From: kernel test robot <oliver.sang@intel.com>
To: Christoph Hellwig <hch@lst.de>
Cc: <oe-lkp@lists.linux.dev>, <lkp@intel.com>,
Andrew Morton <akpm@linux-foundation.org>,
Albert Ou <aou@eecs.berkeley.edu>,
"Alexander Gordeev" <agordeev@linux.ibm.com>,
Alexandre Ghiti <alex@ghiti.fr>,
"Andreas Larsson" <andreas@gaisler.com>,
Anton Ivanov <anton.ivanov@cambridgegreys.com>,
Arnd Bergmann <arnd@arndb.de>,
"Borislav Petkov (AMD)" <bp@alien8.de>,
Catalin Marinas <catalin.marinas@arm.com>,
Chris Mason <clm@fb.com>,
Christian Borntraeger <borntraeger@linux.ibm.com>,
Dan Williams <dan.j.williams@intel.com>,
"David S. Miller" <davem@davemloft.net>,
David Sterba <dsterba@suse.com>,
Heiko Carstens <hca@linux.ibm.com>,
Herbert Xu <herbert@gondor.apana.org.au>,
"H. Peter Anvin" <hpa@zytor.com>,
Huacai Chen <chenhuacai@kernel.org>,
Ingo Molnar <mingo@redhat.com>,
Johannes Berg <johannes@sipsolutions.net>,
Li Nan <linan122@huawei.com>,
Madhavan Srinivasan <maddy@linux.ibm.com>,
"Magnus Lindholm" <linmag7@gmail.com>,
Matt Turner <mattst88@gmail.com>,
"Michael Ellerman" <mpe@ellerman.id.au>,
Nicholas Piggin <npiggin@gmail.com>,
"Palmer Dabbelt" <palmer@dabbelt.com>,
Richard Henderson <richard.henderson@linaro.org>,
Richard Weinberger <richard@nod.at>,
"Russell King" <linux@armlinux.org.uk>,
Song Liu <song@kernel.org>, Sven Schnelle <svens@linux.ibm.com>,
Vasily Gorbik <gor@linux.ibm.com>,
WANG Xuerui <kernel@xen0n.name>, Will Deacon <will@kernel.org>,
<linux-raid@vger.kernel.org>, <linux-kernel@vger.kernel.org>,
<linux-riscv@lists.infradead.org>, <oliver.sang@intel.com>
Subject: [linux-next:master] [xor] ebbbf58989: BUG:KASAN:slab-out-of-bounds_in_xor_gen_avx
Date: Fri, 13 Mar 2026 17:56:40 +0800 [thread overview]
Message-ID: <202603131751.7ba6ffc8-lkp@intel.com> (raw)
Hello,
kernel test robot noticed "BUG:KASAN:slab-out-of-bounds_in_xor_gen_avx" on:
commit: ebbbf58989215f5c76b68c93e7d7a43e3a4b620a ("xor: pass the entire operation to the low-level ops")
https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git master
[test failed on linux-next/master f90aadf1c67c8b4969d1e5e6d4fd7227adb6e4d7]
in testcase: xfstests
version: xfstests-x86_64-63a29724-1_20260218
with following parameters:
disk: 6HDD
fs: btrfs
test: btrfs-group-14
config: x86_64-rhel-9.4-func
compiler: gcc-14
test machine: 8 threads 1 sockets Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz (Haswell) with 8G memory
(please refer to attached dmesg/kmsg for entire log/backtrace)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@intel.com>
| Closes: https://lore.kernel.org/oe-lkp/202603131751.7ba6ffc8-lkp@intel.com
The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20260313/202603131751.7ba6ffc8-lkp@intel.com
[ 79.007394][ T66] ==================================================================
[ 79.015339][ T66] BUG: KASAN: slab-out-of-bounds in xor_gen_avx+0x166/0x1b0 [xor]
[ 79.023007][ T66] Read of size 8 at addr ffff888135d50260 by task kworker/u32:2/66
[ 79.030748][ T66]
