- kasan-bug-kasan-global-out-of-bounds-in-cs_dsp_mock_bin_add_name_or_infoisra (gcc-13-defconfig-40bc7ee5:2) log snippet-2
(artefacts: Kernel Config, Build Reproducer, Test Reproducer, Test Log)
- kasan-bug-kasan-double-free-in-kfree_sensitive (gcc-13-lkftconfig-kunit:1) log snippet-3
(artefacts: Kernel Config, Build Reproducer, Test Reproducer, Test Log)
- kasan-bug-kasan-slab-out-of-bounds-in-memcmp (gcc-13-lkftconfig-kunit:1) log snippet-4
(artefacts: Kernel Config, Build Reproducer, Test Reproducer, Test Log)
- kasan-bug-kasan-slab-use-after-free-in-rcu_uaf_reclaim (gcc-13-lkftconfig-kunit:1) log snippet-5
(artefacts: Kernel Config, Build Reproducer, Test Reproducer, Test Log)
- kfence-bug-kfence-use-after-free-read-in-workqueue_uaf (gcc-13-lkftconfig-kunit:1) log snippet-6
(artefacts: Kernel Config, Build Reproducer, Test Reproducer, Test Log)
fs_fill fs_fill
fs_fill.c:115: TINFO: Running 4 writer threads
fs_fill.c:55: TINFO: Unlinking mntpoint/subdir/thread3/AOF
fs_fill.c:55: TINFO: Unlinking mntpoint/subdir/thread4/AOF
fs_fill.c:55: TINFO: Unlinking mntpoint/subdir/thread2/AOF
fs_fill.c:55: TINFO: Unlinking mntpoint/subdir/thread1/AOF
fs_fill.c:93: TPASS: Got 4 ENOSPC runtime 57988ms
fs_fill.c:55: TINFO: Unlinking mntpoint/subdir/thread1/file2
fs_fill.c:55: TINFO: Unlinking mntpoint/subdir/thread2/file2
fs_fill.c:55: TINFO: Unlinking mntpoint/subdir/thread4/file2
fs_fill.c:55: TINFO: Unlinking mntpoint/subdir/thread3/file2
fs_fill.c:93: TPASS: Got 4 ENOSPC runtime 63026ms
fs_fill.c:115: TINFO: Running 4 writer threads
fs_fill.c:115: TINFO: Running 4 writer threads
fs_fill.c:55: TINFO: Unlinking mntpoint/subdir/thread2/AOF
fs_fill.c:55: TINFO: Unlinking mntpoint/subdir/thread4/AOF
fs_fill.c:55: TINFO: Unlinking mntpoint/subdir/thread1/AOF
fs_fill.c:55: TINFO: Unlinking mntpoint/subdir/thread3/AOF
fs_fill.c:93: TPASS: Got 4 ENOSPC runtime 30618ms
fs_fill.c:55: TINFO: Unlinking mntpoint/subdir/thread3/file5
fs_fill.c:55: TINFO: Unlinking mntpoint/subdir/thread4/file2
fs_fill.c:55: TINFO: Unlinking mntpoint/subdir/thread1/file5
fs_fill.c:55: TINFO: Unlinking mntpoint/subdir/thread2/file5
fs_fill.c:93: TPASS: Got 4 ENOSPC runtime 32262ms
fs_fill.c:115: TINFO: Running 4 writer threads
fs_fill.c:55: TINFO: Unlinking mntpoint/subdir/thread3/AOF
fs_fill.c:55: TINFO: Unlinking mntpoint/subdir/thread4/AOF
fs_fill.c:55: TINFO: Unlinking mntpoint/subdir/thread1/AOF
fs_fill.c:55: TINFO: Unlinking mntpoint/subdir/thread2/AOF
fs_fill.c:93: TPASS: Got 4 ENOSPC runtime 30864ms
fs_fill.c:55: TINFO: Unlinking mntpoint/subdir/thread4/file0
fs_fill.c:55: TINFO: Unlinking mntpoint/subdir/thread2/file0
fs_fill.c:55: TINFO: Unlinking mntpoint/subdir/thread1/file0
fs_fill.c:55: TINFO: Unlinking mntpoint/subdir/thread3/file0
fs_fill.c:93: TPASS: Got 4 ENOSPC runtime 48379ms
fs_fill.c:115: TINFO: Running 4 writer threads
fs_fill.c:55: TINFO: Unlinking mntpoint/subdir/thread1/AOF
fs_fill.c:55: TINFO: Unlinking mntpoint/subdir/thread4/AOF
fs_fill.c:55: TINFO: Unlinking mntpoint/subdir/thread2/AOF
fs_fill.c:55: TINFO: Unlinking mntpoint/subdir/thread3/AOF
fs_fill.c:93: TPASS: Got 4 ENOSPC runtime 9934ms
fs_fill.c:55: TINFO: Unlinking mntpoint/subdir/thread4/file5
