR3: ffffffffb805044b DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 148.042920] Call Trace: [ 148.043090] [ 148.043249] drm_test_drm_connector_dynamic_register_no_init+0x104/0x290 [ 148.043603] ? __pfx_drm_test_drm_connector_dynamic_register_no_init+0x10/0x10 [ 148.044091] ? irqentry_exit+0x2a/0x60 [ 148.044303] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 148.044680] ? __pfx_read_tsc+0x10/0x10 [ 148.044906] ? ktime_get_ts64+0x86/0x230 [ 148.045231] kunit_try_run_case+0x1a5/0x480 [ 148.045616] ? __pfx_kunit_try_run_case+0x10/0x10 [ 148.046027] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 148.046357] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 148.046808] ? __kthread_parkme+0x82/0x180 [ 148.047038] ? preempt_count_sub+0x50/0x80 [ 148.047234] ? __pfx_kunit_try_run_case+0x10/0x10 [ 148.047660] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 148.048228] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 148.049037] kthread+0x337/0x6f0 [ 148.049320] ? trace_preempt_on+0x20/0xc0 [ 148.050089] ? __pfx_kthread+0x10/0x10 [ 148.050924] ? _raw_spin_unlock_irq+0x47/0x80 [ 148.051112] ? calculate_sigpending+0x7b/0xa0 [ 148.051461] ? __pfx_kthread+0x10/0x10 [ 148.051697] ret_from_fork+0x116/0x1d0 [ 148.053092] ? __pfx_kthread+0x10/0x10 [ 148.054080] ret_from_fork_asm+0x1a/0x30 [ 148.055013] [ 148.055950] ---[ end trace 0000000000000000 ]--- Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28921022/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28921022/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28921560/suite/log-parser-boot/test/exception-warning-cpu-pid-at-driversgpudrmdrm_connector-drm_connector_dynamic_register-7ef48b8084e5dd17b3177319e9865759418751f6347add968f0e90adca52bda5/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28921560/suite/log-parser-boot/test/exception-warning-cpu-pid-at-driversgpudrmdrm_connector-drm_connector_dynamic_register-7ef48b8084e5dd17b3177319e9865759418751f6347add968f0e90adca52bda5/attachments/reproducer Boot regression: qemu-x86_64, log-parser-boot/kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_left Boot log: --------- [ 16.378537] ================================================================== [ 16.379094] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_left+0x320/0x380 [ 16.379810] Read of size 1 at addr ffff888103a37c3f by task kunit_try_catch/268 [ 16.380057] [ 16.380147] CPU: 0 UID: 0 PID: 268 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3 #1 PREEMPT(voluntary) [ 16.380203] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.380219] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.380244] Call Trace: [ 16.380262] [ 16.380285] dump_stack_lvl+0x73/0xb0 [ 16.380323] print_report+0xd1/0x650 [ 16.380348] ? __virt_addr_valid+0x1db/0x2d0 [ 16.380395] ? kasan_alloca_oob_left+0x320/0x380 [ 16.380417] ? kasan_addr_to_slab+0x11/0xa0 [ 16.380437] ? kasan_alloca_oob_left+0x320/0x380 [ 16.380459] kasan_report+0x141/0x180 [ 16.380482] ? kasan_alloca_oob_left+0x320/0x380 [ 16.380510] __asan_report_load1_noabort+0x18/0x20 [ 16.380538] kasan_alloca_oob_left+0x320/0x380 [ 16.380560] ? __kasan_check_write+0x18/0x20 [ 16.380581] ? __pfx_sched_clock_cpu+0x10/0x10 [ 16.380607] ? finish_task_switch.isra.0+0x153/0x700 [ 16.380631] ? out_of_line_wait_on_bit_timeout+0x7e/0x190 [ 16.380657] ? trace_hardirqs_on+0x37/0xe0 [ 16.380685] ? __pfx_kasan_alloca_oob_left+0x10/0x10 [ 16.380710] ? __schedule+0x10cc/0x2b60 [ 16.380732] ? __pfx_read_tsc+0x10/0x10 [ 16.380758] ? ktime_get_ts64+0x86/0x230 [ 16.380784] kunit_try_run_case+0x1a5/0x480 [ 16.380811] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.380904] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.380992] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.381020] ? __kthread_parkme+0x82/0x180 [ 16.381046] ? preempt_count_sub+0x50/0x80 [ 16.381070] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.381097] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.381124] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.381148] kthread+0x337/0x6f0 [ 16.381170] ? trace_preempt_on+0x20/0xc0 [ 16.381192] ? __pfx_kthread+0x10/0x10 [ 16.381212] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.381233] ? calculate_sigpending+0x7b/0xa0 [ 16.381258] ? __pfx_kthread+0x10/0x10 [ 16.381278] ret_from_fork+0x116/0x1d0 [ 16.381297] ? __pfx_kthread+0x10/0x10 [ 16.381317] ret_from_fork_asm+0x1a/0x30 [ 16.381350] [ 16.381388] [ 16.390633] The buggy address belongs to stack of task kunit_try_catch/268 [ 16.391105] [ 16.391211] The buggy address belongs to the physical page: [ 16.391695] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a37 [ 16.391869] flags: 0x200000000000000(node=0|zone=2) [ 16.392042] raw: 0200000000000000 ffffea00040e8dc8 ffffea00040e8dc8 0000000000000000 [ 16.392562] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 16.393086] page dumped because: kasan: bad access detected [ 16.393391] [ 16.393448] Memory state around the buggy address: [ 16.393558] ffff888103a37b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.394002] ffff888103a37b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.394657] >ffff888103a37c00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 16.395801] ^ [ 16.396059] ffff888103a37c80: 00 00 00 f1 f1 f1 f1 01 f2 04 f2 00 f2 f2 f2 00 [ 16.396461] ffff888103a37d00: 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 16.396923] ================================================================== Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28921022/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28921022/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28921560/suite/log-parser-boot/test/kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_left-522a42bd4683847268588f630d8fa5e8a5c835a096001045eb6315722489c157/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28921560/suite/log-parser-boot/test/kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_left-522a42bd4683847268588f630d8fa5e8a5c835a096001045eb6315722489c157/attachments/reproducer Boot regression: qemu-x86_64, log-parser-boot/kasan-bug-kasan-invalid-free-in-mempool_kmalloc_invalid_free_helper Boot log: --------- [ 16.249868] ================================================================== [ 16.250363] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 16.251272] Free of addr ffff888103929101 by task kunit_try_catch/258 [ 16.251559] [ 16.251824] CPU: 0 UID: 0 PID: 258 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3 #1 PREEMPT(voluntary) [ 16.251916] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.251940] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.252320] Call Trace: [ 16.252343] [ 16.252393] dump_stack_lvl+0x73/0xb0 [ 16.252458] print_report+0xd1/0x650 [ 16.252505] ? __virt_addr_valid+0x1db/0x2d0 [ 16.252552] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.252589] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 16.252628] kasan_report_invalid_free+0x10a/0x130 [ 16.252663] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 16.252700] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 16.252735] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 16.252761] check_slab_allocation+0x11f/0x130 [ 16.252783] __kasan_mempool_poison_object+0x91/0x1d0 [ 16.252807] mempool_free+0x2ec/0x380 [ 16.252853] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 16.252881] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 16.252906] ? __kasan_check_write+0x18/0x20 [ 16.252925] ? __pfx_sched_clock_cpu+0x10/0x10 [ 16.252945] ? irqentry_exit+0x2a/0x60 [ 16.252967] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 16.252991] mempool_kmalloc_invalid_free+0xed/0x140 [ 16.253014] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 16.253039] ? __pfx_mempool_kmalloc+0x10/0x10 [ 16.253061] ? __pfx_mempool_kfree+0x10/0x10 [ 16.253084] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 16.253108] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 16.253133] kunit_try_run_case+0x1a5/0x480 [ 16.253158] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.253179] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.253202] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.253223] ? __kthread_parkme+0x82/0x180 [ 16.253243] ? preempt_count_sub+0x50/0x80 [ 16.253265] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.253288] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.253309] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.253331] kthread+0x337/0x6f0 [ 16.253348] ? trace_preempt_on+0x20/0xc0 [ 16.253401] ? __pfx_kthread+0x10/0x10 [ 16.253433] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.253464] ? calculate_sigpending+0x7b/0xa0 [ 16.253500] ? __pfx_kthread+0x10/0x10 [ 16.253527] ret_from_fork+0x116/0x1d0 [ 