Regressions seen on Linux v6.14-3565-gf6e0150b2003 Good: v6.14-2665-g1e26c5e28ca5 Bad: v6.14-3565-gf6e0150b2003 Reported-by: Linux Kernel Functional Testing Boot regression: qemu-arm64, log-parser-boot/internal-error-oops-oops-smp Boot log: --------- [ 30.132100] Internal error: Oops: 0000000096000005 [#1] SMP [ 30.132811] Modules linked in: [ 30.135634] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G N 6.14.0 #1 PREEMPT [ 30.136484] Tainted: [N]=TEST [ 30.136991] Hardware name: linux,dummy-virt (DT) [ 30.137943] pstate: 82402009 (Nzcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--) [ 30.138412] pc : kunit_test_null_dereference+0x2c/0x114 [ 30.139857] lr : kunit_generic_run_threadfn_adapter+0x84/0x104 [ 30.140351] sp : ffff8000809f7db0 [ 30.140902] x29: ffff8000809f7dc0 x28: dfff800000000000 x27: 1ffe000018e9db95 [ 30.141914] x26: fff00000c44bcc20 x25: ffff8000809e7b48 x24: fff00000c44f6890 [ 30.142739] x23: 1ffe000018897971 x22: dfff800000000000 x21: dfff800000000000 [ 30.143522] x20: ffffa9bfcd72c3dc x19: fff00000c44bcb88 x18: 0000000000000002 [ 30.144323] x17: 0000000000000075 x16: 0000000000000000 x15: 0000000000000001 [ 30.144990] x14: 1ffe000018e9dc83 x13: 0000000000000000 x12: 0000000000000000 [ 30.145814] x11: fffd800018e9dc84 x10: dfff800000000000 x9 : 1ffe000018897972 [ 30.146704] x8 : ad9ad3d68619eb00 x7 : ffffa9bfcf7cf720 x6 : ffffa9bfcf7d2de0 [ 30.147763] x5 : ffffa9bfcf7d3340 x4 : 0000000000000001 x3 : ffffa9bfcf657644 [ 30.148086] x2 : 0000000000000001 x1 : 0000000000000001 x0 : ffff800080087b08 [ 30.148762] Call trace: [ 30.149312] kunit_test_null_dereference+0x2c/0x114 (P) [ 30.150097] kunit_generic_run_threadfn_adapter+0x84/0x104 [ 30.150610] kthread+0x3f4/0x518 [ 30.150993] ret_from_fork+0x10/0x20 [ 30.152026] Code: d2d00015 f9426d08 f2fbfff5 f90007e8 (39c002a8) [ 30.152792] ---[ end trace 0000000000000000 ]--- Build: ------ - Test Log: https://qa-reports.linaro.org/~anders.roxell/testtrigger/build/v6.14-3565-gf6e0150b2003/testrun/27797135/suite/log-parser-boot/test/internal-error-oops-oops-smp-1fee02f38d56f9cadc23d6191b4c502f6b7c854a84457b21b2730df0074a6f81/log - Kernel Config: https://qa-reports.linaro.org/~anders.roxell/testtrigger/build/v6.14-3565-gf6e0150b2003/testrun/27794708/suite/build/test/gcc-13-lkftconfig/attachments/config - Build Reproducer: https://qa-reports.linaro.org/~anders.roxell/testtrigger/build/v6.14-3565-gf6e0150b2003/testrun/27794708/suite/build/test/gcc-13-lkftconfig/attachments/tuxmake_reproducer.sh - Test Reproducer: https://qa-reports.linaro.org/~anders.roxell/testtrigger/build/v6.14-3565-gf6e0150b2003/testrun/27797135/suite/log-parser-boot/test/internal-error-oops-oops-smp-1fee02f38d56f9cadc23d6191b4c502f6b7c854a84457b21b2730df0074a6f81/attachments/reproducer Boot regression: qemu-arm64, log-parser-boot/exception-warning-cpu-pid-at-libmathint_log-intlog10 Boot log: --------- ------------[ cut here ]------------ [ 30.626298] WARNING: CPU: 0 PID: 434 at lib/math/int_log.c:120 intlog10+0x30/0x38 [ 30.626915] Modules linked in: [ 30.627385] CPU: 0 UID: 0 PID: 434 Comm: kunit_try_catch Tainted: G D W N 6.14.0 #1 PREEMPT [ 30.628084] Tainted: [D]=DIE, [W]=WARN, [N]=TEST [ 30.628519] Hardware name: linux,dummy-virt (DT) [ 30.628865] pstate: 11400009 (nzcV daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [ 30.630520] pc : intlog10+0x30/0x38 [ 30.630863] lr : intlog10_test+0xdc/0x1f0 [ 30.631287] sp : ffff800080987c10 [ 30.631624] x29: ffff800080987c90 x28: 0000000000000000 x27: 0000000000000000 [ 30.632416] x26: 1ffe000018ef8f61 x25: fff00000c78db780 x24: 0000000000000004 [ 30.633144] x23: fff00000c78db780 x22: 0000000000000000 x21: 1ffff00010130f82 [ 30.633910] x20: ffffa8fbf3eb7260 x19: ffff8000800879b0 x18: 0000000000009000 [ 30.634592] x17: fff00000c0361288 x16: 0000000000000100 x15: fff00000ff80de40 [ 30.635383] x14: 1ffe00001b525f05 x13: 00000000f1f1f1f1 x12: ffff751f7ee62331 [ 30.636120] x11: 1ffff51f7ee62330 x10: ffff751f7ee62330 x9 : dfff800000000000 [ 30.636809] x8 : ffffa8fbf7311983 x7 : 0000000000000001 x6 : 00000000f1f1f1f1 [ 30.637756] x5 : ffff700010130f82 x4 : 1ffff00010010f3e x3 : 1ffff51f7e7d6e4c [ 30.638398] x2 : 1ffff51f7e7d6e4c x1 : 0000000000000003 x0 : 0000000000000000 [ 30.639047] Call trace: [ 30.639280] intlog10+0x30/0x38 (P) [ 30.639654] kunit_try_run_case+0x144/0x3bc [ 30.640049] kunit_generic_run_threadfn_adapter+0x80/0xec [ 30.640419] kthread+0x37c/0x67c [ 30.640834] ret_from_fork+0x10/0x20 [ 30.641429] ---[ end trace 0000000000000000 ]--- Build: ------ - Test Log: https://qa-reports.linaro.org/~anders.roxell/testtrigger/build/v6.14-3565-gf6e0150b2003/testrun/27796092/suite/log-parser-boot/test/exception-warning-cpu-pid-at-libmathint_log-intlog10-7e1fc925e8657dc47ca896b64d93a0f60126973233aa3fb602f4034829c88b6b/log - Kernel Config: https://qa-reports.linaro.org/~anders.roxell/testtrigger/build/v6.14-3565-gf6e0150b2003/testrun/27794708/suite/build/test/gcc-13-lkftconfig/attachments/config - Build Reproducer: https://qa-reports.linaro.org/~anders.roxell/testtrigger/build/v6.14-3565-gf6e0150b2003/testrun/27794708/suite/build/test/gcc-13-lkftconfig/attachments/tuxmake_reproducer.sh - Test Reproducer: https://qa-reports.linaro.org/~anders.roxell/testtrigger/build/v6.14-3565-gf6e0150b2003/testrun/27796092/suite/log-parser-boot/test/exception-warning-cpu-pid-at-libmathint_log-intlog10-7e1fc925e8657dc47ca896b64d93a0f60126973233aa3fb602f4034829c88b6b/attachments/reproducer Boot regression: qemu-arm64, log-parser-boot/kasan-bug-kasan-global-out-of-bounds-in-cs_dsp_mock_bin_add_name_or_infoisra Boot log: --------- [ 97.381201] ================================================================== [ 