fs_fill.c:55: TINFO: Unlinking mntpoint/subdir/thread1/file5
fs_fill.c:55: TINFO: Unlinking mntpoint/subdir/thread3/file5
fs_fill.c:55: TINFO: Unlinking mntpoint/subdir/thread2/file4
fs_fill.c:93: TPASS: Got 4 ENOSPC runtime 16605ms
[ 170.064116] ==================================================================
[ 170.066018] BUG: KASAN: global-out-of-bounds in cs_dsp_mock_bin_add_name_or_info.isra.0+0x194/0x338
[ 170.067321] Read of size 12 at addr ffffae053dd842a0 by task kunit_try_catch/2885
[ 170.068381]
[ 170.068970] CPU: 0 UID: 0 PID: 2885 Comm: kunit_try_catch Tainted: G D N 6.14.0-rc3 #1
[ 170.069172] Tainted: [D]=DIE, [N]=TEST
[ 170.069260] Hardware name: linux,dummy-virt (DT)
[ 170.069339] Call trace:
[ 170.069414] show_stack+0x18/0x24 (C)
[ 170.069566] dump_stack_lvl+0x74/0x8c
[ 170.069706] print_report+0x300/0x5f4
[ 170.069849] kasan_report+0xc4/0x108
[ 170.069933] kasan_check_range+0x100/0x1a8
[ 170.070075] __asan_memcpy+0x3c/0x94
[ 170.070550] cs_dsp_mock_bin_add_name_or_info.isra.0+0x194/0x338
[ 170.070653] cs_dsp_mock_bin_add_info+0x10/0x1c
[ 170.070728] bin_patch_name_and_info+0x15c/0x6a0
[ 170.070804] kunit_try_run_case+0x144/0x3bc
[ 170.070883] kunit_generic_run_threadfn_adapter+0x80/0xec
[ 170.070975] kthread+0x37c/0x67c
[ 170.071047] ret_from_fork+0x10/0x20
[ 170.071139]
[ 170.078998] The buggy address belongs to the variable:
[ 170.079474] __loc.0+0x2c0/0x3a0
[ 170.080089]
[ 170.080605] The buggy address belongs to the virtual mapping at
[ 170.080605] [ffffae053cd00000, ffffae053e560000) created by:
[ 170.080605] paging_init+0x4d4/0x640
[ 170.083096]
[ 170.083577] The buggy address belongs to the physical page:
[ 170.084565] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x44184
[ 170.086455] flags: 0x3fffe0000002000(reserved|node=0|zone=0|lastcpupid=0x1ffff)
[ 170.088528] raw: 03fffe0000002000 ffffe601b5106108 ffffe601b5106108 0000000000000000
[ 170.089325] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[ 170.090287] page dumped because: kasan: bad access detected
[ 170.091219]
[ 170.091596] Memory state around the buggy address:
[ 170.092710] ffffae053dd84180: f9 f9 f9 f9 03 f9 f9 f9 f9 f9 f9 f9 00 00 06 f9
[ 170.093571] ffffae053dd84200: f9 f9 f9 f9 02 f9 f9 f9 f9 f9 f9 f9 00 01 f9 f9
[ 170.094442] >ffffae053dd84280: f9 f9 f9 f9 00 02 f9 f9 f9 f9 f9 f9 00 00 00 00
[ 170.095171] ^
[ 170.095896] ffffae053dd84300: 00 07 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9
[ 170.096918] ffffae053dd84380: 00 00 f9 f9 f9 f9 f9 f9 00 06 f9 f9 f9 f9 f9 f9
[ 170.097629] ==================================================================
[ 23.883322] ==================================================================
[ 23.884097] BUG: KASAN: double-free in kfree_sensitive+0x3c/0xb0
[ 23.884830] Free of addr fff36f07c114bd40 by task kunit_try_catch/181
[ 23.885459]
[ 23.885850] CPU: 0 UID: 0 PID: 181 Comm: kunit_try_catch Tainted: G B N 6.14.0-rc3 #1
[ 23.886084] Tainted: [B]=BAD_PAGE, [N]=TEST
[ 23.886157] Hardware name: linux,dummy-virt (DT)
[ 23.886248] Call trace:
[ 23.886312] show_stack+0x20/0x38 (C)
[ 23.886451] dump_stack_lvl+0x8c/0xd0
[ 23.886576] print_report+0x118/0x5f0
