Regressions seen on Linux v6.14-rc3-293-g5cf80612d3f7 Good: v6.14-rc3-267-gff202c5028a1 Bad: v6.14-rc3-293-g5cf80612d3f7 Reported-by: Linux Kernel Functional Testing Boot regression: qemu-arm64, log-parser-boot/kasan-bug-kasan-global-out-of-bounds-in-cs_dsp_mock_bin_add_name_or_infoisra Boot log: --------- [ 170.064116] ================================================================== [ 170.066018] BUG: KASAN: global-out-of-bounds in cs_dsp_mock_bin_add_name_or_info.isra.0+0x194/0x338 [ 170.067321] Read of size 12 at addr ffffae053dd842a0 by task kunit_try_catch/2885 [ 170.068381] [ 170.068970] CPU: 0 UID: 0 PID: 2885 Comm: kunit_try_catch Tainted: G D N 6.14.0-rc3 #1 [ 170.069172] Tainted: [D]=DIE, [N]=TEST [ 170.069260] Hardware name: linux,dummy-virt (DT) [ 170.069339] Call trace: [ 170.069414] show_stack+0x18/0x24 (C) [ 170.069566] dump_stack_lvl+0x74/0x8c [ 170.069706] print_report+0x300/0x5f4 [ 170.069849] kasan_report+0xc4/0x108 [ 170.069933] kasan_check_range+0x100/0x1a8 [ 170.070075] __asan_memcpy+0x3c/0x94 [ 170.070550] cs_dsp_mock_bin_add_name_or_info.isra.0+0x194/0x338 [ 170.070653] cs_dsp_mock_bin_add_info+0x10/0x1c [ 170.070728] bin_patch_name_and_info+0x15c/0x6a0 [ 170.070804] kunit_try_run_case+0x144/0x3bc [ 170.070883] kunit_generic_run_threadfn_adapter+0x80/0xec [ 170.070975] kthread+0x37c/0x67c [ 170.071047] ret_from_fork+0x10/0x20 [ 170.071139] [ 170.078998] The buggy address belongs to the variable: [ 170.079474] __loc.0+0x2c0/0x3a0 [ 170.080089] [ 170.080605] The buggy address belongs to the virtual mapping at [ 170.080605] [ffffae053cd00000, ffffae053e560000) created by: [ 170.080605] paging_init+0x4d4/0x640 [ 170.083096] [ 170.083577] The buggy address belongs to the physical page: [ 170.084565] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x44184 [ 170.086455] flags: 0x3fffe0000002000(reserved|node=0|zone=0|lastcpupid=0x1ffff) [ 170.088528] raw: 03fffe0000002000 ffffe601b5106108 ffffe601b5106108 0000000000000000 [ 170.089325] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 170.090287] page dumped because: kasan: bad access detected [ 170.091219] [ 170.091596] Memory state around the buggy address: [ 170.092710] ffffae053dd84180: f9 f9 f9 f9 03 f9 f9 f9 f9 f9 f9 f9 00 00 06 f9 [ 170.093571] ffffae053dd84200: f9 f9 f9 f9 02 f9 f9 f9 f9 f9 f9 f9 00 01 f9 f9 [ 170.094442] >ffffae053dd84280: f9 f9 f9 f9 00 02 f9 f9 f9 f9 f9 f9 00 00 00 00 [ 170.095171] ^ [ 170.095896] ffffae053dd84300: 00 07 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 [ 170.096918] ffffae053dd84380: 00 00 f9 f9 f9 f9 f9 f9 00 06 f9 f9 f9 f9 f9 f9 [ 170.097629] ================================================================== Build: ------ * Test Log: https://qa-reports.linaro.org/~anders.roxell/testtrigger/build/v6.14-rc3-293-g5cf80612d3f7/testrun/27427864/suite/log-parser-boot/test/kasan-bug-kasan-global-out-of-bounds-in-cs_dsp_mock_bin_add_name_or_infoisra-e30561754abf66c8244b0f59a48758639dad260cb41804810411517630a487bb/log * Kernel Config: https://qa-reports.linaro.org/~anders.roxell/testtrigger/build/v6.14-rc3-293-g5cf80612d3f7/testrun/27427858/suite/build/test/gcc-13-lkftconfig/attachments/config * Build Reproducer: https://qa-reports.linaro.org/~anders.roxell/testtrigger/build/v6.14-rc3-293-g5cf80612d3f7/testrun/27427858/suite/build/test/gcc-13-lkftconfig/attachments/tuxmake_reproducer.sh * Test Reproducer: https://qa-reports.linaro.org/~anders.roxell/testtrigger/build/v6.14-rc3-293-g5cf80612d3f7/testrun/27427864/suite/log-parser-boot/test/kasan-bug-kasan-global-out-of-bounds-in-cs_dsp_mock_bin_add_name_or_infoisra-e30561754abf66c8244b0f59a48758639dad260cb41804810411517630a487bb/attachments/reproducer Boot regression: qemu-arm64, log-parser-boot/kasan-bug-kasan-double-free-in-kfree_sensitive Boot log: --------- [ 23.883322] ================================================================== [ 23.884097] BUG: KASAN: double-free in kfree_sensitive+0x3c/0xb0 [ 23.884830] Free of addr fff36f07c114bd40 by task kunit_try_catch/181 [ 23.885459] [ 23.885850] CPU: 0 UID: 0 PID: 181 Comm: kunit_try_catch Tainted: G B N 6.14.0-rc3 #1 [ 23.886084] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.886157] Hardware name: linux,dummy-virt (DT) [ 23.886248] Call trace: [ 23.886312] show_stack+0x20/0x38 (C) [ 23.886451] dump_stack_lvl+0x8c/0xd0 [ 23.886576] print_report+0x118/0x5f0 [ 23.886706] kasan_report_invalid_free+0xb0/0xd8 [ 23.886859] check_slab_allocation+0xd4/0x108 [ 23.887002] __kasan_slab_pre_free+0x2c/0x48 [ 23.887122] kfree+0xe8/0x3c8 [ 23.887227] kfree_sensitive+0x3c/0xb0 [ 23.887341] kmalloc_double_kzfree+0x168/0x308 [ 23.887451] kunit_try_run_case+0x14c/0x3d0 [ 23.887557] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.887684] kthread+0x318/0x618 [ 23.887806] ret_from_fork+0x10/0x20 [ 23.887930] [ 23.897643] Allocated by task 181: [ 23.898265] kasan_save_stack+0x3c/0x68 [ 23.899029] kasan_save_track+0x20/0x40 [ 23.899739] kasan_save_alloc_info+0x40/0x58 [ 23.900619] __kasan_kmalloc+0xd4/0xd8 [ 23.901308] __kmalloc_cache_noprof+0x15c/0x3c0 [ 23.901929] kmalloc_double_kzfree+0xb8/0x308 [ 23.902521] kunit_try_run_case+0x14c/0x3d0 [ 23.903358] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.904016] kthread+0x318/0x618 [ 23.904461] ret_from_fork+0x10/0x20 [ 23.904984] [ 23.905295] Freed by task 181: [ 23.905728] kasan_save_stack+0x3c/0x68 [ 23.906617] kasan_save_track+0x20/0x40 [ 23.907116] kasan_save_free_info+0x4c/0x78 [ 23.907727] __kasan_slab_free+0x6c/0x98 [ 23.908315] kfree+0x214/0x3c8 [ 23.908795] kfree_sensitive+0x80/0xb0 [ 23.910167] kmalloc_double_kzfree+0x11c/0x308 [ 23.910988] kunit_try_run_case+0x14c/0x3d0 [ 23.911710] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.912480] kthread+0x318/0x618 [ 23.913090] ret_from_fork+0x10/0x20 [ 23.913573] [ 23.913875] The buggy address belongs to the object at fff36f07c114bd40 [ 23.913875] which belongs to the cache kmalloc-16 of size 16 [ 23.915322] The buggy address is located 0 bytes inside of [ 23.915322] 16-byte region [fff36f07c114bd40, fff36f07c114bd50) [ 23.916440] [ 23.916803] The buggy address belongs to the physical page: [ 23.917571] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10114b [ 23.918701] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 23.919482] page_type: f5(slab) [ 23.920005] raw: 0bfffe0000000000 fff36f07c0001640 dead000000000122 0000000000000000 [ 23.920794] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 23.921670] page dumped because: kasan: bad access