16.253547] ? __pfx_kthread+0x10/0x10 [ 16.253568] ret_from_fork_asm+0x1a/0x30 [ 16.253598] [ 16.253612] [ 16.267866] Allocated by task 258: [ 16.268276] kasan_save_stack+0x45/0x70 [ 16.268635] kasan_save_track+0x18/0x40 [ 16.268817] kasan_save_alloc_info+0x3b/0x50 [ 16.269006] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 16.269770] remove_element+0x11e/0x190 [ 16.270133] mempool_alloc_preallocated+0x4d/0x90 [ 16.270712] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 16.271003] mempool_kmalloc_invalid_free+0xed/0x140 [ 16.271206] kunit_try_run_case+0x1a5/0x480 [ 16.271400] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.271597] kthread+0x337/0x6f0 [ 16.271986] ret_from_fork+0x116/0x1d0 [ 16.272498] ret_from_fork_asm+0x1a/0x30 [ 16.272828] [ 16.272994] The buggy address belongs to the object at ffff888103929100 [ 16.272994] which belongs to the cache kmalloc-128 of size 128 [ 16.274141] The buggy address is located 1 bytes inside of [ 16.274141] 128-byte region [ffff888103929100, ffff888103929180) [ 16.274753] [ 16.274900] The buggy address belongs to the physical page: [ 16.275315] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103929 [ 16.275889] flags: 0x200000000000000(node=0|zone=2) [ 16.276571] page_type: f5(slab) [ 16.276909] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.277202] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.277600] page dumped because: kasan: bad access detected [ 16.278196] [ 16.278412] Memory state around the buggy address: [ 16.278744] ffff888103929000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.279326] ffff888103929080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.279988] >ffff888103929100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.280246] ^ [ 16.280412] ffff888103929180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.280659] ffff888103929200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.280901] ================================================================== Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28921022/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28921022/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28921560/suite/log-parser-boot/test/kasan-bug-kasan-invalid-free-in-mempool_kmalloc_invalid_free_helper-c039156cca61b3880e4751bf6e42815a87ad64a7741e347783e5e5ec2c220eb8/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28921560/suite/log-parser-boot/test/kasan-bug-kasan-invalid-free-in-mempool_kmalloc_invalid_free_helper-c039156cca61b3880e4751bf6e42815a87ad64a7741e347783e5e5ec2c220eb8/attachments/reproducer Boot regression: qemu-x86_64, log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_big_oob_right Boot log: --------- [ 13.623704] ================================================================== [ 13.624190] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x316/0x370 [ 13.625328] Write of size 1 at addr ffff888102aedf00 by task kunit_try_catch/161 [ 13.626646] [ 13.626794] CPU: 0 UID: 0 PID: 161 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3 #1 PREEMPT(voluntary) [ 13.626869] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.626882] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.626917] Call Trace: [ 13.626941] [ 13.626974] dump_stack_lvl+0x73/0xb0 [ 13.627035] print_report+0xd1/0x650 [ 13.627075] ? __virt_addr_valid+0x1db/0x2d0 [ 13.627252] ? kmalloc_big_oob_right+0x316/0x370 [ 13.627282] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.627305] ? kmalloc_big_oob_right+0x316/0x370 [ 13.627326] kasan_report+0x141/0x180 [ 13.627348] ? kmalloc_big_oob_right+0x316/0x370 [ 13.627547] __asan_report_store1_noabort+0x1b/0x30 [ 13.627574] kmalloc_big_oob_right+0x316/0x370 [ 13.627597] ? __pfx_kmalloc_big_oob_right+0x10/0x10 [ 13.627621] ? __pfx_kmalloc_big_oob_right+0x10/0x10 [ 13.627646] kunit_try_run_case+0x1a5/0x480 [ 13.627670] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.627692] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.627715] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.627737] ? __kthread_parkme+0x82/0x180 [ 13.627757] ? preempt_count_sub+0x50/0x80 [ 13.627781] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.627803] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.627829] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.627861] kthread+0x337/0x6f0 [ 13.627879] ? trace_preempt_on+0x20/0xc0 [ 13.627902] ? __pfx_kthread+0x10/0x10 [ 13.627921] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.627941] ? calculate_sigpending+0x7b/0xa0 [ 13.627964] ? __pfx_kthread+0x10/0x10 [ 13.627984] ret_from_fork+0x116/0x1d0 [ 13.628002] ? __pfx_kthread+0x10/0x10 [ 13.628022] ret_from_fork_asm+0x1a/0x30 [ 13.628052] [ 13.628064] [ 13.640249] Allocated by task 161: [ 13.640457] kasan_save_stack+0x45/0x70 [ 13.640806] kasan_save_track+0x18/0x40 [ 13.641102] kasan_save_alloc_info+0x3b/0x50 [ 13.641440] __kasan_kmalloc+0xb7/0xc0 [ 13.641727] __kmalloc_cache_noprof+0x189/0x420 [ 13.642069] kmalloc_big_oob_right+0xa9/0x370 [ 13.643526] kunit_try_run_case+0x1a5/0x480 [ 13.644389] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.644787] kthread+0x337/0x6f0 [ 13.644981] ret_from_fork+0x116/0x1d0 [ 13.645703] ret_from_fork_asm+0x1a/0x30 [ 13.646299] [ 13.646600] The buggy address belongs to the object at ffff888102aec000 [ 13.646600] which belongs to the cache kmalloc-8k of size 8192 [ 13.647375] The buggy address is located 0 bytes to the right of [ 13.647375] allocated 7936-byte region [ffff888102aec000, ffff888102aedf00) [ 13.648716] [ 13.648880] The buggy address belongs to the physical page: [ 13.649080] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ae8 [ 13.649751] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.650784] flags: 0x200000000000040(head|node=0|zone=2) [ 13.651107] page_type: f5(slab) [ 13.651292] raw: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000 [ 13.652374] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 13.652753] head: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000 [ 13.653606] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 13.653967] head: 0200000000000003 ffffea00040aba01 00000000ffffffff 00000000ffffffff [ 13.654791] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 13.655119] page dumped because: kasan: bad access detected [ 13.655472] [ 13.656170] Memory state around the buggy address: [ 13.656379] ffff888102aede00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.656777] ffff888102aede80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.657658] >ffff888102aedf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.658124] ^ [ 13.658751] ffff888102aedf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.659453] ffff888102aee000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.659853] ================================================================== Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28921022/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28921022/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28921560/suite/log-parser-boot/test/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_big_oob_right-31b80fd9df9502df4e358a9500c0cc1b1e6ce6f38b5fc14dfb5bb26ea2498d71/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28921560/suite/log-parser-boot/test/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_big_oob_right-31b80fd9df9502df4e358a9500c0cc1b1e6ce6f38b5fc14dfb5bb26ea2498d71/attachments/reproducer Boot regression: qemu-x86_64, log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_node_oob_right Boot log: --------- [ 13.494982] ================================================================== [ 13.495570] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x369/0x3c0 [ 13.497140] Read of size 1 at addr ffff88810289f000 by task kunit_try_catch/157 [ 13.497820] [ 13.498275] CPU: 0 UID: 0 PID: 157 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3 #1 PREEMPT(voluntary) [ 13.498447] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.498471] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.498508] Call Trace: [ 13.498535] [ 13.498560] dump_stack_lvl+0x73/0xb0 [ 13.498603] print_report+0xd1/0x650 [ 13.498628] ? __virt_addr_valid+0x1db/0x2d0 [ 13.498652] ? kmalloc_node_oob_right+0x369/0x3c0 [ 13.498677] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.498700] ? kmalloc_node_oob_right+0x369/0x3c0 [ 13.498724] kasan_report+0x141/0x180 [ 13.498747] ? kmalloc_node_oob_right+0x369/0x3c0 [ 13.498776] __asan_report_load1_noabort+0x18/0x20 [ 13.498801] kmalloc_node_oob_right+0x369/0x3c0 [ 13.498833] ? __pfx_kmalloc_node_oob_right+0x10/0x10 [ 13.498869] ? __schedule+0x10cc/0x2b60 [ 13.498892] ? __pfx_read_tsc+0x10/0x10 [ 13.498914] ? ktime_get_ts64+0x86/0x230 [ 13.498939] kunit_try_run_case+0x1a5/0x480 [ 