[ 79.032935][ T66] CPU: 4 UID: 0 PID: 66 Comm: kworker/u32:2 Tainted: G S 7.0.0-rc3-00077-gebbbf5898921 #1 PREEMPT(lazy)
[ 79.032940][ T66] Tainted: [S]=CPU_OUT_OF_SPEC
[ 79.032941][ T66] Hardware name: Dell Inc. OptiPlex 9020/0DNKMN, BIOS A05 12/05/2013
[ 79.032943][ T66] Workqueue: btrfs-rmw rmw_rbio_work [btrfs]
[ 79.033052][ T66] Call Trace:
[ 79.033054][ T66] <TASK>
[ 79.033056][ T66] dump_stack_lvl+0x47/0x70
[ 79.033062][ T66] print_address_description+0x88/0x320
[ 79.033067][ T66] ? xor_gen_avx+0x166/0x1b0 [xor]
[ 79.033071][ T66] print_report+0x106/0x1f4
[ 79.033074][ T66] ? __virt_addr_valid+0xc4/0x230
[ 79.033077][ T66] ? xor_gen_avx+0x166/0x1b0 [xor]
[ 79.033081][ T66] kasan_report+0xb5/0xf0
[ 79.033084][ T66] ? xor_gen_avx+0x166/0x1b0 [xor]
[ 79.033088][ T66] xor_gen_avx+0x166/0x1b0 [xor]
[ 79.033092][ T66] rmw_rbio+0xa8e/0x1230 [btrfs]
[ 79.033197][ T66] ? __pfx_rmw_rbio+0x10/0x10 [btrfs]
[ 79.033294][ T66] ? __pfx__raw_spin_lock+0x10/0x10
[ 79.033298][ T66] ? __switch_to+0x4c9/0xe70
[ 79.033303][ T66] ? lock_stripe_add+0x2a6/0x930 [btrfs]
[ 79.033390][ T66] process_one_work+0x668/0xf70
[ 79.033394][ T66] ? assign_work+0x131/0x3f0
[ 79.033396][ T66] worker_thread+0x505/0xd70
[ 79.033400][ T66] ? __pfx_worker_thread+0x10/0x10
[ 79.033405][ T66] kthread+0x353/0x470
[ 79.033419][ T66] ? recalc_sigpending+0x159/0x1f0
[ 79.033423][ T66] ? __pfx_kthread+0x10/0x10
[ 79.033425][ T66] ret_from_fork+0x32f/0x670
[ 79.033428][ T66] ? __pfx_ret_from_fork+0x10/0x10
[ 79.033431][ T66] ? switch_fpu+0x13/0x1f0
[ 79.033434][ T66] ? __switch_to+0x4c9/0xe70
[ 79.033446][ T66] ? __switch_to_asm+0x33/0x70
[ 79.033450][ T66] ? __pfx_kthread+0x10/0x10
[ 79.033452][ T66] ret_from_fork_asm+0x1a/0x30
[ 79.033465][ T66] </TASK>
[ 79.033467][ T66]
[ 79.207744][ T66] Allocated by task 8668:
[ 79.211925][ T66] kasan_save_stack+0x1e/0x70
[ 79.216456][ T66] kasan_save_track+0x10/0x30
[ 79.220993][ T66] __kasan_kmalloc+0x8b/0xb0
[ 79.225435][ T66] __kmalloc_noprof+0x1d8/0x5f0
[ 79.230156][ T66] alloc_rbio+0x230/0xcb0 [btrfs]
[ 79.235116][ T66] raid56_parity_write+0x41/0x530 [btrfs]
[ 79.240768][ T66] btrfs_submit_chunk+0x503/0x1670 [btrfs]
[ 79.246499][ T66] btrfs_submit_bbio+0x16/0x30 [btrfs]
[ 79.251882][ T66] submit_one_bio+0x20a/0x3b0 [btrfs]
[ 79.257189][ T66] submit_extent_folio+0x24e/0xb70 [btrfs]
[ 79.262928][ T66] extent_writepage_io+0x4ad/0x9f0 [btrfs]
[ 79.268666][ T66] extent_writepage+0x701/0x9b0 [btrfs]
[ 79.274145][ T66] extent_write_cache_pages+0x2c6/0xb70 [btrfs]
[ 79.280317][ T66] btrfs_writepages+0x1a9/0x470 [btrfs]
[ 79.285809][ T66] do_writepages+0x1d5/0x530
[ 79.290249][ T66] filemap_writeback+0x1d1/0x2b0
[ 79.295037][ T66] btrfs_fdatawrite_range+0x4f/0xf0 [btrfs]
[ 79.300861][ T66] btrfs_direct_write+0x4c0/0xaf0 [btrfs]
[ 79.306504][ T66] btrfs_do_write_iter+0x599/0x7b0 [btrfs]
[ 79.312240][ T66] vfs_write+0x4de/0xcf0
[ 79.316335][ T66] __x64_sys_pwrite64+0x18d/0x1f0
[ 79.321209][ T66] do_syscall_64+0x108/0x5b0
[ 79.325651][ T66] entry_SYSCALL_64_after_hwframe+0x76/0x7e