detected [ 23.922549] [ 23.922858] Memory state around the buggy address: [ 23.923364] fff36f07c114bc00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 23.923716] fff36f07c114bc80: fa fb fc fc 00 04 fc fc fa fb fc fc fa fb fc fc [ 23.924423] >fff36f07c114bd00: fa fb fc fc fa fb fc fc fa fb fc fc fc fc fc fc [ 23.925222] ^ [ 23.925911] fff36f07c114bd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.927018] fff36f07c114be00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.927815] ================================================================== Build: ------ * Test Log: https://qa-reports.linaro.org/~anders.roxell/testtrigger/build/v6.14-rc3-293-g5cf80612d3f7/testrun/27429433/suite/log-parser-boot/test/kasan-bug-kasan-double-free-in-kfree_sensitive-d106767bdee8b3b295dcb394486ff1f089ab33935683bda43abef67b7a03eb79/log * Kernel Config: https://qa-reports.linaro.org/~anders.roxell/testtrigger/build/v6.14-rc3-293-g5cf80612d3f7/testrun/27427858/suite/build/test/gcc-13-lkftconfig/attachments/config * Build Reproducer: https://qa-reports.linaro.org/~anders.roxell/testtrigger/build/v6.14-rc3-293-g5cf80612d3f7/testrun/27427858/suite/build/test/gcc-13-lkftconfig/attachments/tuxmake_reproducer.sh * Test Reproducer: https://qa-reports.linaro.org/~anders.roxell/testtrigger/build/v6.14-rc3-293-g5cf80612d3f7/testrun/27429433/suite/log-parser-boot/test/kasan-bug-kasan-double-free-in-kfree_sensitive-d106767bdee8b3b295dcb394486ff1f089ab33935683bda43abef67b7a03eb79/attachments/reproducer Boot regression: qemu-arm64, log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-memcmp Boot log: --------- [ 26.028048] ================================================================== [ 26.029015] BUG: KASAN: slab-out-of-bounds in memcmp+0x198/0x1d8 [ 26.029735] Read of size 1 at addr fff36f07c62ce658 by task kunit_try_catch/246 [ 26.030413] [ 26.030808] CPU: 0 UID: 0 PID: 246 Comm: kunit_try_catch Tainted: G B N 6.14.0-rc3 #1 [ 26.031042] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.031404] Hardware name: linux,dummy-virt (DT) [ 26.031495] Call trace: [ 26.031570] show_stack+0x20/0x38 (C) [ 26.031696] dump_stack_lvl+0x8c/0xd0 [ 26.031806] print_report+0x118/0x5f0 [ 26.031923] kasan_report+0xc8/0x118 [ 26.032072] __asan_report_load1_noabort+0x20/0x30 [ 26.032230] memcmp+0x198/0x1d8 [ 26.032335] kasan_memcmp+0x16c/0x300 [ 26.032393] kunit_try_run_case+0x14c/0x3d0 [ 26.032455] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.032517] kthread+0x318/0x618 [ 26.032571] ret_from_fork+0x10/0x20 [ 26.032631] [ 26.039860] Allocated by task 246: [ 26.040435] kasan_save_stack+0x3c/0x68 [ 26.040971] kasan_save_track+0x20/0x40 [ 26.041554] kasan_save_alloc_info+0x40/0x58 [ 26.042629] __kasan_kmalloc+0xd4/0xd8 [ 26.043316] __kmalloc_cache_noprof+0x15c/0x3c0 [ 26.044141] kasan_memcmp+0xbc/0x300 [ 26.044689] kunit_try_run_case+0x14c/0x3d0 [ 26.045162] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.046669] kthread+0x318/0x618 [ 26.047945] ret_from_fork+0x10/0x20 [ 26.048362] [ 26.049146] The buggy address belongs to the object at fff36f07c62ce640 [ 26.049146] which belongs to the cache kmalloc-32 of size 32 [ 26.050684] The buggy address is located 0 bytes to the right of [ 26.050684] allocated 24-byte region [fff36f07c62ce640, fff36f07c62ce658) [ 26.051765] [ 26.053779] The buggy address belongs to the physical page: [ 26.055458] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1062ce [ 26.057399] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 26.059239] page_type: f5(slab) [ 26.059907] raw: 0bfffe0000000000 fff36f07c0001780 dead000000000122 0000000000000000 [ 26.060747] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 26.061599] page dumped because: kasan: bad access detected [ 26.062435] [ 26.062666] Memory state around the buggy address: [ 26.063724] fff36f07c62ce500: 00 00 00 fc fc fc fc fc 00 00 07 fc fc fc fc fc [ 26.065097] fff36f07c62ce580: 00 00 00 fc fc fc fc fc 00 00 00 04 fc fc fc fc [ 26.066061] >fff36f07c62ce600: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 26.067253] ^ [ 26.068080] fff36f07c62ce680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.068884] fff36f07c62ce700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.069687] ================================================================== Build: ------ * Test Log: https://qa-reports.linaro.org/~anders.roxell/testtrigger/build/v6.14-rc3-293-g5cf80612d3f7/testrun/27429433/suite/log-parser-boot/test/kasan-bug-kasan-slab-out-of-bounds-in-memcmp-b2b9c259cb8d4fca549eb37d22d4ffb495dd1b56fb9b89aa09affe3c572e6460/log * Kernel Config: https://qa-reports.linaro.org/~anders.roxell/testtrigger/build/v6.14-rc3-293-g5cf80612d3f7/testrun/27427858/suite/build/test/gcc-13-lkftconfig/attachments/config * Build Reproducer: https://qa-reports.linaro.org/~anders.roxell/testtrigger/build/v6.14-rc3-293-g5cf80612d3f7/testrun/27427858/suite/build/test/gcc-13-lkftconfig/attachments/tuxmake_reproducer.sh * Test Reproducer: https://qa-reports.linaro.org/~anders.roxell/testtrigger/build/v6.14-rc3-293-g5cf80612d3f7/testrun/27429433/suite/log-parser-boot/test/kasan-bug-kasan-slab-out-of-bounds-in-memcmp-b2b9c259cb8d4fca549eb37d22d4ffb495dd1b56fb9b89aa09affe3c572e6460/attachments/reproducer Boot regression: qemu-arm64, log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-rcu_uaf_reclaim Boot log: --------- [ 24.242733] ================================================================== [ 24.243695] BUG: KASAN: slab-use-after-free in rcu_uaf_reclaim+0x64/0x70 [ 24.244310] Read of size 4 at addr fff36f07c6298c00 by task swapper/1/0 [ 24.244950] [ 24.245323] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G B N 6.14.0-rc3 #1 [ 24.245525] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.245602] Hardware name: linux,dummy-virt (DT) [ 24.245702] Call trace: [ 24.245761] show_stack+0x20/0x38 (C) [ 24.245901] dump_stack_lvl+0x8c/0xd0 [ 24.246049] print_report+0x118/0x5f0 [ 24.246177] kasan_report+0xc8/0x118 [ 24.246302] __asan_report_load4_noabort+0x20/0x30 [ 24.246472] rcu_uaf_reclaim+0x64/0x70 [ 24.246605] rcu_core+0x9f4/0x1e20 [ 24.246768] rcu_core_si+0x18/0x30 [ 24.246885] handle_softirqs+0x374/0xb20 [ 24.248148] __do_softirq+0x1c/0x28 [ 24.248233] ____do_softirq+0x18/0x30 [ 24.248288] call_on_irq_stack+0x24/0x58 [ 24.248347] do_softirq_own_stack+0x24/0x38 [ 24.248461] __irq_exit_rcu+0x1fc/0x318 [ 24.248519] irq_exit_rcu+0x1c/0x80 [ 24.248569] el1_interrupt+0x38/0x58 [ 24.248627] el1h_64_irq_handler+0x18/0x28 [ 