13.498965] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.498988] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.499011] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.499035] ? __kthread_parkme+0x82/0x180 [ 13.499054] ? preempt_count_sub+0x50/0x80 [ 13.499076] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.499098] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.499120] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.499141] kthread+0x337/0x6f0 [ 13.499160] ? trace_preempt_on+0x20/0xc0 [ 13.499182] ? __pfx_kthread+0x10/0x10 [ 13.499202] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.499221] ? calculate_sigpending+0x7b/0xa0 [ 13.499244] ? __pfx_kthread+0x10/0x10 [ 13.499265] ret_from_fork+0x116/0x1d0 [ 13.499283] ? __pfx_kthread+0x10/0x10 [ 13.499302] ret_from_fork_asm+0x1a/0x30 [ 13.499331] [ 13.499342] [ 13.514700] Allocated by task 157: [ 13.514983] kasan_save_stack+0x45/0x70 [ 13.515187] kasan_save_track+0x18/0x40 [ 13.515386] kasan_save_alloc_info+0x3b/0x50 [ 13.515558] __kasan_kmalloc+0xb7/0xc0 [ 13.515932] __kmalloc_cache_node_noprof+0x188/0x420 [ 13.516866] kmalloc_node_oob_right+0xab/0x3c0 [ 13.517134] kunit_try_run_case+0x1a5/0x480 [ 13.517616] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.517919] kthread+0x337/0x6f0 [ 13.518208] ret_from_fork+0x116/0x1d0 [ 13.518402] ret_from_fork_asm+0x1a/0x30 [ 13.518596] [ 13.518711] The buggy address belongs to the object at ffff88810289e000 [ 13.518711] which belongs to the cache kmalloc-4k of size 4096 [ 13.520784] The buggy address is located 0 bytes to the right of [ 13.520784] allocated 4096-byte region [ffff88810289e000, ffff88810289f000) [ 13.521523] [ 13.521846] The buggy address belongs to the physical page: [ 13.522279] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102898 [ 13.523271] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.524142] flags: 0x200000000000040(head|node=0|zone=2) [ 13.524833] page_type: f5(slab) [ 13.525010] raw: 0200000000000040 ffff888100042140 dead000000000122 0000000000000000 [ 13.525277] raw: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 13.526306] head: 0200000000000040 ffff888100042140 dead000000000122 0000000000000000 [ 13.526967] head: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 13.527583] head: 0200000000000003 ffffea00040a2601 00000000ffffffff 00000000ffffffff [ 13.528696] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 13.529081] page dumped because: kasan: bad access detected [ 13.529487] [ 13.529768] Memory state around the buggy address: [ 13.530332] ffff88810289ef00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.530812] ffff88810289ef80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.531103] >ffff88810289f000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.531348] ^ [ 13.532273] ffff88810289f080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.532777] ffff88810289f100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.533179] ================================================================== Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28921022/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28921022/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28921560/suite/log-parser-boot/test/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_node_oob_right-e5b9661c69632fb2ace279bbd855c379b9d7f843d3e7a00f8783167a49d0b682/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28921560/suite/log-parser-boot/test/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_node_oob_right-e5b9661c69632fb2ace279bbd855c379b9d7f843d3e7a00f8783167a49d0b682/attachments/reproducer Boot regression: qemu-x86_64, log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper Boot log: --------- [ 13.949713] ================================================================== [ 13.951088] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 13.951975] Write of size 1 at addr ffff888100a308da by task kunit_try_catch/175 [ 13.953119] [ 13.953347] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3 #1 PREEMPT(voluntary) [ 13.953438] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.953458] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.953541] Call Trace: [ 13.953592] [ 13.953631] dump_stack_lvl+0x73/0xb0 [ 13.953693] print_report+0xd1/0x650 [ 13.953739] ? __virt_addr_valid+0x1db/0x2d0 [ 13.953777] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 13.953812] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.953846] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 13.953874] kasan_report+0x141/0x180 [ 13.953896] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 13.953938] __asan_report_store1_noabort+0x1b/0x30 [ 13.953961] krealloc_less_oob_helper+0xec6/0x11d0 [ 13.953987] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 13.954011] ? finish_task_switch.isra.0+0x153/0x700 [ 13.954033] ? __switch_to+0x47/0xf50 [ 13.954060] ? __schedule+0x10cc/0x2b60 [ 13.954082] ? __pfx_read_tsc+0x10/0x10 [ 13.954106] krealloc_less_oob+0x1c/0x30 [ 13.954127] kunit_try_run_case+0x1a5/0x480 [ 13.954151] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.954173] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.954196] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.954218] ? __kthread_parkme+0x82/0x180 [ 13.954238] ? preempt_count_sub+0x50/0x80 [ 13.954260] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.954282] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.954304] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.954326] kthread+0x337/0x6f0 [ 13.954345] ? trace_preempt_on+0x20/0xc0 [ 13.954492] ? __pfx_kthread+0x10/0x10 [ 13.954516] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.954537] ? calculate_sigpending+0x7b/0xa0 [ 13.954561] ? __pfx_kthread+0x10/0x10 [ 13.954581] ret_from_fork+0x116/0x1d0 [ 13.954600] ? __pfx_kthread+0x10/0x10 [ 13.954620] ret_from_fork_asm+0x1a/0x30 [ 13.954650] [ 13.954661] [ 13.969734] Allocated by task 175: [ 13.970249] kasan_save_stack+0x45/0x70 [ 13.970727] kasan_save_track+0x18/0x40 [ 13.971154] kasan_save_alloc_info+0x3b/0x50 [ 13.971348] __kasan_krealloc+0x190/0x1f0 [ 13.972107] krealloc_noprof+0xf3/0x340 [ 13.972286] krealloc_less_oob_helper+0x1aa/0x11d0 [ 13.972654] krealloc_less_oob+0x1c/0x30 [ 13.972983] kunit_try_run_case+0x1a5/0x480 [ 13.973730] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.973974] kthread+0x337/0x6f0 [ 13.974278] ret_from_fork+0x116/0x1d0 [ 13.975421] ret_from_fork_asm+0x1a/0x30 [ 13.975628] [ 13.975750] The buggy address belongs to the object at ffff888100a30800 [ 13.975750] which belongs to the cache kmalloc-256 of size 256 [ 13.976514] The buggy address is located 17 bytes to the right of [ 13.976514] allocated 201-byte region [ffff888100a30800, ffff888100a308c9) [ 13.977496] [ 13.977631] The buggy address belongs to the physical page: [ 13.978093] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a30 [ 13.978390] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.979184] flags: 0x200000000000040(head|node=0|zone=2) [ 13.979596] page_type: f5(slab) [ 13.979854] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 13.980154] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.980482] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 13.981606] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.982083] head: 0200000000000001 ffffea0004028c01 00000000ffffffff 00000000ffffffff [ 13.982809] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 13.983347] page dumped because: kasan: bad access detected [ 13.983842] [ 13.984023] Memory state around the buggy address: [ 13.984270] ffff888100a30780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.984948] ffff888100a30800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.985935] >ffff888100a30880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 13.986530] ^ [ 13.986959] ffff888100a30900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.987770] ffff888100a30980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.988431] ================================================================== Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28921022/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28921022/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28921560/suite/log-parser-boot/test/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper-89d29dad0429f8c1b0ade771a42c7d2ac459e5f11b48c806bc29befef6970fa8/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28921560/suite/log-parser-boot/test/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper-89d29dad0429f8c1b0ade771a42c7d2ac459e5f11b48c806bc29befef6970fa8/attachments/reproducer Boot regression: qemu-x86_64, log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-mempool_oob_right_helper Boot log: --------- [ 