97.382442] BUG: KASAN: global-out-of-bounds in cs_dsp_mock_bin_add_name_or_info.isra.0+0x194/0x338 [ 97.383180] Read of size 12 at addr ffffa8fbf4dc9660 by task kunit_try_catch/3085 [ 97.383680] [ 97.383979] CPU: 1 UID: 0 PID: 3085 Comm: kunit_try_catch Tainted: G D W N 6.14.0 #1 PREEMPT [ 97.384135] Tainted: [D]=DIE, [W]=WARN, [N]=TEST [ 97.384189] Hardware name: linux,dummy-virt (DT) [ 97.384241] Call trace: [ 97.384285] show_stack+0x18/0x24 (C) [ 97.384388] dump_stack_lvl+0x74/0x8c [ 97.384473] print_report+0x300/0x5f4 [ 97.384565] kasan_report+0xc4/0x108 [ 97.384664] kasan_check_range+0x100/0x1a8 [ 97.384740] __asan_memcpy+0x3c/0x94 [ 97.384924] cs_dsp_mock_bin_add_name_or_info.isra.0+0x194/0x338 [ 97.385214] cs_dsp_mock_bin_add_info+0x10/0x1c [ 97.385321] bin_patch_name_and_info+0x15c/0x6a0 [ 97.385423] kunit_try_run_case+0x144/0x3bc [ 97.385509] kunit_generic_run_threadfn_adapter+0x80/0xec [ 97.385586] kthread+0x37c/0x67c [ 97.385663] ret_from_fork+0x10/0x20 [ 97.385767] [ 97.391577] The buggy address belongs to the variable: [ 97.391902] __loc.0+0x2c0/0x3a0 [ 97.392597] [ 97.393182] The buggy address belongs to the virtual mapping at [ 97.393182] [ffffa8fbf3d30000, ffffa8fbf55b0000) created by: [ 97.393182] paging_init+0x4d4/0x640 [ 97.394700] [ 97.395095] The buggy address belongs to the physical page: [ 97.396207] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x441c9 [ 97.396891] flags: 0x3fffe0000002000(reserved|node=0|zone=0|lastcpupid=0x1ffff) [ 97.398152] raw: 03fffe0000002000 ffffc1ffc0107248 ffffc1ffc0107248 0000000000000000 [ 97.398723] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 97.399452] page dumped because: kasan: bad access detected [ 97.399888] [ 97.400147] Memory state around the buggy address: [ 97.400947] ffffa8fbf4dc9500: f9 f9 f9 f9 00 00 00 01 f9 f9 f9 f9 03 f9 f9 f9 [ 97.401606] ffffa8fbf4dc9580: f9 f9 f9 f9 00 00 06 f9 f9 f9 f9 f9 02 f9 f9 f9 [ 97.402169] >ffffa8fbf4dc9600: f9 f9 f9 f9 00 01 f9 f9 f9 f9 f9 f9 00 02 f9 f9 [ 97.402734] ^ [ 97.403914] ffffa8fbf4dc9680: f9 f9 f9 f9 00 00 00 00 00 07 f9 f9 f9 f9 f9 f9 [ 97.404320] ffffa8fbf4dc9700: 00 f9 f9 f9 f9 f9 f9 f9 00 00 f9 f9 f9 f9 f9 f9 [ 97.404994] ================================================================== Build: ------ - Test Log: https://qa-reports.linaro.org/~anders.roxell/testtrigger/build/v6.14-3565-gf6e0150b2003/testrun/27796092/suite/log-parser-boot/test/kasan-bug-kasan-global-out-of-bounds-in-cs_dsp_mock_bin_add_name_or_infoisra-f66ea4d78724cc70b65211a4ad56ceac722dd04452fa6c16839a3329bb9f149e/log - Kernel Config: https://qa-reports.linaro.org/~anders.roxell/testtrigger/build/v6.14-3565-gf6e0150b2003/testrun/27794708/suite/build/test/gcc-13-lkftconfig/attachments/config - Build Reproducer: https://qa-reports.linaro.org/~anders.roxell/testtrigger/build/v6.14-3565-gf6e0150b2003/testrun/27794708/suite/build/test/gcc-13-lkftconfig/attachments/tuxmake_reproducer.sh - Test Reproducer: https://qa-reports.linaro.org/~anders.roxell/testtrigger/build/v6.14-3565-gf6e0150b2003/testrun/27796092/suite/log-parser-boot/test/kasan-bug-kasan-global-out-of-bounds-in-cs_dsp_mock_bin_add_name_or_infoisra-f66ea4d78724cc70b65211a4ad56ceac722dd04452fa6c16839a3329bb9f149e/attachments/reproducer Boot regression: qemu-arm64, log-parser-boot/exception-warning-cpu-pid-at-libmathint_log-intlog2 Boot log: --------- ------------[ cut here ]------------ [ 118.485560] WARNING: CPU: 1 PID: 639 at lib/math/int_log.c:63 intlog2+0xd8/0xf8 [ 118.486688] Modules linked in: [ 118.487572] CPU: 1 UID: 0 PID: 639 Comm: kunit_try_catch Tainted: G B D W N 6.14.0 #1 PREEMPT [ 118.489516] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 118.490305] Hardware name: linux,dummy-virt (DT) [ 118.491264] pstate: 12402009 (nzcV daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--) [ 118.492144] pc : intlog2+0xd8/0xf8 [ 118.492804] lr : intlog2_test+0xe4/0x200 [ 118.493448] sp : ffff800082277c10 [ 118.494027] x29: ffff800082277c90 x28: 0000000000000000 x27: 0000000000000000 [ 118.495120] x26: 1ffe00001980de41 x25: 0000000000000000 x24: ffff8000800879a8 [ 118.496308] x23: fff00000cbfee540 x22: 0000000000000000 x21: 1ffff0001044ef82 [ 118.497345] x20: ffff928bda24dea0 x19: ffff800080087990 x18: 0000000089cff008 [ 118.498457] x17: 00000000c22654eb x16: fff00000c095a03c x15: fff00000ff616b48 [ 118.499232] x14: 000000006ab5c22d x13: 1ffe00001b4939b8 x12: ffff72517bbfa171 [ 118.500350] x11: 1ffff2517bbfa170 x10: ffff72517bbfa170 x9 : ffff928bd77e23ec [ 118.502097] x8 : ffff928bddfd0b83 x7 : 0000000000000001 x6 : 00000000f1f1f1f1 [ 118.504440] x5 : ffff70001044ef82 x4 : 1ffff00010010f3a x3 : 1ffff2517b449bd4 [ 118.505822] x2 : 1ffff2517b449bd4 x1 : 0000000000000003 x0 : 0000000000000000 [ 118.507484] Call trace: [ 118.508027] intlog2+0xd8/0xf8 (P) [ 118.508720] kunit_try_run_case+0x14c/0x3d0 [ 118.509413] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 118.510066] kthread+0x318/0x618 [ 118.510541] ret_from_fork+0x10/0x20 [ 118.511573] ---[ end trace 0000000000000000 ]--- Build: ------ - Test Log: https://qa-reports.linaro.org/~anders.roxell/testtrigger/build/v6.14-3565-gf6e0150b2003/testrun/27797216/suite/log-parser-boot/test/exception-warning-cpu-pid-at-libmathint_log-intlog2-0ec4c1c41ac281cddd0420ff6138e324acbfb3cd0c47a19da715c45a7f17609f/log - Kernel Config: https://qa-reports.linaro.org/~anders.roxell/testtrigger/build/v6.14-3565-gf6e0150b2003/testrun/27794708/suite/build/test/gcc-13-lkftconfig/attachments/config - Build Reproducer: https://qa-reports.linaro.org/~anders.roxell/testtrigger/build/v6.14-3565-gf6e0150b2003/testrun/27794708/suite/build/test/gcc-13-lkftconfig/attachments/tuxmake_reproducer.sh - Test Reproducer: https://qa-reports.linaro.org/~anders.roxell/testtrigger/build/v6.14-3565-gf6e0150b2003/testrun/27797216/suite/log-parser-boot/test/exception-warning-cpu-pid-at-libmathint_log-intlog2-0ec4c1c41ac281cddd0420ff6138e324acbfb3cd0c47a19da715c45a7f17609f/attachments/reproducer Boot regression: qemu-arm64, log-parser-boot/kasan-bug-kasan-out-of-bounds-in-kmalloc_memmove_negative_size Boot log: --------- [ 27.301795] ================================================================== [ 27.302830] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0x154/0x2e0 [ 27.303776] Read of size 18446744073709551614 at addr fff00000ffebe004 by task kunit_try_catch/181 [ 27.305294] [ 27.305725] CPU: 1 UID: 0 PID: 181 Comm: kunit_try_catch Tainted: G B N 6.14.0 #1 PREEMPT [ 27.305952] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.306016] Hardware name: linux,dummy-virt (DT) [ 27.306084] Call trace: [ 27.306134] show_stack+0x20/0x38 (C) [ 27.306255] dump_stack_lvl+0x8c/0xd0 [ 27.306362] print_report+0x118/0x5f0 [ 27.307088] kasan_report+0xc8/0x118 [ 27.307150] kasan_check_range+0x100/0x1a8 [ 27.307208] __asan_memmove+0x3c/0x98 [ 27.307258] kmalloc_memmove_negative_size+0x154/0x2e0 [ 27.307316] kunit_try_run_case+0x14c/0x3d0 [ 27.307374] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 27.307433] kthread+0x318/0x618 [ 27.307485] ret_from_fork+0x10/0x20 [ 27.307541] [ 27.316906] Allocated by task 2846403498: [ 27.317688] ------------[ cut here ]------------ [ 27.318276] pool index 44973 out of bounds (202) for stack id adacafae [ 27.320755] WARNING: CPU: 1 PID: 181 at lib/stackdepot.c:451 depot_fetch_stack+0x6c/0x90 [ 27.321730] Modules linked in: [ 27.322631] CPU: 1 UID: 0 PID: 181 Comm: kunit_try_catch Tainted: G B N 6.14.0 #1 PREEMPT [ 27.323629] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.324077] Hardware name: linux,dummy-virt (DT) [ 27.324743] pstate: 624020c9 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) [ 27.325628] pc : depot_fetch_stack+0x6c/0x90 [ 27.326348] lr : depot_fetch_stack+0x6c/0x90 [ 27.326893] sp : ffff800080aa7a20 [ 27.327293] x29: ffff800080aa7a20 x28: ffff928bde006000 x27: 1ffff00010010f60 [ 27.328934] x26: 1ffff00010010f5f x25: 0000000000000000 x24: fffffffffffffffe [ 27.330020] x23: ffffc1ffc3ffaf80 x22: ffff928bdba177b8 x21: ffff928bdba1aaa8 [ 27.331251] x20: fff00000ffebe004 x19: ffff800080aa7b30 x18: 00000000f804479f [ 27.332289] x17: 0000000000000000 x16: 00000000f1f1f1f1 x15: 0000000000000007 [ 27.333285] x14: 0000000000000000 x13: 0000000000000007 x12: ffff72517b853951 [ 27.334306] x11: 1ffff2517b853950 x10: ffff72517b853950 x9 : ffff928bd68de314 [ 27.335474] x8 : 0000000000000003 x7 : 0000000000000001 x6 : ffff72517b853950 [ 27.336449] x5 : ffff928bdc29ca80 x4 : 1ffe000018fc3001 x3 : dfff800000000000 [ 27.337481] x2 : 0000000000000000 x1 : 0000000000000000 x0 : fff00000c7e18000 [ 27.338947] Call trace: [ 27.339344] depot_fetch_stack+0x6c/0x90 (P) [ 27.340035] stack_depot_print+0x24/0x60 [ 27.340594] print_report+0x5d0/0x5f0 [ 27.341336] kasan_report+0xc8/0x118 [ 27.341941] kasan_check_range+0x100/0x1a8 [ 27.342517] __asan_memmove+0x3c/0x98 [ 27.344041] kmalloc_memmove_negative_size+0x154/0x2e0 [ 27.344663] kunit_try_run_case+0x14c/0x3d0 [ 27.345322] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 27.347925] kthread+0x318/0x618 [ 27.349024] ret_from_fork+0x10/0x20 [ 27.350156] ---[ end trace 0000000000000000 ]--- [ 27.351176] ------------[ cut here ]------------ [ 27.351609] corrupt handle or use after stack_depot_put() [ 27.353142] WARNING: CPU: 1 PID: 181 at lib/stackdepot.c:719 stack_depot_print+0x54/0x60 [ 27.354402] Modules linked in: [ 27.354998] CPU: 1 UID: 0 PID: 181 Comm: kunit_try_catch Tainted: G B W N 6.14.0 #1 PREEMPT [ 27.356318] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.357125] Hardware name: linux,dummy-virt (DT) [ 27.357579] pstate: 624020c9 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) [ 27.358232] pc : stack_depot_print+0x54/0x60 [ 27.359707] lr : stack_depot_print+0x54/0x60 [ 27.360249] sp : ffff800080aa7a30 [ 27.360643] x29: ffff800080aa7a30 x28: ffff928bde006000 x27: 1ffff00010010f60 [ 27.361586] x26: 1ffff00010010f5f x25: 0000000000000000 x24: fffffffffffffffe [ 27.363467] x23: ffffc1ffc3ffaf80 x22: ffff928bdba177b8 x21: ffff928bdba1aaa8 [ 27.364221] x20: fff00000ffebe004 x19: ffff800080aa7b30 x18: 00000000f804479f [ 27.365815] x17: 0000000000000000 x16: 00000000f1f1f1f1 x15: 00000000f3f3f3f3 [ 27.366980] x14: ffff700010154f26 x13: 1ffe000018fc3001 x12: ffff72517b853951 [ 27.368479] x11: 1ffff2517b853950 x10: ffff72517b853950 x9 : ffff928bd68de314 [ 27.369482] x8 : 0000000000000003 x7 : 0000000000000001 x6 : ffff72517b853950 [ 27.370342] x5 : ffff928bdc29ca80 x4 : 1ffe000018fc3001 x3 : dfff800000000000 [ 27.371293] x2 : 0000000000000000 x1 : 0000000000000000 x0 : fff00000c7e18000 [ 27.372473] Call trace: [ 27.372816] stack_depot_print+0x54/0x60 (P) [ 27.373570] print_report+0x5d0/0x5f0 [ 27.374117] kasan_report+0xc8/0x118 [ 27.374985] kasan_check_range+0x100/0x1a8 [ 27.375585] __asan_memmove+0x3c/0x98 [ 27.376028] kmalloc_memmove_negative_size+0x154/0x2e0 [ 27.376826] kunit_try_run_case+0x14c/0x3d0 [ 27.377908] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 27.378560] kthread+0x318/0x618 [ 27.379497] ret_from_fork+0x10/0x20 [ 27.380056] ---[ end trace 0000000000000000 ]--- [ 27.380900] [ 27.381469] Last potentially related work creation: [ 27.382128] ------------[ cut here ]------------ [ 27.383289] pool index 43945 out of bounds (202) for stack id a9a8abaa [ 27.384251] WARNING: CPU: 1 PID: 181 at lib/stackdepot.c:451 