[ 23.886706] kasan_report_invalid_free+0xb0/0xd8
[ 23.886859] check_slab_allocation+0xd4/0x108
[ 23.887002] __kasan_slab_pre_free+0x2c/0x48
[ 23.887122] kfree+0xe8/0x3c8
[ 23.887227] kfree_sensitive+0x3c/0xb0
[ 23.887341] kmalloc_double_kzfree+0x168/0x308
[ 23.887451] kunit_try_run_case+0x14c/0x3d0
[ 23.887557] kunit_generic_run_threadfn_adapter+0x88/0x100
[ 23.887684] kthread+0x318/0x618
[ 23.887806] ret_from_fork+0x10/0x20
[ 23.887930]
[ 23.897643] Allocated by task 181:
[ 23.898265] kasan_save_stack+0x3c/0x68
[ 23.899029] kasan_save_track+0x20/0x40
[ 23.899739] kasan_save_alloc_info+0x40/0x58
[ 23.900619] __kasan_kmalloc+0xd4/0xd8
[ 23.901308] __kmalloc_cache_noprof+0x15c/0x3c0
[ 23.901929] kmalloc_double_kzfree+0xb8/0x308
[ 23.902521] kunit_try_run_case+0x14c/0x3d0
[ 23.903358] kunit_generic_run_threadfn_adapter+0x88/0x100
[ 23.904016] kthread+0x318/0x618
[ 23.904461] ret_from_fork+0x10/0x20
[ 23.904984]
[ 23.905295] Freed by task 181:
[ 23.905728] kasan_save_stack+0x3c/0x68
[ 23.906617] kasan_save_track+0x20/0x40
[ 23.907116] kasan_save_free_info+0x4c/0x78
[ 23.907727] __kasan_slab_free+0x6c/0x98
[ 23.908315] kfree+0x214/0x3c8
[ 23.908795] kfree_sensitive+0x80/0xb0
[ 23.910167] kmalloc_double_kzfree+0x11c/0x308
[ 23.910988] kunit_try_run_case+0x14c/0x3d0
[ 23.911710] kunit_generic_run_threadfn_adapter+0x88/0x100
[ 23.912480] kthread+0x318/0x618
[ 23.913090] ret_from_fork+0x10/0x20
[ 23.913573]
[ 23.913875] The buggy address belongs to the object at fff36f07c114bd40
[ 23.913875] which belongs to the cache kmalloc-16 of size 16
[ 23.915322] The buggy address is located 0 bytes inside of
[ 23.915322] 16-byte region [fff36f07c114bd40, fff36f07c114bd50)
[ 23.916440]
[ 23.916803] The buggy address belongs to the physical page:
[ 23.917571] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10114b
[ 23.918701] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[ 23.919482] page_type: f5(slab)
[ 23.920005] raw: 0bfffe0000000000 fff36f07c0001640 dead000000000122 0000000000000000
[ 23.920794] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000
[ 23.921670] page dumped because: kasan: bad access detected
[ 23.922549]
[ 23.922858] Memory state around the buggy address:
[ 23.923364] fff36f07c114bc00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[ 23.923716] fff36f07c114bc80: fa fb fc fc 00 04 fc fc fa fb fc fc fa fb fc fc
[ 23.924423] >fff36f07c114bd00: fa fb fc fc fa fb fc fc fa fb fc fc fc fc fc fc
[ 23.925222] ^
[ 23.925911] fff36f07c114bd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 23.927018] fff36f07c114be00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 23.927815] ==================================================================
[ 26.028048] ==================================================================
[ 26.029015] BUG: KASAN: slab-out-of-bounds in memcmp+0x198/0x1d8
[ 26.029735] Read of size 1 at addr fff36f07c62ce658 by task kunit_try_catch/246
[ 26.030413]
[ 26.030808] CPU: 0 UID: 0 PID: 246 Comm: kunit_try_catch Tainted: G B N 6.14.0-rc3 #1
[ 26.031042] Tainted: [B]=BAD_PAGE, [N]=TEST
[ 26.031404] Hardware name: linux,dummy-virt (DT)
[ 26.031495] Call trace:
[ 26.031570] show_stack+0x20/0x38 (C)
[ 26.031696] dump_stack_lvl+0x8c/0xd0
[ 26.031806] print_report+0x118/0x5f0
[ 26.031923] kasan_report+0xc8/0x118
[ 26.032072] __asan_report_load1_noabort+0x20/0x30
[ 26.032230] memcmp+0x198/0x1d8
[ 26.032335] kasan_memcmp+0x16c/0x300
[ 26.032393] kunit_try_run_case+0x14c/0x3d0
[ 26.032455] kunit_generic_run_threadfn_adapter+0x88/0x100
[ 26.032517] kthread+0x318/0x618
[ 26.032571] ret_from_fork+0x10/0x20
[ 26.032631]
[ 26.039860] Allocated by task 246:
[ 26.040435] kasan_save_stack+0x3c/0x68
[ 26.040971] kasan_save_track+0x20/0x40
[ 26.041554] kasan_save_alloc_info+0x40/0x58
[ 26.042629] __kasan_kmalloc+0xd4/0xd8
[ 26.043316] __kmalloc_cache_noprof+0x15c/0x3c0
[ 26.044141] kasan_memcmp+0xbc/0x300
[ 26.044689] kunit_try_run_case+0x14c/0x3d0
[ 26.045162] kunit_generic_run_threadfn_adapter+0x88/0x100
[ 26.046669] kthread+0x318/0x618
[ 26.047945] ret_from_fork+0x10/0x20
[ 26.048362]
[ 26.049146] The buggy address belongs to the object at fff36f07c62ce640
[ 26.049146] which belongs to the cache kmalloc-32 of size 32
[ 26.050684] The buggy address is located 0 bytes to the right of
[ 26.050684] allocated 24-byte region [fff36f07c62ce640, fff36f07c62ce658)
[ 26.051765]
[ 26.053779] The buggy address belongs to the physical page:
[ 26.055458] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1062ce
[ 26.057399] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[ 26.059239] page_type: f5(slab)
[ 26.059907] raw: 0bfffe0000000000 fff36f07c0001780 dead000000000122 0000000000000000
[ 26.060747] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000
[ 26.061599] page dumped because: kasan: bad access detected
[ 26.062435]
[ 26.062666] Memory state around the buggy address:
[ 26.063724] fff36f07c62ce500: 00 00 00 fc fc fc fc fc 00 00 07 fc fc fc fc fc
[ 26.065097] fff36f07c62ce580: 00 00 00 fc fc fc fc fc 00 00 00 04 fc fc fc fc
[ 26.066061] >fff36f07c62ce600: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc
[ 26.067253] ^
[ 26.068080] fff36f07c62ce680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 26.068884] fff36f07c62ce700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 26.069687] ==================================================================
[ 24.242733] ==================================================================
[ 24.243695] BUG: KASAN: slab-use-after-free in rcu_uaf_reclaim+0x64/0x70
[ 24.244310] Read of size 4 at addr fff36f07c6298c00 by task swapper/1/0
[ 24.244950]
[ 24.245323] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G B N 6.14.0-rc3 #1
[ 24.245525] Tainted: [B]=BAD_PAGE, [N]=TEST
[ 24.245602] Hardware name: linux,dummy-virt (DT)
[ 24.245702] Call trace:
[ 24.245761] show_stack+0x20/0x38 (C)
[ 24.245901] dump_stack_lvl+0x8c/0xd0
[ 24.246049] print_report+0x118/0x5f0
[ 24.246177] kasan_report+0xc8/0x118
[ 24.246302] __asan_report_load4_noabort+0x20/0x30
[ 24.246472] rcu_uaf_reclaim+0x64/0x70
[ 24.246605] rcu_core+0x9f4/0x1e20
[ 24.246768] rcu_core_si+0x18/0x30
[ 24.246885] handle_softirqs+0x374/0xb20
[ 24.248148] __do_softirq+0x1c/0x28
[ 24.248233] ____do_softirq+0x18/0x30
[ 24.248288] call_on_irq_stack+0x24/0x58
[ 24.248347] do_softirq_own_stack+0x24/0x38