24.248680] el1h_64_irq+0x6c/0x70 [ 24.248791] arch_local_irq_enable+0x4/0x8 (P) [ 24.248860] do_idle+0x384/0x4e8 [ 24.248912] cpu_startup_entry+0x64/0x80 [ 24.248988] secondary_start_kernel+0x288/0x340 [ 24.249057] __secondary_switched+0xc0/0xc8 [ 24.249122] [ 24.264415] Allocated by task 187: [ 24.265172] kasan_save_stack+0x3c/0x68 [ 24.265766] kasan_save_track+0x20/0x40 [ 24.266624] kasan_save_alloc_info+0x40/0x58 [ 24.267232] __kasan_kmalloc+0xd4/0xd8 [ 24.267828] __kmalloc_cache_noprof+0x15c/0x3c0 [ 24.268476] rcu_uaf+0xb0/0x2d0 [ 24.269014] kunit_try_run_case+0x14c/0x3d0 [ 24.269621] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.270516] kthread+0x318/0x618 [ 24.271064] ret_from_fork+0x10/0x20 [ 24.271647] [ 24.272003] Freed by task 0: [ 24.272405] kasan_save_stack+0x3c/0x68 [ 24.273058] kasan_save_track+0x20/0x40 [ 24.273614] kasan_save_free_info+0x4c/0x78 [ 24.274365] __kasan_slab_free+0x6c/0x98 [ 24.274930] kfree+0x214/0x3c8 [ 24.275472] rcu_uaf_reclaim+0x28/0x70 [ 24.275937] rcu_core+0x9f4/0x1e20 [ 24.276619] rcu_core_si+0x18/0x30 [ 24.277201] handle_softirqs+0x374/0xb20 [ 24.277806] __do_softirq+0x1c/0x28 [ 24.278539] [ 24.279015] Last potentially related work creation: [ 24.279760] kasan_save_stack+0x3c/0x68 [ 24.280389] kasan_record_aux_stack+0xb4/0xc8 [ 24.281079] __call_rcu_common.constprop.0+0x74/0xa10 [ 24.281784] call_rcu+0x18/0x30 [ 24.282575] rcu_uaf+0x14c/0x2d0 [ 24.283268] kunit_try_run_case+0x14c/0x3d0 [ 24.283864] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.284657] kthread+0x318/0x618 [ 24.285237] ret_from_fork+0x10/0x20 [ 24.285851] [ 24.286258] The buggy address belongs to the object at fff36f07c6298c00 [ 24.286258] which belongs to the cache kmalloc-32 of size 32 [ 24.287712] The buggy address is located 0 bytes inside of [ 24.287712] freed 32-byte region [fff36f07c6298c00, fff36f07c6298c20) [ 24.288610] [ 24.288863] The buggy address belongs to the physical page: [ 24.289356] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106298 [ 24.290065] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 24.290950] page_type: f5(slab) [ 24.292032] raw: 0bfffe0000000000 fff36f07c0001780 dead000000000122 0000000000000000 [ 24.293277] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 24.294263] page dumped because: kasan: bad access detected [ 24.295133] [ 24.295428] Memory state around the buggy address: [ 24.296030] fff36f07c6298b00: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 24.296772] fff36f07c6298b80: 00 00 05 fc fc fc fc fc 00 00 07 fc fc fc fc fc [ 24.297638] >fff36f07c6298c00: fa fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc [ 24.298894] ^ [ 24.299481] fff36f07c6298c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.300132] fff36f07c6298d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.300833] ================================================================== Build: ------ * Test Log: https://qa-reports.linaro.org/~anders.roxell/testtrigger/build/v6.14-rc3-293-g5cf80612d3f7/testrun/27429433/suite/log-parser-boot/test/kasan-bug-kasan-slab-use-after-free-in-rcu_uaf_reclaim-be2e0ee30bd730eca750acf431ae31deb54794988852ccc79e6c99e44fb47e7c/log * Kernel Config: https://qa-reports.linaro.org/~anders.roxell/testtrigger/build/v6.14-rc3-293-g5cf80612d3f7/testrun/27427858/suite/build/test/gcc-13-lkftconfig/attachments/config * Build Reproducer: https://qa-reports.linaro.org/~anders.roxell/testtrigger/build/v6.14-rc3-293-g5cf80612d3f7/testrun/27427858/suite/build/test/gcc-13-lkftconfig/attachments/tuxmake_reproducer.sh * Test Reproducer: https://qa-reports.linaro.org/~anders.roxell/testtrigger/build/v6.14-rc3-293-g5cf80612d3f7/testrun/27429433/suite/log-parser-boot/test/kasan-bug-kasan-slab-use-after-free-in-rcu_uaf_reclaim-be2e0ee30bd730eca750acf431ae31deb54794988852ccc79e6c99e44fb47e7c/attachments/reproducer Boot regression: qemu-arm64, log-parser-boot/kfence-bug-kfence-use-after-free-read-in-workqueue_uaf Boot log: --------- [ 24.316161] ================================================================== [ 24.317084] BUG: KFENCE: use-after-free read in workqueue_uaf+0x270/0x4a8 [ 24.317084] [ 24.317895] Use-after-free read at 0x0000000056e1aaec (in kfence-#99): [ 24.319845] workqueue_uaf+0x270/0x4a8 [ 24.320465] kunit_try_run_case+0x14c/0x3d0 [ 24.321040] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.321643] kthread+0x318/0x618 [ 24.322135] ret_from_fork+0x10/0x20 [ 24.322742] [ 24.323327] kfence-#99: 0x0000000056e1aaec-0x000000002c6b8019, size=32, cache=kmalloc-32 [ 24.323327] [ 24.324514] allocated by task 189 on cpu 1 at 24.311974s (0.012425s ago): [ 24.325819] workqueue_uaf+0x13c/0x4a8 [ 24.326328] kunit_try_run_case+0x14c/0x3d0 [ 24.326819] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.327511] kthread+0x318/0x618 [ 24.328018] ret_from_fork+0x10/0x20 [ 24.328660] [ 24.329184] freed by task 31 on cpu 1 at 24.312508s (0.016525s ago): [ 24.330081] workqueue_uaf_work+0x18/0x30 [ 24.330608] process_one_work+0x530/0xf98 [ 24.331156] worker_thread+0x614/0xf28 [ 24.331689] kthread+0x318/0x618 [ 24.332168] ret_from_fork+0x10/0x20 [ 24.332722] [ 24.333119] CPU: 0 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G B N 6.14.0-rc3 #1 [ 24.334133] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.334614] Hardware name: linux,dummy-virt (DT) [ 24.335224] ================================================================== Build: ------ * Test Log: https://qa-reports.linaro.org/~anders.roxell/testtrigger/build/v6.14-rc3-293-g5cf80612d3f7/testrun/27429433/suite/log-parser-boot/test/kfence-bug-kfence-use-after-free-read-in-workqueue_uaf-92bf46bc3d3fc492cdd89839a603c241024932e9e0d40fc4e0f3d9bee49dd6bb/log * Kernel Config: https://qa-reports.linaro.org/~anders.roxell/testtrigger/build/v6.14-rc3-293-g5cf80612d3f7/testrun/27427858/suite/build/test/gcc-13-lkftconfig/attachments/config * Build Reproducer: https://qa-reports.linaro.org/~anders.roxell/testtrigger/build/v6.14-rc3-293-g5cf80612d3f7/testrun/27427858/suite/build/test/gcc-13-lkftconfig/attachments/tuxmake_reproducer.sh * Test Reproducer: https://qa-reports.linaro.org/~anders.roxell/testtrigger/build/v6.14-rc3-293-g5cf80612d3f7/testrun/27429433/suite/log-parser-boot/test/kfence-bug-kfence-use-after-free-read-in-workqueue_uaf-92bf46bc3d3fc492cdd89839a603c241024932e9e0d40fc4e0f3d9bee49dd6bb/attachments/reproducer Test regression: qemu-arm64, ltp-fs/fs_fill Test log: --------- fs_fill fs_fill fs_fill.c:115: TINFO: Running 4 writer threads fs_fill.c:55: TINFO: Unlinking