Greeting, FYI, we noticed the following commit (built with clang-14): commit: 7cd6f102201f3ea35eea1b990f7543e890b7fdbb ("[PATCH v2 3/5] uaccess-buffer: add CONFIG_GENERIC_ENTRY support") url: https://github.com/0day-ci/linux/commits/Peter-Collingbourne/kernel-introduce-uaccess-logging/20211123-131922 base: https://git.kernel.org/cgit/linux/kernel/git/tip/tip.git cb0e52b7748737b2cf6481fdd9b920ce7e1ebbdf patch link: https://lore.kernel.org/lkml/20211123051658.3195589-4-pcc@google.com in testcase: boot on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace): +----------------------------------------------------------+------------+------------+ | | e050ed271b | 7cd6f10220 | +----------------------------------------------------------+------------+------------+ | boot_successes | 16 | 0 | | boot_failures | 0 | 16 | | BUG:unable_to_handle_page_fault_for_address | 0 | 10 | | Oops:#[##] | 0 | 10 | | RIP:kfree | 0 | 10 | | Kernel_panic-not_syncing:Fatal_exception | 0 | 16 | | WARNING:at_mm/slub.c:#free_nonslab_page | 0 | 6 | | RIP:free_nonslab_page | 0 | 6 | | BUG:KASAN:double-free_or_invalid-free_in_dup_task_struct | 0 | 6 | | maybe_for_address#:#[##] | 0 | 6 | | RIP:__memcpy | 0 | 6 | +----------------------------------------------------------+------------+------------+ If you fix the issue, kindly add following tag Reported-by: kernel test robot [ 29.153667][ T2] BUG: unable to handle page fault for address: ffffebf7d0000008 [ 29.154602][ T2] #PF: supervisor read access in kernel mode [ 29.155284][ T2] #PF: error_code(0x0000) - not-present page [ 29.155975][ T2] PGD 0 P4D 0 [ 29.156359][ T2] Oops: 0000 [#1] PREEMPT SMP KASAN PTI [ 29.156771][ T2] CPU: 0 PID: 2 Comm: kthreadd Not tainted 5.16.0-rc1-00007-g7cd6f102201f #1 aaaec4470dd30d48a14d7cba8ba3e2c3760eb3bd [ 29.156771][ T2] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 29.156771][ T2] RIP: 0010:kfree (include/linux/page-flags.h:198 include/linux/mm.h:863 mm/slub.c:4556) [ 29.156771][ T2] Code: 00 00 80 72 09 48 8b 0d 8e 1a 69 03 eb 0a 48 b9 00 00 00 80 7f 77 00 00 48 01 d9 48 81 e9 00 00 00 80 48 c1 e9 0c 48 c1 e1 06 <4c> 8b 7c 01 08 41 f6 c7 01 0f 85 d3 00 00 00 48 01 c8 49 89 c7 49 All code ======== 0: 00 00 add %al,(%rax) 2: 80 72 09 48 xorb $0x48,0x9(%rdx) 6: 8b 0d 8e 1a 69 03 mov 0x3691a8e(%rip),%ecx # 0x3691a9a c: eb 0a jmp 0x18 e: 48 b9 00 00 00 80 7f movabs $0x777f80000000,%rcx 15: 77 00 00 18: 48 01 d9 add %rbx,%rcx 1b: 48 81 e9 00 00 00 80 sub $0xffffffff80000000,%rcx 22: 48 c1 e9 0c shr $0xc,%rcx 26: 48 c1 e1 06 shl $0x6,%rcx 2a:* 4c 8b 7c 01 08 mov 0x8(%rcx,%rax,1),%r15 <-- trapping instruction 2f: 41 f6 c7 01 test $0x1,%r15b 33: 0f 85 d3 00 00 00 jne 0x10c 39: 48 01 c8 add %rcx,%rax 3c: 49 89 c7 mov %rax,%r15 3f: 49 rex.WB Code starting with the faulting instruction =========================================== 0: 4c 8b 7c 01 08 mov 0x8(%rcx,%rax,1),%r15 5: 41 f6 c7 01 test $0x1,%r15b 9: 0f 85 d3 00 00 00 jne 0xe2 f: 48 01 c8 add %rcx,%rax 12: 49 89 c7 mov %rax,%r15 15: 49 rex.WB [ 29.156771][ T2] RSP: 0000:ffffc9000002fc08 EFLAGS: 00010206 [ 29.156771][ T2] RAX: ffffea0000000000 RBX: 0000067400000161 RCX: 000001f7d0000000 [ 29.156771][ T2] RDX: dffffc0000000000 RSI: ffffffff83c824e0 RDI: ffffffff841d22a0 [ 29.156771][ T2] RBP: ffff888131593628 R08: dffffc0000000000 R09: fffffbfff0a326f9 [ 29.156771][ T2] R10: dffff7fff0a326fa R11: 1ffffffff0a326f8 R12: ffff8881315a0000 [ 29.156771][ T2] R13: dffffc0000000000 R14: ffffffff81190728 R15: ffff8881315a26c0 [ 29.156771][ T2] FS: 0000000000000000(0000) GS:ffff8883ae800000(0000) knlGS:0000000000000000 [ 29.156771][ T2] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 29.156771][ T2] CR2: ffffebf7d0000008 CR3: 0000000004c16000 CR4: 00000000000406f0 [ 29.156771][ T2] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 29.156771][ T2] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 29.156771][ T2] Call Trace: [ 29.156771][ T2] [ 29.156771][ T2] ? find_vm_area (mm/vmalloc.c:2497) [ 29.156771][ T2] dup_task_struct (include/linux/sched/task.h:148 kernel/fork.c:896) [ 29.156771][ T2] copy_process (kernel/fork.c:?) [ 29.156771][ T2] ? __lock_acquire (kernel/locking/lockdep.c:?) [ 29.156771][ T2] kernel_clone (kernel/fork.c:2585) [ 29.156771][ T2] ? sched_clock_cpu (kernel/sched/clock.c:292 kernel/sched/clock.c:382) [ 29.156771][ T2] ? kthread_unuse_mm (kernel/kthread.c:272) [ 29.156771][ T2] kernel_thread (kernel/fork.c:2637) [ 29.156771][ T2] ? kthread_unuse_mm (kernel/kthread.c:272) [ 29.156771][ T2] kthreadd (kernel/kthread.c:351 kernel/kthread.c:685) [ 29.156771][ T2] ? trace_sched_kthread_stop_ret (kernel/kthread.c:658) [ 29.156771][ T2] ret_from_fork (??:?) [ 29.156771][ T2] [ 29.156771][ T2] Modules linked in: [ 29.156771][ T2] CR2: ffffebf7d0000008 [ 29.156771][ T2] ---[ end trace a8dc7679c1d35edd ]--- [ 29.156771][ T2] RIP: 0010:kfree (include/linux/page-flags.h:198 include/linux/mm.h:863 mm/slub.c:4556) [ 29.156771][ T2] Code: 00 00 80 72 09 48 8b 0d 8e 1a 69 03 eb 0a 48 b9 00 00 00 80 7f 77 00 00 48 01 d9 48 81 e9 00 00 00 80 48 c1 e9 0c 48 c1 e1 06 <4c> 8b 7c 01 08 41 f6 c7 01 0f 85 d3 00 00 00 48 01 c8 49 89 c7 49 All code ======== 0: 00 00 add %al,(%rax) 2: 80 72 09 48 xorb $0x48,0x9(%rdx) 6: 8b 0d 8e 1a 69 03 mov 0x3691a8e(%rip),%ecx # 0x3691a9a c: eb 0a jmp 0x18 e: 48 b9 00 00 00 80 7f movabs $0x777f80000000,%rcx 15: 77 00 00 18: 48 01 d9 add %rbx,%rcx 1b: 48 81 e9 00 00 00 80 sub $0xffffffff80000000,%rcx 22: 48 c1 e9 0c shr $0xc,%rcx 26: 48 c1 e1 06 shl $0x6,%rcx 2a:* 4c 8b 7c 01 08 mov 0x8(%rcx,%rax,1),%r15 <-- trapping instruction 2f: 41 f6 c7 01 test $0x1,%r15b 33: 0f 85 d3 00 00 00 jne 0x10c 39: 48 01 c8 add %rcx,%rax 3c: 49 89 c7 mov %rax,%r15 3f: 49 rex.WB Code starting with the faulting instruction =========================================== 0: 4c 8b 7c 01 08 mov 0x8(%rcx,%rax,1),%r15 5: 41 f6 c7 01 test $0x1,%r15b 9: 0f 85 d3 00 00 00 jne 0xe2 f: 48 01 c8 add %rcx,%rax 12: 49 89 c7 mov %rax,%r15 15: 49 rex.WB To reproduce: # build kernel cd linux cp config-5.16.0-rc1-00007-g7cd6f102201f .config make HOSTCC=clang-14 CC=clang-14 ARCH=x86_64 olddefconfig prepare modules_prepare bzImage modules make HOSTCC=clang-14 CC=clang-14 ARCH=x86_64 INSTALL_MOD_PATH= modules_install cd find lib/ | cpio -o -H newc --quiet | gzip > modules.cgz git clone https://github.com/intel/lkp-tests.git cd lkp-tests bin/lkp qemu -k -m modules.cgz job-script # job-script is attached in this email # if come across any failure that blocks the test, # please remove ~/.lkp and /lkp dir to run from a clean state. --- 0DAY/LKP+ Test Infrastructure Open Source Technology Center https://lists.01.org/hyperkitty/list/lkp@lists.01.org Intel Corporation Thanks, Oliver Sang