[ 24.248461] __irq_exit_rcu+0x1fc/0x318
[ 24.248519] irq_exit_rcu+0x1c/0x80
[ 24.248569] el1_interrupt+0x38/0x58
[ 24.248627] el1h_64_irq_handler+0x18/0x28
[ 24.248680] el1h_64_irq+0x6c/0x70
[ 24.248791] arch_local_irq_enable+0x4/0x8 (P)
[ 24.248860] do_idle+0x384/0x4e8
[ 24.248912] cpu_startup_entry+0x64/0x80
[ 24.248988] secondary_start_kernel+0x288/0x340
[ 24.249057] __secondary_switched+0xc0/0xc8
[ 24.249122]
[ 24.264415] Allocated by task 187:
[ 24.265172] kasan_save_stack+0x3c/0x68
[ 24.265766] kasan_save_track+0x20/0x40
[ 24.266624] kasan_save_alloc_info+0x40/0x58
[ 24.267232] __kasan_kmalloc+0xd4/0xd8
[ 24.267828] __kmalloc_cache_noprof+0x15c/0x3c0
[ 24.268476] rcu_uaf+0xb0/0x2d0
[ 24.269014] kunit_try_run_case+0x14c/0x3d0
[ 24.269621] kunit_generic_run_threadfn_adapter+0x88/0x100
[ 24.270516] kthread+0x318/0x618
[ 24.271064] ret_from_fork+0x10/0x20
[ 24.271647]
[ 24.272003] Freed by task 0:
[ 24.272405] kasan_save_stack+0x3c/0x68
[ 24.273058] kasan_save_track+0x20/0x40
[ 24.273614] kasan_save_free_info+0x4c/0x78
[ 24.274365] __kasan_slab_free+0x6c/0x98
[ 24.274930] kfree+0x214/0x3c8
[ 24.275472] rcu_uaf_reclaim+0x28/0x70
[ 24.275937] rcu_core+0x9f4/0x1e20
[ 24.276619] rcu_core_si+0x18/0x30
[ 24.277201] handle_softirqs+0x374/0xb20
[ 24.277806] __do_softirq+0x1c/0x28
[ 24.278539]
[ 24.279015] Last potentially related work creation:
[ 24.279760] kasan_save_stack+0x3c/0x68
[ 24.280389] kasan_record_aux_stack+0xb4/0xc8
[ 24.281079] __call_rcu_common.constprop.0+0x74/0xa10
[ 24.281784] call_rcu+0x18/0x30
[ 24.282575] rcu_uaf+0x14c/0x2d0
[ 24.283268] kunit_try_run_case+0x14c/0x3d0
[ 24.283864] kunit_generic_run_threadfn_adapter+0x88/0x100
[ 24.284657] kthread+0x318/0x618
[ 24.285237] ret_from_fork+0x10/0x20
[ 24.285851]
[ 24.286258] The buggy address belongs to the object at fff36f07c6298c00
[ 24.286258] which belongs to the cache kmalloc-32 of size 32
[ 24.287712] The buggy address is located 0 bytes inside of
[ 24.287712] freed 32-byte region [fff36f07c6298c00, fff36f07c6298c20)
[ 24.288610]
[ 24.288863] The buggy address belongs to the physical page:
[ 24.289356] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106298
[ 24.290065] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[ 24.290950] page_type: f5(slab)
[ 24.292032] raw: 0bfffe0000000000 fff36f07c0001780 dead000000000122 0000000000000000
[ 24.293277] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000
[ 24.294263] page dumped because: kasan: bad access detected
[ 24.295133]
[ 24.295428] Memory state around the buggy address:
[ 24.296030] fff36f07c6298b00: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc
[ 24.296772] fff36f07c6298b80: 00 00 05 fc fc fc fc fc 00 00 07 fc fc fc fc fc
[ 24.297638] >fff36f07c6298c00: fa fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc
[ 24.298894] ^
[ 24.299481] fff36f07c6298c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 24.300132] fff36f07c6298d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 24.300833] ==================================================================
[ 24.316161] ==================================================================