15.870160] ================================================================== [ 15.870712] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 15.871471] Read of size 1 at addr ffff8881039fe001 by task kunit_try_catch/240 [ 15.871791] [ 15.871961] CPU: 0 UID: 0 PID: 240 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3 #1 PREEMPT(voluntary) [ 15.872101] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.872134] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.872200] Call Trace: [ 15.872230] [ 15.872272] dump_stack_lvl+0x73/0xb0 [ 15.872367] print_report+0xd1/0x650 [ 15.872432] ? __virt_addr_valid+0x1db/0x2d0 [ 15.872486] ? mempool_oob_right_helper+0x318/0x380 [ 15.872538] ? kasan_addr_to_slab+0x11/0xa0 [ 15.872586] ? mempool_oob_right_helper+0x318/0x380 [ 15.872636] kasan_report+0x141/0x180 [ 15.872686] ? mempool_oob_right_helper+0x318/0x380 [ 15.872748] __asan_report_load1_noabort+0x18/0x20 [ 15.872806] mempool_oob_right_helper+0x318/0x380 [ 15.873033] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 15.873108] ? update_load_avg+0x1be/0x21b0 [ 15.873168] ? dequeue_entities+0x27e/0x1740 [ 15.873230] ? finish_task_switch.isra.0+0x153/0x700 [ 15.873288] mempool_kmalloc_large_oob_right+0xf2/0x150 [ 15.873334] ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10 [ 15.873424] ? __pfx_mempool_kmalloc+0x10/0x10 [ 15.873484] ? __pfx_mempool_kfree+0x10/0x10 [ 15.873531] ? __pfx_read_tsc+0x10/0x10 [ 15.873575] ? ktime_get_ts64+0x86/0x230 [ 15.873616] kunit_try_run_case+0x1a5/0x480 [ 15.873662] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.873696] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.873734] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.873769] ? __kthread_parkme+0x82/0x180 [ 15.873798] ? preempt_count_sub+0x50/0x80 [ 15.873843] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.873877] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.873903] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.873940] kthread+0x337/0x6f0 [ 15.873960] ? trace_preempt_on+0x20/0xc0 [ 15.873985] ? __pfx_kthread+0x10/0x10 [ 15.874005] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.874027] ? calculate_sigpending+0x7b/0xa0 [ 15.874054] ? __pfx_kthread+0x10/0x10 [ 15.874078] ret_from_fork+0x116/0x1d0 [ 15.874099] ? __pfx_kthread+0x10/0x10 [ 15.874122] ret_from_fork_asm+0x1a/0x30 [ 15.874157] [ 15.874171] [ 15.892068] The buggy address belongs to the physical page: [ 15.892808] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039fc [ 15.893367] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 15.893737] flags: 0x200000000000040(head|node=0|zone=2) [ 15.894625] page_type: f8(unknown) [ 15.894907] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 15.895666] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 15.896829] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 15.897220] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 15.898034] head: 0200000000000002 ffffea00040e7f01 00000000ffffffff 00000000ffffffff [ 15.898206] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 15.898350] page dumped because: kasan: bad access detected [ 15.899591] [ 15.899778] Memory state around the buggy address: [ 15.900527] ffff8881039fdf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.900878] ffff8881039fdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.901335] >ffff8881039fe000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 15.901983] ^ [ 15.902133] ffff8881039fe080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 15.902281] ffff8881039fe100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 15.902837] ================================================================== Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28921022/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28921022/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28921560/suite/log-parser-boot/test/kasan-bug-kasan-slab-out-of-bounds-in-mempool_oob_right_helper-2cbee507ab0dbabbe0743cad713fc207632a9c12b5b595e5a5b058af254df053/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28921560/suite/log-parser-boot/test/kasan-bug-kasan-slab-out-of-bounds-in-mempool_oob_right_helper-2cbee507ab0dbabbe0743cad713fc207632a9c12b5b595e5a5b058af254df053/attachments/reproducer Boot regression: qemu-x86_64, log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-krealloc_uaf Boot log: --------- [ 14.307824] ================================================================== [ 14.308116] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x53c/0x5e0 [ 14.308657] Read of size 1 at addr ffff888100341e00 by task kunit_try_catch/181 [ 14.309420] [ 14.309814] CPU: 0 UID: 0 PID: 181 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3 #1 PREEMPT(voluntary) [ 14.309934] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.309975] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.310015] Call Trace: [ 14.310057] [ 14.310098] dump_stack_lvl+0x73/0xb0 [ 14.310202] print_report+0xd1/0x650 [ 14.310263] ? __virt_addr_valid+0x1db/0x2d0 [ 14.310308] ? krealloc_uaf+0x53c/0x5e0 [ 14.310345] ? kasan_complete_mode_report_info+0x64/0x200 [ 14.310398] ? krealloc_uaf+0x53c/0x5e0 [ 14.310431] kasan_report+0x141/0x180 [ 14.310463] ? krealloc_uaf+0x53c/0x5e0 [ 14.310501] __asan_report_load1_noabort+0x18/0x20 [ 14.310536] krealloc_uaf+0x53c/0x5e0 [ 14.310566] ? __pfx_krealloc_uaf+0x10/0x10 [ 14.310598] ? irqentry_exit+0x2a/0x60 [ 14.310628] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 14.310660] kunit_try_run_case+0x1a5/0x480 [ 14.310686] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.310708] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.310732] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.310754] ? __kthread_parkme+0x82/0x180 [ 14.310774] ? preempt_count_sub+0x50/0x80 [ 14.310797] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.310826] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.310859] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.310881] kthread+0x337/0x6f0 [ 14.310899] ? trace_preempt_on+0x20/0xc0 [ 14.310922] ? __pfx_kthread+0x10/0x10 [ 14.310942] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.310961] ? calculate_sigpending+0x7b/0xa0 [ 14.310984] ? __pfx_kthread+0x10/0x10 [ 14.311004] ret_from_fork+0x116/0x1d0 [ 14.311023] ? __pfx_kthread+0x10/0x10 [ 14.311042] ret_from_fork_asm+0x1a/0x30 [ 14.311074] [ 14.311087] [ 14.321733] Allocated by task 181: [ 14.321932] kasan_save_stack+0x45/0x70 [ 14.322215] kasan_save_track+0x18/0x40 [ 14.322979] kasan_save_alloc_info+0x3b/0x50 [ 14.323348] __kasan_kmalloc+0xb7/0xc0 [ 14.323662] __kmalloc_cache_noprof+0x189/0x420 [ 14.324140] krealloc_uaf+0xbb/0x5e0 [ 14.324678] kunit_try_run_case+0x1a5/0x480 [ 14.325063] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.325919] kthread+0x337/0x6f0 [ 14.326209] ret_from_fork+0x116/0x1d0 [ 14.326392] ret_from_fork_asm+0x1a/0x30 [ 14.326854] [ 14.327113] Freed by task 181: [ 14.327280] kasan_save_stack+0x45/0x70 [ 14.327465] kasan_save_track+0x18/0x40 [ 14.327682] kasan_save_free_info+0x3f/0x60 [ 14.328009] __kasan_slab_free+0x56/0x70 [ 14.328869] kfree+0x222/0x3f0 [ 14.329164] krealloc_uaf+0x13d/0x5e0 [ 14.329641] kunit_try_run_case+0x1a5/0x480 [ 14.330000] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.330374] kthread+0x337/0x6f0 [ 14.330692] ret_from_fork+0x116/0x1d0 [ 14.330866] ret_from_fork_asm+0x1a/0x30 [ 14.331171] [ 14.331374] The buggy address belongs to the object at ffff888100341e00 [ 14.331374] which belongs to the cache kmalloc-256 of size 256 [ 14.332632] The buggy address is located 0 bytes inside of [ 14.332632] freed 256-byte region [ffff888100341e00, ffff888100341f00) [ 14.333281] [ 14.333469] The buggy address belongs to the physical page: [ 14.334630] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100340 [ 14.335154] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 14.335425] flags: 0x200000000000040(head|node=0|zone=2) [ 14.336083] page_type: f5(slab) [ 14.336375] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 14.337078] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 14.337882] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 14.338581] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 14.339311] head: 0200000000000001 ffffea000400d001 00000000ffffffff 00000000ffffffff [ 14.339571] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 14.340271] page dumped because: kasan: bad access detected [ 14.340783] [ 14.340924] Memory state around the buggy address: [ 14.341847] ffff888100341d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.342286] ffff888100341d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.342808] >ffff888100341e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.343186] ^ [ 