depot_fetch_stack+0x6c/0x90 [ 27.385235] Modules linked in: [ 27.385728] CPU: 1 UID: 0 PID: 181 Comm: kunit_try_catch Tainted: G B W N 6.14.0 #1 PREEMPT [ 27.386782] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.387878] Hardware name: linux,dummy-virt (DT) [ 27.389051] pstate: 624020c9 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) [ 27.390927] pc : depot_fetch_stack+0x6c/0x90 [ 27.391464] lr : depot_fetch_stack+0x6c/0x90 [ 27.392116] sp : ffff800080aa7a00 [ 27.392509] x29: ffff800080aa7a00 x28: ffff928bde006000 x27: 1ffff00010010f60 [ 27.393502] x26: 1ffff00010010f5f x25: 0000000000000000 x24: fffffffffffffffe [ 27.394263] x23: ffffc1ffc3ffaf80 x22: ffff928bdba177b8 x21: ffff928bdba1aaa8 [ 27.396461] x20: fff00000ffebe004 x19: fff00000ffebe040 x18: 00000000f804479f [ 27.397640] x17: 0000000000000000 x16: 00000000f1f1f1f1 x15: 0000000000000007 [ 27.399643] x14: 0000000000000000 x13: 0000000000000007 x12: ffff72517b853951 [ 27.400422] x11: 1ffff2517b853950 x10: ffff72517b853950 x9 : ffff928bd68de314 [ 27.401561] x8 : 0000000000000003 x7 : 0000000000000001 x6 : ffff72517b853950 [ 27.403428] x5 : ffff928bdc29ca80 x4 : 1ffe000018fc3001 x3 : dfff800000000000 [ 27.404271] x2 : 0000000000000000 x1 : 0000000000000000 x0 : fff00000c7e18000 [ 27.405317] Call trace: [ 27.406738] depot_fetch_stack+0x6c/0x90 (P) [ 27.407620] stack_depot_print+0x24/0x60 [ 27.408177] kasan_print_aux_stacks+0x50/0x98 [ 27.408710] print_report+0x334/0x5f0 [ 27.409742] kasan_report+0xc8/0x118 [ 27.410714] kasan_check_range+0x100/0x1a8 [ 27.411338] __asan_memmove+0x3c/0x98 [ 27.411625] kmalloc_memmove_negative_size+0x154/0x2e0 [ 27.412807] kunit_try_run_case+0x14c/0x3d0 [ 27.413498] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 27.414233] kthread+0x318/0x618 [ 27.414870] ret_from_fork+0x10/0x20 [ 27.415422] ---[ end trace 0000000000000000 ]--- [ 27.415976] ------------[ cut here ]------------ [ 27.416532] corrupt handle or use after stack_depot_put() [ 27.416791] WARNING: CPU: 1 PID: 181 at lib/stackdepot.c:719 stack_depot_print+0x54/0x60 [ 27.419013] Modules linked in: [ 27.419581] CPU: 1 UID: 0 PID: 181 Comm: kunit_try_catch Tainted: G B W N 6.14.0 #1 PREEMPT [ 27.420639] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.421214] Hardware name: linux,dummy-virt (DT) [ 27.421741] pstate: 624020c9 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) [ 27.423754] pc : stack_depot_print+0x54/0x60 [ 27.424394] lr : stack_depot_print+0x54/0x60 [ 27.424970] sp : ffff800080aa7a10 [ 27.425436] x29: ffff800080aa7a10 x28: ffff928bde006000 x27: 1ffff00010010f60 [ 27.427056] x26: 1ffff00010010f5f x25: 0000000000000000 x24: fffffffffffffffe [ 27.427968] x23: ffffc1ffc3ffaf80 x22: ffff928bdba177b8 x21: ffff928bdba1aaa8 [ 27.428993] x20: fff00000ffebe004 x19: fff00000ffebe040 x18: 00000000f804479f [ 27.430144] x17: 0000000000000000 x16: 00000000f1f1f1f1 x15: 00000000f3f3f3f3 [ 27.431413] x14: ffff700010154f22 x13: 1ffe000018fc3001 x12: ffff72517b853951 [ 27.432477] x11: 1ffff2517b853950 x10: ffff72517b853950 x9 : ffff928bd68de314 [ 27.433497] x8 : 0000000000000003 x7 : 0000000000000001 x6 : ffff72517b853950 [ 27.434667] x5 : ffff928bdc29ca80 x4 : 1ffe000018fc3001 x3 : dfff800000000000 [ 27.435943] x2 : 0000000000000000 x1 : 0000000000000000 x0 : fff00000c7e18000 [ 27.437185] Call trace: [ 27.437557] stack_depot_print+0x54/0x60 (P) [ 27.438097] kasan_print_aux_stacks+0x50/0x98 [ 27.439143] print_report+0x334/0x5f0 [ 27.440033] kasan_report+0xc8/0x118 [ 27.440869] kasan_check_range+0x100/0x1a8 [ 27.441835] __asan_memmove+0x3c/0x98 [ 27.442534] kmalloc_memmove_negative_size+0x154/0x2e0 [ 27.443547] kunit_try_run_case+0x14c/0x3d0 [ 27.444768] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 27.445410] kthread+0x318/0x618 [ 27.445874] ret_from_fork+0x10/0x20 [ 27.446446] ---[ end trace 0000000000000000 ]--- [ 27.447651] [ 27.448045] Second to last potentially related work creation: [ 27.448906] ------------[ cut here ]------------ [ 27.449514] pool index 44973 out of bounds (202) for stack id adacafae [ 27.450480] WARNING: CPU: 1 PID: 181 at lib/stackdepot.c:451 depot_fetch_stack+0x6c/0x90 [ 27.451392] Modules linked in: [ 27.451970] CPU: 1 UID: 0 PID: 181 Comm: kunit_try_catch Tainted: G B W N 6.14.0 #1 PREEMPT [ 27.453154] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.453872] Hardware name: linux,dummy-virt (DT) [ 27.454738] pstate: 624020c9 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) [ 27.455587] pc : depot_fetch_stack+0x6c/0x90 [ 27.456228] lr : depot_fetch_stack+0x6c/0x90 [ 27.457174] sp : ffff800080aa7a00 [ 27.457699] x29: ffff800080aa7a00 x28: ffff928bde006000 x27: 1ffff00010010f60 [ 27.459341] x26: 1ffff00010010f5f x25: 0000000000000000 x24: fffffffffffffffe [ 27.460456] x23: ffffc1ffc3ffaf80 x22: ffff928bdba177b8 x21: ffff928bdba1aaa8 [ 27.461284] x20: fff00000ffebe004 x19: fff00000ffebe040 x18: 00000000f804479f [ 27.462222] x17: 0000000000000000 x16: 00000000f1f1f1f1 x15: 0000000000000007 [ 27.463581] x14: 0000000000000000 x13: 0000000000000007 x12: ffff72517b853951 [ 27.465221] x11: 1ffff2517b853950 x10: ffff72517b853950 x9 : ffff928bd68de314 [ 27.466358] x8 : 0000000000000003 x7 : 0000000000000001 x6 : ffff72517b853950 [ 27.467862] x5 : ffff928bdc29ca80 x4 : 1ffe000018fc3001 x3 : dfff800000000000 [ 27.469294] x2 : 0000000000000000 x1 : 0000000000000000 x0 : fff00000c7e18000 [ 27.470054] Call trace: [ 27.470913] depot_fetch_stack+0x6c/0x90 (P) [ 27.471904] stack_depot_print+0x24/0x60 [ 27.472533] kasan_print_aux_stacks+0x78/0x98 [ 27.473386] print_report+0x334/0x5f0 [ 27.473963] kasan_report+0xc8/0x118 [ 27.475043] kasan_check_range+0x100/0x1a8 [ 