mntpoint/subdir/thread3/AOF fs_fill.c:55: TINFO: Unlinking mntpoint/subdir/thread4/AOF fs_fill.c:55: TINFO: Unlinking mntpoint/subdir/thread2/AOF fs_fill.c:55: TINFO: Unlinking mntpoint/subdir/thread1/AOF fs_fill.c:93: TPASS: Got 4 ENOSPC runtime 57988ms fs_fill.c:55: TINFO: Unlinking mntpoint/subdir/thread1/file2 fs_fill.c:55: TINFO: Unlinking mntpoint/subdir/thread2/file2 fs_fill.c:55: TINFO: Unlinking mntpoint/subdir/thread4/file2 fs_fill.c:55: TINFO: Unlinking mntpoint/subdir/thread3/file2 fs_fill.c:93: TPASS: Got 4 ENOSPC runtime 63026ms fs_fill.c:115: TINFO: Running 4 writer threads fs_fill.c:115: TINFO: Running 4 writer threads fs_fill.c:55: TINFO: Unlinking mntpoint/subdir/thread2/AOF fs_fill.c:55: TINFO: Unlinking mntpoint/subdir/thread4/AOF fs_fill.c:55: TINFO: Unlinking mntpoint/subdir/thread1/AOF fs_fill.c:55: TINFO: Unlinking mntpoint/subdir/thread3/AOF fs_fill.c:93: TPASS: Got 4 ENOSPC runtime 30618ms fs_fill.c:55: TINFO: Unlinking mntpoint/subdir/thread3/file5 fs_fill.c:55: TINFO: Unlinking mntpoint/subdir/thread4/file2 fs_fill.c:55: TINFO: Unlinking mntpoint/subdir/thread1/file5 fs_fill.c:55: TINFO: Unlinking mntpoint/subdir/thread2/file5 fs_fill.c:93: TPASS: Got 4 ENOSPC runtime 32262ms fs_fill.c:115: TINFO: Running 4 writer threads fs_fill.c:55: TINFO: Unlinking mntpoint/subdir/thread3/AOF fs_fill.c:55: TINFO: Unlinking mntpoint/subdir/thread4/AOF fs_fill.c:55: TINFO: Unlinking mntpoint/subdir/thread1/AOF fs_fill.c:55: TINFO: Unlinking mntpoint/subdir/thread2/AOF fs_fill.c:93: TPASS: Got 4 ENOSPC runtime 30864ms fs_fill.c:55: TINFO: Unlinking mntpoint/subdir/thread4/file0 fs_fill.c:55: TINFO: Unlinking mntpoint/subdir/thread2/file0 fs_fill.c:55: TINFO: Unlinking mntpoint/subdir/thread1/file0 fs_fill.c:55: TINFO: Unlinking mntpoint/subdir/thread3/file0 fs_fill.c:93: TPASS: Got 4 ENOSPC runtime 48379ms fs_fill.c:115: TINFO: Running 4 writer threads fs_fill.c:55: TINFO: Unlinking mntpoint/subdir/thread1/AOF fs_fill.c:55: TINFO: Unlinking mntpoint/subdir/thread4/AOF fs_fill.c:55: TINFO: Unlinking mntpoint/subdir/thread2/AOF fs_fill.c:55: TINFO: Unlinking mntpoint/subdir/thread3/AOF fs_fill.c:93: TPASS: Got 4 ENOSPC runtime 9934ms fs_fill.c:55: TINFO: Unlinking mntpoint/subdir/thread4/file5 fs_fill.c:55: TINFO: Unlinking mntpoint/subdir/thread1/file5 fs_fill.c:55: TINFO: Unlinking mntpoint/subdir/thread3/file5 fs_fill.c:55: TINFO: Unlinking mntpoint/subdir/thread2/file4 fs_fill.c:93: TPASS: Got 4 ENOSPC runtime 16605ms Build: ------ * Test Log: https://qa-reports.linaro.org/~anders.roxell/testtrigger/build/v6.14-rc3-293-g5cf80612d3f7/testrun/27428361/suite/ltp-fs/test/fs_fill/log * Kernel Config: https://qa-reports.linaro.org/~anders.roxell/testtrigger/build/v6.14-rc3-293-g5cf80612d3f7/testrun/27427858/suite/build/test/gcc-13-lkftconfig/attachments/config * Build Reproducer: https://qa-reports.linaro.org/~anders.roxell/testtrigger/build/v6.14-rc3-293-g5cf80612d3f7/testrun/27427858/suite/build/test/gcc-13-lkftconfig/attachments/tuxmake_reproducer.sh * Test Reproducer: https://qa-reports.linaro.org/~anders.roxell/testtrigger/build/v6.14-rc3-293-g5cf80612d3f7/testrun/27428361/suite/ltp-fs/test/fs_fill/attachments/reproducer Test regression: qemu-arm64, log-parser-test/exception-warning-cpu-pid-at-mmutil-__kvmalloc_node_noprof