14.343572] ffff888100341e80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.344110] ffff888100341f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.344451] ================================================================== Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28921022/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28921022/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28921560/suite/log-parser-boot/test/kasan-bug-kasan-slab-use-after-free-in-krealloc_uaf-20d75a65c5f8ba7d4f8ced565d83dcb43fc346a18b545a66acfd320fdda0ec95/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28921560/suite/log-parser-boot/test/kasan-bug-kasan-slab-use-after-free-in-krealloc_uaf-20d75a65c5f8ba7d4f8ced565d83dcb43fc346a18b545a66acfd320fdda0ec95/attachments/reproducer Boot regression: qemu-x86_64, log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-mempool_uaf_helper Boot log: --------- [ 15.958787] ================================================================== [ 15.959338] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x392/0x400 [ 15.960104] Read of size 1 at addr ffff8881019eba00 by task kunit_try_catch/244 [ 15.960837] [ 15.961046] CPU: 1 UID: 0 PID: 244 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3 #1 PREEMPT(voluntary) [ 15.961180] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.961211] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.961254] Call Trace: [ 15.961286] [ 15.961326] dump_stack_lvl+0x73/0xb0 [ 15.961585] print_report+0xd1/0x650 [ 15.961642] ? __virt_addr_valid+0x1db/0x2d0 [ 15.961700] ? mempool_uaf_helper+0x392/0x400 [ 15.961749] ? kasan_complete_mode_report_info+0x64/0x200 [ 15.961791] ? mempool_uaf_helper+0x392/0x400 [ 15.961846] kasan_report+0x141/0x180 [ 15.961894] ? mempool_uaf_helper+0x392/0x400 [ 15.961988] __asan_report_load1_noabort+0x18/0x20 [ 15.962040] mempool_uaf_helper+0x392/0x400 [ 15.962084] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 15.962132] ? __kasan_check_write+0x18/0x20 [ 15.962177] ? __pfx_sched_clock_cpu+0x10/0x10 [ 15.962228] ? finish_task_switch.isra.0+0x153/0x700 [ 15.962318] mempool_kmalloc_uaf+0xef/0x140 [ 15.962499] ? __pfx_mempool_kmalloc_uaf+0x10/0x10 [ 15.962554] ? __pfx_mempool_kmalloc+0x10/0x10 [ 15.962585] ? __pfx_mempool_kfree+0x10/0x10 [ 15.962612] ? __pfx_read_tsc+0x10/0x10 [ 15.962635] ? ktime_get_ts64+0x86/0x230 [ 15.962663] kunit_try_run_case+0x1a5/0x480 [ 15.962693] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.962715] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.962740] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.962763] ? __kthread_parkme+0x82/0x180 [ 15.962787] ? preempt_count_sub+0x50/0x80 [ 15.962811] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.962868] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.962895] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.962919] kthread+0x337/0x6f0 [ 15.962939] ? trace_preempt_on+0x20/0xc0 [ 15.962965] ? __pfx_kthread+0x10/0x10 [ 15.962986] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.963007] ? calculate_sigpending+0x7b/0xa0 [ 15.963033] ? __pfx_kthread+0x10/0x10 [ 15.963056] ret_from_fork+0x116/0x1d0 [ 15.963076] ? __pfx_kthread+0x10/0x10 [ 15.963097] ret_from_fork_asm+0x1a/0x30 [ 15.963130] [ 15.963144] [ 15.975751] Allocated by task 244: [ 15.976177] kasan_save_stack+0x45/0x70 [ 15.976635] kasan_save_track+0x18/0x40 [ 15.977100] kasan_save_alloc_info+0x3b/0x50 [ 15.977564] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 15.978017] remove_element+0x11e/0x190 [ 15.978887] mempool_alloc_preallocated+0x4d/0x90 [ 15.979479] mempool_uaf_helper+0x96/0x400 [ 15.979688] mempool_kmalloc_uaf+0xef/0x140 [ 15.979890] kunit_try_run_case+0x1a5/0x480 [ 15.980245] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.980545] kthread+0x337/0x6f0 [ 15.980761] ret_from_fork+0x116/0x1d0 [ 15.981001] ret_from_fork_asm+0x1a/0x30 [ 15.981233] [ 15.981786] Freed by task 244: [ 15.982023] kasan_save_stack+0x45/0x70 [ 15.982232] kasan_save_track+0x18/0x40 [ 15.982583] kasan_save_free_info+0x3f/0x60 [ 15.982899] __kasan_mempool_poison_object+0x131/0x1d0 [ 15.983279] mempool_free+0x2ec/0x380 [ 15.983629] mempool_uaf_helper+0x11a/0x400 [ 15.983870] mempool_kmalloc_uaf+0xef/0x140 [ 15.984161] kunit_try_run_case+0x1a5/0x480 [ 15.984349] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.984618] kthread+0x337/0x6f0 [ 15.984929] ret_from_fork+0x116/0x1d0 [ 15.985231] ret_from_fork_asm+0x1a/0x30 [ 15.986161] [ 15.986497] The buggy address belongs to the object at ffff8881019eba00 [ 15.986497] which belongs to the cache kmalloc-128 of size 128 [ 15.987054] The buggy address is located 0 bytes inside of [ 15.987054] freed 128-byte region [ffff8881019eba00, ffff8881019eba80) [ 15.988006] [ 15.988207] The buggy address belongs to the physical page: [ 15.988711] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1019eb [ 15.989207] flags: 0x200000000000000(node=0|zone=2) [ 15.989756] page_type: f5(slab) [ 15.990022] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.990927] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.991432] page dumped because: kasan: bad access detected [ 15.991719] [ 15.992047] Memory state around the buggy address: [ 15.992347] ffff8881019eb900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.992985] ffff8881019eb980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.993518] >ffff8881019eba00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.994068] ^ [ 15.994281] ffff8881019eba80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.994904] ffff8881019ebb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.995342] ================================================================== Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28921022/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28921022/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28921560/suite/log-parser-boot/test/kasan-bug-kasan-slab-use-after-free-in-mempool_uaf_helper-91e24522dbd2c2025d618ddb060c738044938e7f329cfc631a47b08d18938409/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28921560/suite/log-parser-boot/test/kasan-bug-kasan-slab-use-after-free-in-mempool_uaf_helper-91e24522dbd2c2025d618ddb060c738044938e7f329cfc631a47b08d18938409/attachments/reproducer Boot regression: qemu-x86_64, log-parser-boot/kasan-bug-kasan-use-after-free-in-kmalloc_large_uaf Boot log: --------- [ 13.699673] ================================================================== [ 13.700186] BUG: KASAN: use-after-free in kmalloc_large_uaf+0x2f1/0x340 [ 13.701213] Read of size 1 at addr ffff88810261c000 by task kunit_try_catch/165 [ 13.702222] [ 13.702751] CPU: 0 UID: 0 PID: 165 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3 #1 PREEMPT(voluntary) [ 13.702861] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.702877] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.702903] Call Trace: [ 13.702920] [ 13.702943] dump_stack_lvl+0x73/0xb0 [ 13.702987] print_report+0xd1/0x650 [ 13.703011] ? __virt_addr_valid+0x1db/0x2d0 [ 13.703036] ? kmalloc_large_uaf+0x2f1/0x340 [ 13.703056] ? kasan_addr_to_slab+0x11/0xa0 [ 13.703076] ? kmalloc_large_uaf+0x2f1/0x340 [ 13.703096] kasan_report+0x141/0x180 [ 13.703117] ? kmalloc_large_uaf+0x2f1/0x340 [ 13.703143] __asan_report_load1_noabort+0x18/0x20 [ 13.703167] kmalloc_large_uaf+0x2f1/0x340 [ 13.703188] ? __pfx_kmalloc_large_uaf+0x10/0x10 [ 13.703210] ? __schedule+0x10cc/0x2b60 [ 13.703233] ? __pfx_read_tsc+0x10/0x10 [ 13.703255] ? ktime_get_ts64+0x86/0x230 [ 13.703282] kunit_try_run_case+0x1a5/0x480 [ 13.703309] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.703330] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.703371] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.703411] ? __kthread_parkme+0x82/0x180 [ 13.703446] ? preempt_count_sub+0x50/0x80 [ 13.703492] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.703535] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.703580] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.703617] kthread+0x337/0x6f0 [ 13.703647] ? trace_preempt_on+0x20/0xc0 [ 13.703686] ? __pfx_kthread+0x10/0x10 [ 13.703715] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.703735] ? calculate_sigpending+0x7b/0xa0 [ 13.703760] ? __pfx_kthread+0x10/0x10 [ 13.703780] ret_from_fork+0x116/0x1d0 [ 13.703799] ? __pfx_kthread+0x10/0x10 [ 13.703823] ret_from_fork_asm+0x1a/0x30 [ 13.703867] [ 13.703880] [ 13.716789] The buggy address belongs to the physical page: [ 13.717541] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10261c [ 13.718627] flags: 0x200000000000000(node=0|zone=2) [ 13.719440] raw: 0200000000000000 ffffea0004098808 ffff88815b039f80 0000000000000000 [ 13.719925] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 13.720193] page dumped because: kasan: bad access detected [ 13.720629] [ 