27.475527] __asan_memmove+0x3c/0x98 [ 27.476133] kmalloc_memmove_negative_size+0x154/0x2e0 [ 27.476606] kunit_try_run_case+0x14c/0x3d0 [ 27.477340] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 27.478125] kthread+0x318/0x618 [ 27.479283] ret_from_fork+0x10/0x20 [ 27.479819] ---[ end trace 0000000000000000 ]--- [ 27.480758] ------------[ cut here ]------------ [ 27.481414] corrupt handle or use after stack_depot_put() [ 27.481650] WARNING: CPU: 1 PID: 181 at lib/stackdepot.c:719 stack_depot_print+0x54/0x60 [ 27.483938] Modules linked in: [ 27.484711] CPU: 1 UID: 0 PID: 181 Comm: kunit_try_catch Tainted: G B W N 6.14.0 #1 PREEMPT [ 27.486240] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.486994] Hardware name: linux,dummy-virt (DT) [ 27.487656] pstate: 624020c9 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) [ 27.488728] pc : stack_depot_print+0x54/0x60 [ 27.489560] lr : stack_depot_print+0x54/0x60 [ 27.490175] sp : ffff800080aa7a10 [ 27.490898] x29: ffff800080aa7a10 x28: ffff928bde006000 x27: 1ffff00010010f60 [ 27.492118] x26: 1ffff00010010f5f x25: 0000000000000000 x24: fffffffffffffffe [ 27.493226] x23: ffffc1ffc3ffaf80 x22: ffff928bdba177b8 x21: ffff928bdba1aaa8 [ 27.493885] x20: fff00000ffebe004 x19: fff00000ffebe040 x18: 00000000f804479f [ 27.494910] x17: 0000000000000000 x16: 00000000f1f1f1f1 x15: 00000000f3f3f3f3 [ 27.496408] x14: ffff700010154f22 x13: 1ffe000018fc3001 x12: ffff72517b853951 [ 27.497227] x11: 1ffff2517b853950 x10: ffff72517b853950 x9 : ffff928bd68de314 [ 27.498568] x8 : 0000000000000003 x7 : 0000000000000001 x6 : ffff72517b853950 [ 27.499727] x5 : ffff928bdc29ca80 x4 : 1ffe000018fc3001 x3 : dfff800000000000 [ 27.501007] x2 : 0000000000000000 x1 : 0000000000000000 x0 : fff00000c7e18000 [ 27.501599] Call trace: [ 27.502133] stack_depot_print+0x54/0x60 (P) [ 27.502896] kasan_print_aux_stacks+0x78/0x98 [ 27.503427] print_report+0x334/0x5f0 [ 27.504261] kasan_report+0xc8/0x118 [ 27.504947] kasan_check_range+0x100/0x1a8 [ 27.505487] __asan_memmove+0x3c/0x98 [ 27.506256] kmalloc_memmove_negative_size+0x154/0x2e0 [ 27.507129] kunit_try_run_case+0x14c/0x3d0 [ 27.508418] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 27.509146] kthread+0x318/0x618 [ 27.509567] ret_from_fork+0x10/0x20 [ 27.510270] ---[ end trace 0000000000000000 ]--- [ 27.511481] [ 27.511968] The buggy address belongs to the object at fff00000ffebe000 [ 27.511968] which belongs to the cache kmalloc-64 of size 64 [ 27.513144] The buggy address is located 4 bytes inside of [ 27.513144] 64-byte region [fff00000ffebe000, fff00000ffebe040) [ 27.515587] [ 27.515972] The buggy address belongs to the physical page: [ 27.516724] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x13febe [ 27.517763] memcg:fff00000d9e33e71 [ 27.518656] flags: 0xbfffe0000002000(reserved|node=0|zone=2|lastcpupid=0x1ffff) [ 27.519457] page_type: f5(slab) [ 27.520155] raw: 0bfffe0000002000 fff00000c00018c0 ffffc1ffc3ffaf88 0000000000000000 [ 27.521017] raw: 0000000000000000 0000000000010000 00000001f5000000 fff00000d9e33e71 [ 27.521930] page dumped because: kasan: bad access detected [ 27.523954] [ 27.524197] Memory state around the buggy address: [ 27.524830] fff00000ffebdf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.525664] fff00000ffebdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.526538] >fff00000ffebe000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.527659] ^ [ 27.528186] fff00000ffebe080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.529113] fff00000ffebe100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.529751] ================================================================== Build: ------ - Test Log: https://qa-reports.linaro.org/~anders.roxell/testtrigger/build/v6.14-3565-gf6e0150b2003/testrun/27797216/suite/log-parser-boot/test/kasan-bug-kasan-out-of-bounds-in-kmalloc_memmove_negative_size-e6a310d4b72344dff66c1497bce0c8d7fb8c650838e8affae8a023bc10a19d8b/log - Kernel Config: https://qa-reports.linaro.org/~anders.roxell/testtrigger/build/v6.14-3565-gf6e0150b2003/testrun/27794708/suite/build/test/gcc-13-lkftconfig/attachments/config - Build Reproducer: https://qa-reports.linaro.org/~anders.roxell/testtrigger/build/v6.14-3565-gf6e0150b2003/testrun/27794708/suite/build/test/gcc-13-lkftconfig/attachments/tuxmake_reproducer.sh - Test Reproducer: https://qa-reports.linaro.org/~anders.roxell/testtrigger/build/v6.14-3565-gf6e0150b2003/testrun/27797216/suite/log-parser-boot/test/kasan-bug-kasan-out-of-bounds-in-kmalloc_memmove_negative_size-e6a310d4b72344dff66c1497bce0c8d7fb8c650838e8affae8a023bc10a19d8b/attachments/reproducer Boot regression: qemu-arm64, log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kasan_strings Boot log: --------- [ 30.287875] ================================================================== [ 30.288597] BUG: KASAN: slab-use-after-free in kasan_strings+0x838/0x8d8 [ 30.289336] Read of size 1 at addr fff00000c1322450 by task kunit_try_catch/260 [ 30.290124] [ 30.290457] CPU: 1 UID: 0 PID: 260 Comm: kunit_try_catch Tainted: G B W N 6.14.0 #1 PREEMPT [ 30.291963] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 30.292008] Hardware name: linux,dummy-virt (DT) [ 30.292053] Call trace: [ 30.292083] show_stack+0x20/0x38 (C) [ 30.292166] dump_stack_lvl+0x8c/0xd0 [ 30.292231] print_report+0x118/0x5f0 [ 30.292290] kasan_report+0xc8/0x118 [ 30.292346] __asan_report_load1_noabort+0x20/0x30 [ 30.292407] kasan_strings+0x838/0x8d8 [ 30.292463] kunit_try_run_case+0x14c/0x3d0 [ 30.292521] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.292585] kthread+0x318/0x618 [ 30.292656] ret_from_fork+0x10/0x20 [ 30.292721] [ 30.301626] Allocated