Test log: --------- ------------[ cut here ]------------ [ 52.027131] WARNING: CPU: 0 PID: 476 at mm/util.c:674 __kvmalloc_node_noprof+0x138/0x148 [ 52.028565] Modules linked in: sm3_ce sm3 sha3_ce sha512_ce sha512_arm64 drm backlight fuse ip_tables x_tables [ 52.032573] CPU: 0 UID: 0 PID: 476 Comm: unshare_test Not tainted 6.14.0-rc3 #1 [ 52.033769] Hardware name: linux,dummy-virt (DT) [ 52.034849] pstate: 23402009 (nzCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) [ 52.035668] pc : __kvmalloc_node_noprof+0x138/0x148 [ 52.036324] lr : __kvmalloc_node_noprof+0x64/0x148 [ 52.036843] sp : ffff800080a83cd0 [ 52.038081] x29: ffff800080a83ce0 x28: fff2faf4068f0000 x27: 0000000000000000 [ 52.038932] x26: 0000000000000000 x25: 0000000000000000 x24: fff2faf40013cb00 [ 52.039794] x23: fff2faf40013cb80 x22: e0efadea90d3ce0c x21: 0000000200001e00 [ 52.040894] x20: 00000000ffffffff x19: 0000000000400cc0 x18: 0000000000000000 [ 52.042067] x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000 [ 52.043311] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000 [ 52.044349] x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000 [ 52.045044] x8 : 0000000000000001 x7 : 0000000000000001 x6 : 0000000000000005 [ 52.046760] x5 : 0000000000000000 x4 : fff2faf4068f0000 x3 : 0000000000000000 [ 52.047683] x2 : 0000000000000000 x1 : 000000007fffffff x0 : 0000000000000000 [ 52.048349] Call trace: [ 52.048871] __kvmalloc_node_noprof+0x138/0x148 (P) [ 52.050335] alloc_fdtable+0x84/0x128 [ 52.050824] expand_files+0x74/0x2e4 [ 52.051107] ksys_dup3+0x60/0x120 [ 52.052138] __arm64_sys_dup3+0x20/0x30 [ 52.052579] invoke_syscall+0x48/0x10c [ 52.053278] el0_svc_common.constprop.0+0x40/0xe0 [ 52.054301] do_el0_svc+0x1c/0x28 [ 52.054628] el0_svc+0x30/0xcc [ 52.055295] el0t_64_sync_handler+0x10c/0x138 [ 52.056125] el0t_64_sync+0x198/0x19c [ 52.056672] ---[ end trace 0000000000000000 ]--- Build: ------ * Test Log: https://qa-reports.linaro.org/~anders.roxell/testtrigger/build/v6.14-rc3-293-g5cf80612d3f7/testrun/27428215/suite/log-parser-test/test/exception-warning-cpu-pid-at-mmutil-__kvmalloc_node_noprof-19dfc378a605fce2b679dc9f65b0033f0a3a953a522be7cdfcc79f6ff048f7c9/log * Kernel Config: https://qa-reports.linaro.org/~anders.roxell/testtrigger/build/v6.14-rc3-293-g5cf80612d3f7/testrun/27427858/suite/build/test/gcc-13-lkftconfig/attachments/config * Build Reproducer: https://qa-reports.linaro.org/~anders.roxell/testtrigger/build/v6.14-rc3-293-g5cf80612d3f7/testrun/27427858/suite/build/test/gcc-13-lkftconfig/attachments/tuxmake_reproducer.sh * Test Reproducer: https://qa-reports.linaro.org/~anders.roxell/testtrigger/build/v6.14-rc3-293-g5cf80612d3f7/testrun/27428215/suite/log-parser-test/test/exception-warning-cpu-pid-at-mmutil-__kvmalloc_node_noprof-19dfc378a605fce2b679dc9f65b0033f0a3a953a522be7cdfcc79f6ff048f7c9/attachments/reproducer ## Source - Kernel version: 6.14.0-rc3 - Git Tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git - Git SHA: 5cf80612d3f72c46ad53ef5042b4c609c393122f - Git Describe: v6.14-rc3-293-g5cf80612d3f7 - Test Details: https://qa-reports.linaro.org/~anders.roxell/testtrigger/build/v6.14-rc3-293-g5cf80612d3f7 -- Linaro LKFT https://lkft.linaro.org