13.720742] Memory state around the buggy address: [ 13.720956] ffff88810261bf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.721653] ffff88810261bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.722286] >ffff88810261c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.722725] ^ [ 13.722967] ffff88810261c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.723275] ffff88810261c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.724258] ================================================================== Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28921022/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28921022/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28921560/suite/log-parser-boot/test/kasan-bug-kasan-use-after-free-in-kmalloc_large_uaf-8d8b6eeb2b2cf8b25815b1010360e39353639dc5a4db621d74259b44008cfd15/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28921560/suite/log-parser-boot/test/kasan-bug-kasan-use-after-free-in-kmalloc_large_uaf-8d8b6eeb2b2cf8b25815b1010360e39353639dc5a4db621d74259b44008cfd15/attachments/reproducer Boot regression: qemu-x86_64, log-parser-boot/kasan-bug-kasan-use-after-free-in-mempool_uaf_helper Boot log: --------- [ 16.000895] ================================================================== [ 16.001638] BUG: KASAN: use-after-free in mempool_uaf_helper+0x392/0x400 [ 16.002081] Read of size 1 at addr ffff888103a00000 by task kunit_try_catch/246 [ 16.002526] [ 16.002755] CPU: 0 UID: 0 PID: 246 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3 #1 PREEMPT(voluntary) [ 16.002858] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.002883] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.002924] Call Trace: [ 16.002953] [ 16.002991] dump_stack_lvl+0x73/0xb0 [ 16.003057] print_report+0xd1/0x650 [ 16.003107] ? __virt_addr_valid+0x1db/0x2d0 [ 16.003151] ? mempool_uaf_helper+0x392/0x400 [ 16.003196] ? kasan_addr_to_slab+0x11/0xa0 [ 16.003239] ? mempool_uaf_helper+0x392/0x400 [ 16.003282] kasan_report+0x141/0x180 [ 16.003324] ? mempool_uaf_helper+0x392/0x400 [ 16.004058] __asan_report_load1_noabort+0x18/0x20 [ 16.004139] mempool_uaf_helper+0x392/0x400 [ 16.004193] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 16.004235] ? update_load_avg+0x1be/0x21b0 [ 16.004265] ? dequeue_entities+0x27e/0x1740 [ 16.004293] ? finish_task_switch.isra.0+0x153/0x700 [ 16.004320] mempool_kmalloc_large_uaf+0xef/0x140 [ 16.004346] ? __pfx_mempool_kmalloc_large_uaf+0x10/0x10 [ 16.004439] ? __pfx_mempool_kmalloc+0x10/0x10 [ 16.004492] ? __pfx_mempool_kfree+0x10/0x10 [ 16.004533] ? __pfx_read_tsc+0x10/0x10 [ 16.004568] ? ktime_get_ts64+0x86/0x230 [ 16.004609] kunit_try_run_case+0x1a5/0x480 [ 16.004652] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.004685] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.004726] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.004763] ? __kthread_parkme+0x82/0x180 [ 16.004800] ? preempt_count_sub+0x50/0x80 [ 16.004851] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.004883] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.004907] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.004931] kthread+0x337/0x6f0 [ 16.004950] ? trace_preempt_on+0x20/0xc0 [ 16.004974] ? __pfx_kthread+0x10/0x10 [ 16.004994] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.005015] ? calculate_sigpending+0x7b/0xa0 [ 16.005040] ? __pfx_kthread+0x10/0x10 [ 16.005062] ret_from_fork+0x116/0x1d0 [ 16.005082] ? __pfx_kthread+0x10/0x10 [ 16.005103] ret_from_fork_asm+0x1a/0x30 [ 16.005137] [ 16.005150] [ 16.020978] The buggy address belongs to the physical page: [ 16.021458] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a00 [ 16.022497] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.022759] flags: 0x200000000000040(head|node=0|zone=2) [ 16.023044] page_type: f8(unknown) [ 16.023397] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.023824] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.024123] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.024693] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.025335] head: 0200000000000002 ffffea00040e8001 00000000ffffffff 00000000ffffffff [ 16.026001] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 16.026948] page dumped because: kasan: bad access detected [ 16.027516] [ 16.027703] Memory state around the buggy address: [ 16.028055] ffff8881039fff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 16.028910] ffff8881039fff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 16.029299] >ffff888103a00000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 16.030217] ^ [ 16.030767] ffff888103a00080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 16.031263] ffff888103a00100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 16.032133] ================================================================== Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28921022/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28921022/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28921560/suite/log-parser-boot/test/kasan-bug-kasan-use-after-free-in-mempool_uaf_helper-47f064a912edff1c0369306dd49522826e64a0e756335ae13e7dd59c89b676d3/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28921560/suite/log-parser-boot/test/kasan-bug-kasan-use-after-free-in-mempool_uaf_helper-47f064a912edff1c0369306dd49522826e64a0e756335ae13e7dd59c89b676d3/attachments/reproducer Test regression: qemu-armv7, kselftest-seccomp/seccomp_seccomp_benchmark Test log: --------- <8>[ 144.963974] exit=1<8>[ 144.974227] seccomp_seccomp_benchmark_native_1_bitmap pass seccomp_seccomp_benchmark_native_1_filter pass seccomp_seccomp_benchmark_per-filter_last_2_diff_per-filter_filters_4 fail seccomp_seccomp_benchmark_1_bitmapped_2_bitmapped pass seccomp_seccomp_benchmark_entry_1_bitmapped pass seccomp_seccomp_benchmark_entry_2_bitmapped pass seccomp_seccomp_benchmark_native_entry_per_filter_4_4_filters_total fail seccomp_seccomp_benchmark fail Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28921535/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28921535/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28922416/suite/kselftest-seccomp/test/seccomp_seccomp_benchmark/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28922416/suite/kselftest-seccomp/test/seccomp_seccomp_benchmark/attachments/reproducer Test regression: qemu-x86_64, kselftest-timers/timers_posix_timers Test log: --------- <8>[ 612.742767] exit=1timeout set to 0 selftests: timers: nanosleep TAP version 13 1..12 ok 1 CLOCK_REALTIME ok 2 CLOCK_MONOTONIC ok 3 # SKIP CLOCK_PROCESS_CPUTIME_ID ok 4 # SKIP CLOCK_THREAD_CPUTIME_ID ok 5 # SKIP CLOCK_MONOTONIC_RAW ok 6 # SKIP CLOCK_REALTIME_COARSE ok 7 # SKIP CLOCK_MONOTONIC_COARSE ok 8 CLOCK_BOOTTIME ok 9 CLOCK_REALTIME_ALARM ok 10 CLOCK_BOOTTIME_ALARM ok 11 # SKIP UNKNOWN_CLOCKID ok 12 CLOCK_TAI # 6 skipped test(s) detected. Consider enabling relevant config options to improve coverage. # Totals: pass:6 fail:0 xfail:0 xpass:0 skip:6 error:0 <8>[ 612.760470] timers_posix_timers_check_timer_create_exact pass timers_posix_timers_ITIMER_VIRTUAL pass timers_posix_timers_ITIMER_PROF pass timers_posix_timers_ITIMER_REAL pass timers_posix_timers_timer_create_per_CLOCK_THREAD_CPUTIME_ID pass timers_posix_timers_timer_create_per_CLOCK_PROCESS_CPUTIME_ID pass timers_posix_timers_check_signal_distribution fail timers_posix_timers_check_sig_ign_SIGEV_SIGNAL pass timers_posix_timers_check_sig_ign_SIGEV_THREAD_ID pass timers_posix_timers_check_rearm pass timers_posix_timers_check_delete pass timers_posix_timers_check_sigev_none_CLOCK_MONOTONIC pass timers_posix_timers_check_sigev_none_CLOCK_PROCESS_CPUTIME_ID pass timers_posix_timers_check_gettime_CLOCK_MONOTONIC pass timers_posix_timers_check_gettime_CLOCK_PROCESS_CPUTIME_ID pass timers_posix_timers_check_gettime_CLOCK_THREAD_CPUTIME_ID pass timers_posix_timers_check_overrun_CLOCK_MONOTONIC pass timers_posix_timers_check_overrun_CLOCK_PROCESS_CPUTIME_ID pass timers_posix_timers_check_overrun_CLOCK_THREAD_CPUTIME_ID pass timers_posix_timers fail Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28921022/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28921022/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28922279/suite/kselftest-timers/test/timers_posix_timers/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28922279/suite/kselftest-timers/test/timers_posix_timers/attachments/reproducer Test regression: qemu-x86_64, kselftest-timers/timers_posix_timers_check_signal_distribution Test log: --------- <8>[ 612.041734] <8>[ 612.055127] timers_posix_timers_check_signal_distribution