[ 24.317084] BUG: KFENCE: use-after-free read in workqueue_uaf+0x270/0x4a8
[ 24.317084]
[ 24.317895] Use-after-free read at 0x0000000056e1aaec (in kfence-#99):
[ 24.319845] workqueue_uaf+0x270/0x4a8
[ 24.320465] kunit_try_run_case+0x14c/0x3d0
[ 24.321040] kunit_generic_run_threadfn_adapter+0x88/0x100
[ 24.321643] kthread+0x318/0x618
[ 24.322135] ret_from_fork+0x10/0x20
[ 24.322742]
[ 24.323327] kfence-#99: 0x0000000056e1aaec-0x000000002c6b8019, size=32, cache=kmalloc-32
[ 24.323327]
[ 24.324514] allocated by task 189 on cpu 1 at 24.311974s (0.012425s ago):
[ 24.325819] workqueue_uaf+0x13c/0x4a8
[ 24.326328] kunit_try_run_case+0x14c/0x3d0
[ 24.326819] kunit_generic_run_threadfn_adapter+0x88/0x100
[ 24.327511] kthread+0x318/0x618
[ 24.328018] ret_from_fork+0x10/0x20
[ 24.328660]
[ 24.329184] freed by task 31 on cpu 1 at 24.312508s (0.016525s ago):
[ 24.330081] workqueue_uaf_work+0x18/0x30
[ 24.330608] process_one_work+0x530/0xf98
[ 24.331156] worker_thread+0x614/0xf28
[ 24.331689] kthread+0x318/0x618
[ 24.332168] ret_from_fork+0x10/0x20
[ 24.332722]
[ 24.333119] CPU: 0 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G B N 6.14.0-rc3 #1
[ 24.334133] Tainted: [B]=BAD_PAGE, [N]=TEST
[ 24.334614] Hardware name: linux,dummy-virt (DT)
[ 24.335224] ==================================================================
------------[ cut here ]------------
[ 52.027131] WARNING: CPU: 0 PID: 476 at mm/util.c:674 __kvmalloc_node_noprof+0x138/0x148
[ 52.028565] Modules linked in: sm3_ce sm3 sha3_ce sha512_ce sha512_arm64 drm backlight fuse ip_tables x_tables
[ 52.032573] CPU: 0 UID: 0 PID: 476 Comm: unshare_test Not tainted 6.14.0-rc3 #1
[ 52.033769] Hardware name: linux,dummy-virt (DT)
[ 52.034849] pstate: 23402009 (nzCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)
[ 52.035668] pc : __kvmalloc_node_noprof+0x138/0x148
[ 52.036324] lr : __kvmalloc_node_noprof+0x64/0x148
[ 52.036843] sp : ffff800080a83cd0
[ 52.038081] x29: ffff800080a83ce0 x28: fff2faf4068f0000 x27: 0000000000000000
[ 52.038932] x26: 0000000000000000 x25: 0000000000000000 x24: fff2faf40013cb00
[ 52.039794] x23: fff2faf40013cb80 x22: e0efadea90d3ce0c x21: 0000000200001e00
[ 52.040894] x20: 00000000ffffffff x19: 0000000000400cc0 x18: 0000000000000000
[ 52.042067] x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000
[ 52.043311] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000
[ 52.044349] x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000
[ 52.045044] x8 : 0000000000000001 x7 : 0000000000000001 x6 : 0000000000000005
[ 52.046760] x5 : 0000000000000000 x4 : fff2faf4068f0000 x3 : 0000000000000000
[ 52.047683] x2 : 0000000000000000 x1 : 000000007fffffff x0 : 0000000000000000
[ 52.048349] Call trace:
[ 52.048871] __kvmalloc_node_noprof+0x138/0x148 (P)
[ 52.050335] alloc_fdtable+0x84/0x128
[ 52.050824] expand_files+0x74/0x2e4
[ 52.051107] ksys_dup3+0x60/0x120
[ 52.052138] __arm64_sys_dup3+0x20/0x30
[ 52.052579] invoke_syscall+0x48/0x10c
[ 52.053278] el0_svc_common.constprop.0+0x40/0xe0
[ 52.054301] do_el0_svc+0x1c/0x28
[ 52.054628] el0_svc+0x30/0xcc
[ 52.055295] el0t_64_sync_handler+0x10c/0x138
[ 52.056125] el0t_64_sync+0x198/0x19c
[ 52.056672] ---[ end trace 0000000000000000 ]---