by task 260: [ 30.302304] kasan_save_stack+0x3c/0x68 [ 30.303281] kasan_save_track+0x20/0x40 [ 30.303532] kasan_save_alloc_info+0x40/0x58 [ 30.303773] __kasan_kmalloc+0xd4/0xd8 [ 30.304227] __kmalloc_cache_noprof+0x15c/0x3c0 [ 30.304780] kasan_strings+0xb0/0x8d8 [ 30.305482] kunit_try_run_case+0x14c/0x3d0 [ 30.306123] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.307415] kthread+0x318/0x618 [ 30.308035] ret_from_fork+0x10/0x20 [ 30.308856] [ 30.309375] Freed by task 260: [ 30.309865] kasan_save_stack+0x3c/0x68 [ 30.310823] kasan_save_track+0x20/0x40 [ 30.311749] kasan_save_free_info+0x4c/0x78 [ 30.312206] __kasan_slab_free+0x6c/0x98 [ 30.312584] kfree+0x214/0x3c8 [ 30.312979] kasan_strings+0x124/0x8d8 [ 30.313962] kunit_try_run_case+0x14c/0x3d0 [ 30.314868] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.316008] kthread+0x318/0x618 [ 30.316737] ret_from_fork+0x10/0x20 [ 30.317262] [ 30.317607] The buggy address belongs to the object at fff00000c1322440 [ 30.317607] which belongs to the cache kmalloc-32 of size 32 [ 30.319220] The buggy address is located 16 bytes inside of [ 30.319220] freed 32-byte region [fff00000c1322440, fff00000c1322460) [ 30.320393] [ 30.320732] The buggy address belongs to the physical page: [ 30.321457] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101322 [ 30.322392] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.323502] page_type: f5(slab) [ 30.324057] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000 [ 30.324858] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 30.325742] page dumped because: kasan: bad access detected [ 30.326468] [ 30.326783] Memory state around the buggy address: [ 30.327352] fff00000c1322300: 00 00 00 04 fc fc fc fc 00 00 07 fc fc fc fc fc [ 30.328328] fff00000c1322380: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 30.329105] >fff00000c1322400: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 30.329933] ^ [ 30.330895] fff00000c1322480: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 30.331657] fff00000c1322500: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 30.332474] ================================================================== Build: ------ - Test Log: https://qa-reports.linaro.org/~anders.roxell/testtrigger/build/v6.14-3565-gf6e0150b2003/testrun/27797216/suite/log-parser-boot/test/kasan-bug-kasan-slab-use-after-free-in-kasan_strings-3ace6aed6039e6e38dfe946c8103ffacdee6c7a8df06d6e160a31014e245b46c/log - Kernel Config: https://qa-reports.linaro.org/~anders.roxell/testtrigger/build/v6.14-3565-gf6e0150b2003/testrun/27794708/suite/build/test/gcc-13-lkftconfig/attachments/config - Build Reproducer: https://qa-reports.linaro.org/~anders.roxell/testtrigger/build/v6.14-3565-gf6e0150b2003/testrun/27794708/suite/build/test/gcc-13-lkftconfig/attachments/tuxmake_reproducer.sh - Test Reproducer: https://qa-reports.linaro.org/~anders.roxell/testtrigger/build/v6.14-3565-gf6e0150b2003/testrun/27797216/suite/log-parser-boot/test/kasan-bug-kasan-slab-use-after-free-in-kasan_strings-3ace6aed6039e6e38dfe946c8103ffacdee6c7a8df06d6e160a31014e245b46c/attachments/reproducer Boot regression: qemu-arm64, log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-rcu_uaf_reclaim Boot log: --------- [ 28.203049] ================================================================== [ 28.203975] BUG: KASAN: slab-use-after-free in rcu_uaf_reclaim+0x64/0x70 [ 28.204793] Read of size 4 at addr fff00000c12d2d40 by task swapper/1/0 [ 28.205477] [ 28.205893] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G B W N 6.14.0 #1 PREEMPT [ 28.206179] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 28.206257] Hardware name: linux,dummy-virt (DT) [ 28.206342] Call trace: [ 28.206413] show_stack+0x20/0x38 (C) [ 28.206577] dump_stack_lvl+0x8c/0xd0 [ 28.206717] print_report+0x118/0x5f0 [ 28.206922] kasan_report+0xc8/0x118 [ 28.207058] __asan_report_load4_noabort+0x20/0x30 [ 28.207195] rcu_uaf_reclaim+0x64/0x70 [ 28.207309] rcu_core+0x9f4/0x1e20 [ 28.207370] rcu_core_si+0x18/0x30 [ 28.207423] handle_softirqs+0x374/0xb20 [ 28.207480] __do_softirq+0x1c/0x28 [ 28.207531] ____do_softirq+0x18/0x30 [ 28.207584] call_on_irq_stack+0x24/0x58 [ 28.207639] do_softirq_own_stack+0x24/0x38 [ 28.207695] __irq_exit_rcu+0x1fc/0x318 [ 28.207746] irq_exit_rcu+0x1c/0x80 [ 28.207797] el1_interrupt+0x38/0x58 [ 28.207885] el1h_64_irq_handler+0x18/0x28 [ 28.207945] el1h_64_irq+0x6c/0x70 [ 28.208099] arch_local_irq_enable+0x4/0x8 (P) [ 28.208172] do_idle+0x384/0x4e8 [ 28.208224] cpu_startup_entry+0x68/0x80 [ 28.208276] secondary_start_kernel+0x288/0x340 [ 28.208336] __secondary_switched+0xc0/0xc8 [ 28.208404] [ 28.220082] Allocated by task 199: [ 28.220672] kasan_save_stack+0x3c/0x68 [ 28.221311] kasan_save_track+0x20/0x40 [ 28.221951] kasan_save_alloc_info+0x40/0x58 [ 28.222441] __kasan_kmalloc+0xd4/0xd8 [ 28.222993] __kmalloc_cache_noprof+0x15c/0x3c0 [ 28.223809] rcu_uaf+0xb0/0x2d0 [ 28.224324] kunit_try_run_case+0x14c/0x3d0 [ 28.224826] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.225635] kthread+0x318/0x618 [ 28.226211] ret_from_fork+0x10/0x20 [ 28.226809] [ 28.227193] Freed by task 0: [ 28.227708] kasan_save_stack+0x3c/0x68 [ 28.228298] kasan_save_track+0x20/0x40 [ 28.228959] kasan_save_free_info+0x4c/0x78 [ 28.229469] __kasan_slab_free+0x6c/0x98 [ 28.230224] kfree+0x214/0x3c8 [ 28.230732] rcu_uaf_reclaim+0x28/0x70 [ 28.231185] rcu_core+0x9f4/0x1e20 [ 28.231822] rcu_core_si+0x18/0x30 [ 28.232422] handle_softirqs+0x374/0xb20 [ 28.233077] __do_softirq+0x1c/0x28 [ 28.233694] [ 28.234060] Last potentially related work creation: [ 28.234714] kasan_save_stack+0x3c/0x68 [ 28.235335] kasan_record_aux_stack+0xb4/0xc8 [ 28.236042] __call_rcu_common.constprop.0+0x70/0x8b0 [ 28.236756] call_rcu+0x18/0x30 [ 28.237350] rcu_uaf+0x14c/0x2d0 [ 28.237888] kunit_try_run_case+0x14c/0x3d0 [ 28.238571] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.239328] kthread+0x318/0x618 [ 28.239796] ret_from_fork+0x10/0x20 [ 28.240425] [ 28.240775] The buggy address belongs to the object at fff00000c12d2d40 [ 28.240775] which belongs to the cache kmalloc-32 of size 32 [ 28.242152] The buggy address is located 0 bytes inside of [ 28.242152] freed 32-byte region [fff00000c12d2d40, fff00000c12d2d60) [ 28.243540] [ 28.243988] The buggy address belongs to the physical page: [ 28.244651] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1012d2 [ 28.245580] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 28.246431] page_type: f5(slab) [ 28.247054] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000 [ 28.247913] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 28.248784] page dumped because: kasan: bad access detected [ 28.249483] [ 28.249825] Memory state around the buggy address: [ 28.250493] fff00000c12d2c00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 28.251343] fff00000c12d2c80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 28.252218] >fff00000c12d2d00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 28.253100] ^ [ 28.253781] fff00000c12d2d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.254627] fff00000c12d2e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.255437] ================================================================== Build: ------ - Test Log: https://qa-reports.linaro.org/~anders.roxell/testtrigger/build/v6.14-3565-gf6e0150b2003/testrun/27797216/suite/log-parser-boot/test/kasan-bug-kasan-slab-use-after-free-in-rcu_uaf_reclaim-d51b19292bb2f0697baf6f74cc8ed08631fc0f76e72f5b1bc3f584832265576c/log - Kernel Config: https://qa-reports.linaro.org/~anders.roxell/testtrigger/build/v6.14-3565-gf6e0150b2003/testrun/27794708/suite/build/test/gcc-13-lkftconfig/attachments/config - Build Reproducer: https://qa-reports.linaro.org/~anders.roxell/testtrigger/build/v6.14-3565-gf6e0150b2003/testrun/27794708/suite/build/test/gcc-13-lkftconfig/attachments/tuxmake_reproducer.sh - Test Reproducer: https://qa-reports.linaro.org/~anders.roxell/testtrigger/build/v6.14-3565-gf6e0150b2003/testrun/27797216/suite/log-parser-boot/test/kasan-bug-kasan-slab-use-after-free-in-rcu_uaf_reclaim-d51b19292bb2f0697baf6f74cc8ed08631fc0f76e72f5b1bc3f584832265576c/attachments/reproducer Boot regression: qemu-arm64, log-parser-boot/kfence-bug-kfence-memory-corruption-in-kmalloc_track_caller_oob_right Boot log: --------- [ 25.910748] ================================================================== [ 25.913100] BUG: KFENCE: memory corruption in kmalloc_track_caller_oob_right+0x224/0x490 [ 25.913100] [ 25.914024] Corrupted memory at 0x0000000072cb2dc9 [ ! . . . . . . . . . . . . . . . ] (in kfence-#83): [ 25.918010] kmalloc_track_caller_oob_right+0x224/0x490 [ 25.919077] kunit_try_run_case+0x14c/0x3d0 [ 25.919679] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.920349] kthread+0x318/0x618 [ 25.921289] ret_from_fork+0x10/0x20 [ 25.921931] [ 25.923129] kfence-#83: 0x00000000602782fe-0x000000005f8606cd, size=120, cache=kmalloc-128 [ 25.923129] [ 25.924497] allocated by task 143 on cpu 1 at 25.907990s (0.016379s ago): [ 25.925511] kmalloc_track_caller_oob_right+0x184/0x490 [ 25.926194] kunit_try_run_case+0x14c/0x3d0 [ 25.926811] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.927472] kthread+0x318/0x618 [ 25.928144] ret_from_fork+0x10/0x20 [ 25.928773] [ 25.929334] freed by task 143 on cpu 1 at 25.909628s (0.019544s ago): [ 25.930254] kmalloc_track_caller_oob_right+0x224/0x490 [ 25.930919] kunit_try_run_case+0x14c/0x3d0 [ 25.931457] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.932565] kthread+0x318/0x618 [ 25.933012] ret_from_fork+0x10/0x20 [ 25.933657] [ 25.934148] CPU: 1 UID: 0 PID: 143 Comm: kunit_try_catch Tainted: G B N 6.14.0 #1 PREEMPT [ 25.935959] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.936467] Hardware name: linux,dummy-virt (DT) [ 25.937101] ================================================================== Build: ------ - Test Log: https://qa-reports.linaro.org/~anders.roxell/testtrigger/build/v6.14-3565-gf6e0150b2003/testrun/27797216/suite/log-parser-boot/test/kfence-bug-kfence-memory-corruption-in-kmalloc_track_caller_oob_right-286f6cfa20624e9b91913068ed45dd606676da67243cf63258e78b2f64d3bf94/log - Kernel Config: https://qa-reports.linaro.org/~anders.roxell/testtrigger/build/v6.14-3565-gf6e0150b2003/testrun/27794708/suite/build/test/gcc-13-lkftconfig/attachments/config - Build Reproducer: https://qa-reports.linaro.org/~anders.roxell/testtrigger/build/v6.14-3565-gf6e0150b2003/testrun/27794708/suite/build/test/gcc-13-lkftconfig/attachments/tuxmake_reproducer.sh - Test Reproducer: https://qa-reports.linaro.org/~anders.roxell/testtrigger/build/v6.14-3565-gf6e0150b2003/testrun/27797216/suite/log-parser-boot/test/kfence-bug-kfence-memory-corruption-in-kmalloc_track_caller_oob_right-286f6cfa20624e9b91913068ed45dd606676da67243cf63258e78b2f64d3bf94/attachments/reproducer Test regression: qemu-arm64-protected, kvm-unit-tests/timer-ptimer-busy-loop-interrupt-signal-pending Test log: --------- timer-ptimer-busy-loop-interrupt-signal-pending fail Build: ------ - Test Log: https://qa-reports.linaro.org/~anders.roxell/testtrigger/build/v6.14-3565-gf6e0150b2003/testrun/27797664/suite/kvm-unit-tests/test/timer-ptimer-busy-loop-interrupt-signal-pending/log - Kernel Config: https://qa-reports.linaro.org/~anders.roxell/testtrigger/build/v6.14-3565-gf6e0150b2003/testrun/27794708/suite/build/test/gcc-13-lkftconfig/attachments/config - Build Reproducer: https://qa-reports.linaro.org/~anders.roxell/testtrigger/build/v6.14-3565-gf6e0150b2003/testrun/27794708/suite/build/test/gcc-13-lkftconfig/attachments/tuxmake_reproducer.sh - Test Reproducer: https://qa-reports.linaro.org/~anders.roxell/testtrigger/build/v6.14-3565-gf6e0150b2003/testrun/27797664/suite/kvm-unit-tests/test/timer-ptimer-busy-loop-interrupt-signal-pending/attachments/reproducer Test log: --------- timer-ptimer-busy-loop-interrupt-signal-pending fail Build: ------ - Test Log: https://qa-reports.linaro.org/~anders.roxell/testtrigger/build/v6.14-3565-gf6e0150b2003/testrun/27797650/suite/kvm-unit-tests/test/timer-ptimer-busy-loop-interrupt-signal-pending/log - Kernel Config: https://qa-reports.linaro.org/~anders.roxell/testtrigger/build/v6.14-3565-gf6e0150b2003/testrun/27794708/suite/build/test/gcc-13-lkftconfig/attachments/config - Build Reproducer: https://qa-reports.linaro.org/~anders.roxell/testtrigger/build/v6.14-3565-gf6e0150b2003/testrun/27794708/suite/build/test/gcc-13-lkftconfig/attachments/tuxmake_reproducer.sh - Test Reproducer: https://qa-reports.linaro.org/~anders.roxell/testtrigger/build/v6.14-3565-gf6e0150b2003/testrun/27797650/suite/kvm-unit-tests/test/timer-ptimer-busy-loop-interrupt-signal-pending/attachments/reproducer Test regression: qemu-arm64, kselftest-cgroup/cgroup_test_freezer_test_cgfreezer_ptrace Test log: --------- cgroup_test_freezer_test_cgfreezer_ptrace fail cgroup_test_freezer_test_cgfreezer_ptraced pass Build: ------ - Test Log: https://qa-reports.linaro.org/~anders.roxell/testtrigger/build/v6.14-3565-gf6e0150b2003/testrun/27796222/suite/kselftest-cgroup/test/cgroup_test_freezer_test_cgfreezer_ptrace/log - Kernel Config: https://qa-reports.linaro.org/~anders.roxell/testtrigger/build/v6.14-3565-gf6e0150b2003/testrun/27794708/suite/build/test/gcc-13-lkftconfig/attachments/config - Build Reproducer: https://qa-reports.linaro.org/~anders.roxell/testtrigger/build/v6.14-3565-gf6e0150b2003/testrun/27794708/suite/build/test/gcc-13-lkftconfig/attachments/tuxmake_reproducer.sh - Test Reproducer: https://qa-reports.linaro.org/~anders.roxell/testtrigger/build/v6.14-3565-gf6e0150b2003/testrun/27796222/suite/kselftest-cgroup/test/cgroup_test_freezer_test_cgfreezer_ptrace/attachments/reproducer Test regression: qemu-arm64, log-parser-test/exception-warning-cpu-pid-at-mmslub-__kvmalloc_node_noprof Test log: --------- ------------[ cut here ]------------ [ 47.292569] WARNING: CPU: 0 PID: 478 at mm/slub.c:5015 __kvmalloc_node_noprof+0x43c/0x490 [ 47.294748] Modules linked in: sm3_ce sm3 sha3_ce sha512_ce sha512_arm64 drm backlight fuse ip_tables x_tables [ 47.298096] CPU: 0 UID: 0 PID: 478 Comm: unshare_test Not tainted 6.14.0 #1 PREEMPT [ 47.298660] Hardware name: linux,dummy-virt (DT) [ 47.299143] pstate: 23402009 (nzCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) [ 47.300839] pc : __kvmalloc_node_noprof+0x43c/0x490 [ 47.301831] lr : __kvmalloc_node_noprof+0x394/0x490 [ 47.302359] sp : ffff800080ac3c80 [ 47.302706] x29: ffff800080ac3cb0 x28: fff00000c67ca500 x27: 0000000000000000 [ 47.303949] x26: 0000000000000000 x25: 0000000000412cc0 x24: cbefabe21d148724 [ 47.304309] x23: 0000000000000000 x22: 00000000ffffffff x21: 0000000000400cc0 [ 47.304671] x20: 0000000200001e00 x19: 0000000000000000 x18: 0000000000000000 [ 47.305037] x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000 [ 47.305412] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000 [ 47.305783] x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000 [ 47.306232] x8 : 0000000000000001 x7 : 0000000000000001 x6 : 0000000000000005 [ 47.308250] x5 : 0000000000000000 x4 : fff00000c67ca500 x3 : 0000000000000000 [ 47.308954] x2 : 0000000000000000 x1 : 0000000000000000 x0 : 000000007fffffff [ 47.309802] Call trace: [ 47.310924] __kvmalloc_node_noprof+0x43c/0x490 (P) [ 47.312328] alloc_fdtable+0x84/0x128 [ 47.312762] expand_files+0x74/0x2ec [ 47.313222] ksys_dup3+0x60/0x120 [ 47.313865] __arm64_sys_dup3+0x20/0x30 [ 47.314252] invoke_syscall+0x48/0x10c [ 47.314668] el0_svc_common.constprop.0+0x40/0xe0 [ 47.315390] do_el0_svc+0x1c/0x28 [ 47.315733] el0_svc+0x30/0xcc [ 47.316009] el0t_64_sync_handler+0x10c/0x138 [ 47.316393] el0t_64_sync+0x198/0x19c [ 47.317066] ---[ end trace 0000000000000000 ]--- Build: ------ - Test Log: https://qa-reports.linaro.org/~anders.roxell/testtrigger/build/v6.14-3565-gf6e0150b2003/testrun/27795733/suite/log-parser-test/test/exception-warning-cpu-pid-at-mmslub-__kvmalloc_node_noprof-0fcdcddc3a774e1a4ff6f958c917adb0c7a43eed86c33467c23197bcd17e93f6/log - Kernel Config: https://qa-reports.linaro.org/~anders.roxell/testtrigger/build/v6.14-3565-gf6e0150b2003/testrun/27794708/suite/build/test/gcc-13-lkftconfig/attachments/config - Build Reproducer: https://qa-reports.linaro.org/~anders.roxell/testtrigger/build/v6.14-3565-gf6e0150b2003/testrun/27794708/suite/build/test/gcc-13-lkftconfig/attachments/tuxmake_reproducer.sh - Test Reproducer: https://qa-reports.linaro.org/~anders.roxell/testtrigger/build/v6.14-3565-gf6e0150b2003/testrun/27795733/suite/log-parser-test/test/exception-warning-cpu-pid-at-mmslub-__kvmalloc_node_noprof-0fcdcddc3a774e1a4ff6f958c917adb0c7a43eed86c33467c23197bcd17e93f6/attachments/reproducer Source: ------- - Kernel version: 6.14.0 - Git Tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git - Git SHA: f6e0150b2003fb2b9265028a618aa1732b3edc8f - Git Describe: v6.14-3565-gf6e0150b2003 - Test Details: https://qa-reports.linaro.org/~anders.roxell/testtrigger/build/v6.14-3565-gf6e0150b2003 -- Linaro LKFT https://lkft.linaro.org