fail Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28921022/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28921022/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28922279/suite/kselftest-timers/test/timers_posix_timers_check_signal_distribution/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28922279/suite/kselftest-timers/test/timers_posix_timers_check_signal_distribution/attachments/reproducer Test regression: qemu-x86_64, kselftest-x86/x86_syscall_numbering_64 Test log: --------- <8>[ 104.076394] TIMEOUT 45 secondstimeout set to 45 selftests: x86: corrupt_xstate_header_64 [SKIP] CR4.OSXSAVE disabled. <8>[ 104.093195] x86_syscall_numbering_64 fail Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28921022/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28921022/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28921525/suite/kselftest-x86/test/x86_syscall_numbering_64/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28921525/suite/kselftest-x86/test/x86_syscall_numbering_64/attachments/reproducer Test regression: qemu-x86_64, kselftest-net/net_gro_sh Test log: --------- <8>[ 785.457231] exit=1timeout set to 3600 selftests: net: gre_gso.sh TEST: GREv6/v4 - copy file w/ TSO [ OK ] TEST: GREv6/v4 - copy file w/ GSO [ OK ] 2025/06/27 15:44:55 socat[7283] W exiting on signal 15 TEST: GREv6/v6 - copy file w/ TSO [ OK ] TEST: GREv6/v6 - copy file w/ GSO [ OK ] 2025/06/27 15:44:56 socat[7298] W exiting on signal 15 Tests passed: 4 Tests failed: 0 <8>[ 785.474626] net_gro_sh fail Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28921022/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28921022/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28922456/suite/kselftest-net/test/net_gro_sh/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28922456/suite/kselftest-net/test/net_gro_sh/attachments/reproducer Test regression: qemu-arm64, log-parser-test/exception-warning-cpu-pid-at-mmslub-__kvmalloc_node_noprof Test log: --------- ------------[ cut here ]------------ [ 19.133715] WARNING: CPU: 0 PID: 495 at mm/slub.c:5027 __kvmalloc_node_noprof+0x448/0x4e4 [ 19.135287] Modules linked in: sm3_ce sha3_ce sha512_ce fuse drm backlight ip_tables x_tables [ 19.136782] CPU: 0 UID: 0 PID: 495 Comm: unshare_test Not tainted 6.16.0-rc3 #1 PREEMPT [ 19.137125] Hardware name: linux,dummy-virt (DT) [ 19.137700] pstate: 23402009 (nzCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) [ 19.137993] pc : __kvmalloc_node_noprof+0x448/0x4e4 [ 19.138230] lr : __kvmalloc_node_noprof+0x80/0x4e4 [ 19.138688] sp : ffff800080bf3c90 [ 19.138875] x29: ffff800080bf3cc0 x28: fff00000c1ff0000 x27: 0000000000000000 [ 19.139502] x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000 [ 19.139955] x23: 00000000004028c0 x22: 0000000000000002 x21: 0000000200001e00 [ 19.140414] x20: fff00000c7efde40 x19: 00000000ffffffff x18: 0000000000000000 [ 19.140915] x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000 [ 19.141402] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000 [ 19.141616] x11: 0000000000000040 x10: bba3e9e2d9296300 x9 : bba3e9e2d9296300 [ 19.141930] x8 : 0000000000000004 x7 : 00000000ffffffff x6 : 0000000000000000 [ 19.142251] x5 : 0000000000000000 x4 : 0000000000400cc0 x3 : 0000000000000000 [ 19.143002] x2 : 0000000000000000 x1 : 0000000000000016 x0 : 0000000000000000 [ 19.143703] Call trace: [ 19.143993] __kvmalloc_node_noprof+0x448/0x4e4 (P) [ 19.144290] alloc_fdtable+0x74/0x118 [ 19.144426] expand_files+0x104/0x2d0 [ 19.144540] ksys_dup3+0x64/0xe8 [ 19.144645] __arm64_sys_dup3+0x20/0x30 [ 19.144821] invoke_syscall+0x40/0xf8 [ 19.145000] el0_svc_common+0xa8/0xd8 [ 19.145498] do_el0_svc+0x1c/0x28 [ 19.145641] el0_svc+0x38/0x88 [ 19.145786] el0t_64_sync_handler+0x78/0x108 [ 19.146343] el0t_64_sync+0x198/0x19c [ 19.146891] ---[ end trace 0000000000000000 ]--- Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28922499/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28922499/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28921918/suite/log-parser-test/test/exception-warning-cpu-pid-at-mmslub-__kvmalloc_node_noprof-71054c35c7eb99654c2ea5f6efb689f0936ff8f1d9dd53f0b43ea00a2f733057/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28921918/suite/log-parser-test/test/exception-warning-cpu-pid-at-mmslub-__kvmalloc_node_noprof-71054c35c7eb99654c2ea5f6efb689f0936ff8f1d9dd53f0b43ea00a2f733057/attachments/reproducer Test regression: qemu-arm64, log-parser-test/exception-warning-cpu-pid-at-fsjbd2transaction-start_this_handle Test log: --------- ------------[ cut here ]------------ [ 86.594524] WARNING: CPU: 1 PID: 12 at fs/jbd2/transaction.c:334 start_this_handle+0x4c0/0x4e0 [ 86.596607] Modules linked in: btrfs blake2b_generic xor xor_neon raid6_pq zstd_compress sm3_ce sha3_ce sha512_ce drm backlight fuse ip_tables x_tables [ 86.597964] CPU: 1 UID: 0 PID: 12 Comm: kworker/u8:0 Tainted: G W 6.16.0-rc3 #1 PREEMPT [ 86.598916] Tainted: [W]=WARN [ 86.599330] Hardware name: linux,dummy-virt (DT) [ 86.599775] Workqueue: writeback wb_workfn (flush-7:0) [ 86.600055] pstate: 62402009 (nZCv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--) [ 86.600554] pc : start_this_handle+0x4c0/0x4e0 [ 86.601770] lr : start_this_handle+0x4c0/0x4e0 [ 86.602175] sp : ffffc000800bb640 [ 86.602736] x29: ffffc000800bb680 x28: fff00000ce2cd000 x27: ffffe3d88c6b2000 [ 86.603545] x26: 00000000000001a0 x25: 0000000000000015 x24: 0000000000000002 [ 86.604256] x23: 0000000000000015 x22: 0000000000000c40 x21: 0000000000000008 [ 86.605363] x20: fff00000c25761e8 x19: fff00000c25761e8 x18: 0000000000000000 [ 86.605938] x17: fff01c2873730000 x16: ffffc00080008000 x15: 0000000000000000 [ 86.606454] x14: 0000000000000000 x13: 00000000ffffffff x12: ffffe3d88bfe8bc8 [ 86.606926] x11: 0000000000005228 x10: ffffe3d88bff71d8 x9 : ffffe3d88974f29c [ 86.607415] x8 : ffffc000800bb268 x7 : 0000000000000000 x6 : 0000000000000001 [ 86.607895] x5 : ffffe3d88bf69000 x4 : ffffe3d88bf693d0 x3 : 0000000000000000 [ 86.608473] x2 : 0000000000000000 x1 : fff00000c034d3c0 x0 : 000000000000004c [ 86.609139] Call trace: [ 86.609429] start_this_handle+0x4c0/0x4e0 (P) [ 86.609784] jbd2__journal_start+0x118/0x248 [ 86.610263] __ext4_journal_start_sb+0xf0/0x1c0 [ 86.610665] ext4_do_writepages+0x40c/0xba0 [ 86.611022] ext4_writepages+0x8c/0x120 [ 86.611345] do_writepages+0xb0/0x1a0 [ 86.611697] __writeback_single_inode+0x4c/0x480 [ 86.612068] writeback_sb_inodes+0x234/0x4a8 [ 86.612366] wb_writeback+0xa4/0x3d0 [ 86.612814] wb_workfn+0xf0/0x4f8 [ 86.613064] process_one_work+0x158/0x3b8 [ 86.613366] worker_thread+0x2d4/0x3f0 [ 86.613736] kthread+0x138/0x228 [ 86.614023] ret_from_fork+0x10/0x20 [ 86.614303] ---[ end trace 0000000000000000 ]--- --- ------------[ cut here ]------------ [ 86.615698] WARNING: CPU: 1 PID: 12 at fs/jbd2/transaction.c:334 start_this_handle+0x4c0/0x4e0 [ 86.619593] Modules linked in: btrfs blake2b_generic xor xor_neon raid6_pq zstd_compress sm3_ce sha3_ce sha512_ce drm backlight fuse ip_tables x_tables [ 86.620704] CPU: 1 UID: 0 PID: 12 Comm: kworker/u8:0 Tainted: G W 6.16.0-rc3 #1 PREEMPT [ 86.621547] Tainted: [W]=WARN [ 86.621851] Hardware name: linux,dummy-virt (DT) [ 86.622195] Workqueue: writeback wb_workfn (flush-7:0) [ 86.622714] pstate: 62402009 (nZCv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--) [ 86.623194] pc : start_this_handle+0x4c0/0x4e0 [ 86.623750] lr : start_this_handle+0x4c0/0x4e0 [ 86.624036] sp : ffffc000800bb640 [ 86.624415] x29: ffffc000800bb680 x28: fff00000ce2cd000 x27: ffffe3d88c6b2000 [ 86.624786] x26: 00000000000001a0 x25: 0000000000000015 x24: 0000000000000002 [ 86.625569] x23: 0000000000000015 x22: 0000000000000c40 x21: 0000000000000008 [ 86.626262] x20: fff00000c25761e8 x19: fff00000c25761e8 x18: 0000000000000000 [ 86.626800] x17: fff01c2873730000 x16: ffffc00080008000 x15: 0000000000000000 [ 86.627562] x14: 0000000000000000 x13: 00000000ffffffff x12: ffffe3d88bfe8bc8 [ 86.627981] x11: 0000000000005b50 x10: ffffe3d88bff7580 x9 : ffffe3d88974f29c [ 86.628674] x8 : ffffc000800bb268 x7 : 0000000000000000 x6 : 0000000000000001 [ 86.629123] x5 : ffffe3d88bf69000 x4 : ffffe3d88bf693d0 x3 : 0000000000000000 [ 86.629368] x2 : 0000000000000000 x1 : fff00000c034d3c0 x0 : 000000000000004c [ 86.630186] Call trace: [ 86.630496] start_this_handle+0x4c0/0x4e0 (P) [ 86.630942] jbd2__journal_start+0x118/0x248 [ 86.631358] __ext4_journal_start_sb+0xf0/0x1c0 [ 86.631870] ext4_do_writepages+0x40c/0xba0 [ 86.632288] ext4_writepages+0x8c/0x120 [ 86.632672] do_writepages+0xb0/0x1a0 [ 86.633135] __writeback_single_inode+0x4c/0x480 [ 86.633604] writeback_sb_inodes+0x234/0x4a8 [ 86.633975] wb_writeback+0xa4/0x3d0 [ 86.634460] wb_workfn+0xf0/0x4f8 [ 86.634820] process_one_work+0x158/0x3b8 [ 86.635100] worker_thread+0x2d4/0x3f0 [ 86.635313] kthread+0x138/0x228 [ 86.635629] ret_from_fork+0x10/0x20 [ 86.635938] ---[ end trace 0000000000000000 ]--- Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28922499/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28922499/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28921931/suite/log-parser-test/test/exception-warning-cpu-pid-at-fsjbd2transaction-start_this_handle-0562326d8b68c8b2b3d7ccbcee29155e0720b58a89e115328244f15e1caf7997/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28921931/suite/log-parser-test/test/exception-warning-cpu-pid-at-fsjbd2transaction-start_this_handle-0562326d8b68c8b2b3d7ccbcee29155e0720b58a89e115328244f15e1caf7997/attachments/reproducer Test regression: qemu-armv7, log-parser-test/exception-unable-to-handle-kernel-null-pointer-dereference-at-virtual-address-when-write Test log: --------- --- cut here --- [ 153.772274] Unable to handle kernel NULL pointer dereference at virtual address 00000000 when write [ 153.772342] [00000000] *pgd=80000040204003, *pmd=00000000 [ 153.772821] Internal error: Oops: a05 [#1] SMP ARM [ 153.795274] Modules linked in: test_vmalloc(+) fuse [ 153.795962] CPU: 0 UID: 0 PID: 1226 Comm: vmalloc_test/0 Tainted: G W 6.16.0-rc3 #1 NONE [ 153.796728] Tainted: [W]=WARN [ 153.796977] Hardware name: Generic DT based system [ 153.797363] PC is at vm_map_ram_test+0xcc/0xf0 [test_vmalloc] [ 153.797847] LR is at 0xfa3b1e60 [ 153.798217] pc : [] lr : [] psr: 60000013 [ 153.799422] sp : fa3b1ee8 ip : edbd7e50 fp : c4312820 [ 153.799957] r10: cc61b260 r9 : 00000061 r8 : c494f700 [ 153.800486] r7 : 00000001 r6 : bf02f014 r5 : 00000001 r4 : 00000001 [ 153.801270] r3 : c3de1380 r2 : 00000000 r1 : 00000001 r0 : 00000000 [ 153.801969] Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment user [ 153.802784] Control: 30c5387d Table: 43e7a400 DAC: fffffffd [ 153.803458] Register r0 information: NULL pointer [ 153.804219] Register r1 information: non-paged memory [ 153.804818] Register r2 information: NULL pointer [ 153.805286] Register r3 information: slab task_struct start c3de1380 pointer offset 0 size 2496 [ 153.806392] Register r4 information: non-paged memory [ 153.806566] Register r5 information: non-paged memory [ 153.807178] Register r6 information: 1-page vmalloc region starting at 0xbf02f000 allocated at load_module+0x7b0/0x1d5c [ 153.808181] Register r7 information: non-paged memory [ 153.808474] Register r8 information: slab kmalloc-64 start c494f700 pointer offset 0 size 64 [ 153.809015] Register r9 information: non-paged memory [ 153.809607] Register r10 information: non-slab/vmalloc memory [ 153.810273] Register r11 information: slab kmalloc-192 start c4312780 pointer offset 160 size 192 [ 153.810550] Register r12 information: non-slab/vmalloc memory [ 153.810736] Process vmalloc_test/0 (pid: 1226, stack limit = 0x6b5917d3) [ 153.811084] Stack: (0xfa3b1ee8 to 0xfa3b2000) [ 153.811210] 1ee0: c494f700 c051b528 bf02d974 bf02d4fc 0000000a bf02f014 [ 153.811422] 1f00: fa3b1f54 fa3b1f5c 00000000 bf02d6ec 0001a0c0 00000000 c4312780 00000023 [ 153.811650] 1f20: bf031238 bf02f000 c248b4a0 c1df91f1 00000006 00000000 00000005 00000009 [ 153.811862] 1f40: 00000007 00000008 00000002 00000003 0000000a 00000001 00000004 769fed45 [ 153.812074] 1f60: c4312780 00000001 c402a100 c3de1380 c402a100 bf02d5ec c4312780 00000000 [ 153.812281] 1f80: 00000000 c048c558 00000000 769fed45 c3fcab00 c048c444 00000000 00000000 [ 153.812493] 1fa0: 00000000 00000000 00000000 c0400254 00000000 00000000 00000000 00000000 [ 153.813044] 1fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 153.814362] 1fe0: 00000000 00000000 00000000 00000000 00000013 00000000 00000000 00000000 [ 153.815175] Call trace: [ 153.815303] vm_map_ram_test [test_vmalloc] from test_func+0x100/0x2d8 [test_vmalloc] [ 153.816471] test_func [test_vmalloc] from kthread+0x114/0x240 [ 153.817084] kthread from ret_from_fork+0x14/0x20 [ 153.817562] Exception stack(0xfa3b1fb0 to 0xfa3b1ff8) [ 153.817965] 1fa0: 00000000 00000000 00000000 00000000 [ 153.818597] 1fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 153.819222] 1fe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 153.820213] Code: e1a00008 e2844001 eb5a351d e1a01005 (e5c09000) [ 153.821577] ---[ end trace 0000000000000000 ]--- Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28921535/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28921535/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28922531/suite/log-parser-test/test/exception-unable-to-handle-kernel-null-pointer-dereference-at-virtual-address-when-write-1b735b2fb67adeee9ef49841a8e2cc606ef08c2c6e0d48a8bbcd55aecfe55c26/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28922531/suite/log-parser-test/test/exception-unable-to-handle-kernel-null-pointer-dereference-at-virtual-address-when-write-1b735b2fb67adeee9ef49841a8e2cc606ef08c2c6e0d48a8bbcd55aecfe55c26/attachments/reproducer Fixes: qemu-arm64, kselftest-arm64/arm64_check_gcr_el1_cswitch Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28922499/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28922499/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28922109/suite/kselftest-arm64/test/arm64_check_gcr_el1_cswitch/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28922109/suite/kselftest-arm64/test/arm64_check_gcr_el1_cswitch/attachments/reproducer Fixes: qemu-arm64, ltp-fs/fs_fill Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28922499/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28922499/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28922520/suite/ltp-fs/test/fs_fill/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28922520/suite/ltp-fs/test/fs_fill/attachments/reproducer Fixes: qemu-arm64, ltp-mm/kallsyms Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28922499/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28922499/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28922248/suite/ltp-mm/test/kallsyms/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28922248/suite/ltp-mm/test/kallsyms/attachments/reproducer Fixes: qemu-armv7, kselftest-cgroup/cgroup_test_cpu_test_cpucg_nested_weight_overprovisioned Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28921535/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28921535/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28922361/suite/kselftest-cgroup/test/cgroup_test_cpu_test_cpucg_nested_weight_overprovisioned/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28922361/suite/kselftest-cgroup/test/cgroup_test_cpu_test_cpucg_nested_weight_overprovisioned/attachments/reproducer Fixes: qemu-armv7, kselftest-timers/timers_posix_timers Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28921535/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28921535/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28921948/suite/kselftest-timers/test/timers_posix_timers/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28921948/suite/kselftest-timers/test/timers_posix_timers/attachments/reproducer Fixes: qemu-x86_64, kselftest-mm/mm_run_vmtests_sh_uffd-unit-tests Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28921022/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28921022/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28921554/suite/kselftest-mm/test/mm_run_vmtests_sh_uffd-unit-tests/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28921554/suite/kselftest-mm/test/mm_run_vmtests_sh_uffd-unit-tests/attachments/reproducer Fixes: qemu-x86_64, kselftest-x86/x86_sigreturn_64 Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28921022/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28921022/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28921649/suite/kselftest-x86/test/x86_sigreturn_64/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28921649/suite/kselftest-x86/test/x86_sigreturn_64/attachments/reproducer Fixes: qemu-x86_64, perf/_20_Breakpoint_overflow_sampling Build: ------ - Kernel Config: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28921022/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/config - Build Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28921022/suite/build/test/rustgcc-lkftconfig-kselftest/attachments/tuxmake_reproducer.sh - Test Log: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28921023/suite/perf/test/_20_Breakpoint_overflow_sampling/log - Test Reproducer: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075/testrun/28921023/suite/perf/test/_20_Breakpoint_overflow_sampling/attachments/reproducer Source: ------- - Kernel version: 6.16.0-rc3 - Git Tree: https://kernel.googlesource.com/pub/scm/linux/kernel/git/sashal/linus-next.git - Git SHA: 02381519c0759e28a5a486c88c0941c7f0b5d57c - Git Describe: v6.13-rc7-42957-g02381519c075 - Test Details: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-42957-g02381519c075 -- Linaro LKFT https://lkft.linaro.org