[ 79.331392][ T66]
[ 79.333578][ T66] The buggy address belongs to the object at ffff888135d50240
[ 79.333578][ T66] which belongs to the cache kmalloc-32 of size 32
[ 79.347302][ T66] The buggy address is located 0 bytes to the right of
[ 79.347302][ T66] allocated 32-byte region [ffff888135d50240, ffff888135d50260)
[ 79.361549][ T66]
[ 79.363733][ T66] The buggy address belongs to the physical page:
[ 79.369994][ T66] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x135d50
[ 79.378686][ T66] flags: 0x17ffffc0000000(node=0|zone=2|lastcpupid=0x1fffff)
[ 79.385905][ T66] page_type: f5(slab)
[ 79.389740][ T66] raw: 0017ffffc0000000 ffff88810c842780 dead000000000100 dead000000000122
[ 79.398171][ T66] raw: 0000000000000000 0000000800400040 00000000f5000000 0000000000000000
[ 79.406604][ T66] page dumped because: kasan: bad access detected
[ 79.412867][ T66]
[ 79.415052][ T66] Memory state around the buggy address:
[ 79.420534][ T66] ffff888135d50100: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[ 79.428454][ T66] ffff888135d50180: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[ 79.436375][ T66] >ffff888135d50200: fa fb fb fb fc fc fc fc 00 00 00 00 fc fc fc fc
[ 79.444285][ T66] ^
[ 79.451328][ T66] ffff888135d50280: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[ 79.459237][ T66] ffff888135d50300: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[ 79.467146][ T66] ==================================================================
[ 79.475064][ T66] Disabling lock debugging due to kernel taint
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
next reply other threads:[~2026-03-13 9:56 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-13 9:56 kernel test robot [this message]
2026-03-16 16:13 ` [linux-next:master] [xor] ebbbf58989: BUG:KASAN:slab-out-of-bounds_in_xor_gen_avx Christoph Hellwig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202603131751.7ba6ffc8-lkp@intel.com \
--to=oliver.sang@intel.com \
--cc=agordeev@linux.ibm.com \
--cc=akpm@linux-foundation.org \
--cc=alex@ghiti.fr \
--cc=andreas@gaisler.com \
--cc=anton.ivanov@cambridgegreys.com \
--cc=aou@eecs.berkeley.edu \
--cc=arnd@arndb.de \
--cc=borntraeger@linux.ibm.com \
--cc=bp@alien8.de \
--cc=catalin.marinas@arm.com \
--cc=chenhuacai@kernel.org \
--cc=clm@fb.com \
--cc=dan.j.williams@intel.com \
--cc=davem@davemloft.net \
--cc=dsterba@suse.com \
--cc=gor@linux.ibm.com \
--cc=hca@linux.ibm.com \
--cc=hch@lst.de \
--cc=herbert@gondor.apana.org.au \
--cc=hpa@zytor.com \
--cc=johannes@sipsolutions.net \
--cc=kernel@xen0n.name \
--cc=linan122@huawei.com \
--cc=linmag7@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-raid@vger.kernel.org \
--cc=linux-riscv@lists.infradead.org \
--cc=linux@armlinux.org.uk \
--cc=lkp@intel.com \
--cc=maddy@linux.ibm.com \
--cc=mattst88@gmail.com \
--cc=mingo@redhat.com \
--cc=mpe@ellerman.id.au \
--cc=npiggin@gmail.com \
--cc=oe-lkp@lists.linux.dev \
--cc=palmer@dabbelt.com \
--cc=richard.henderson@linaro.org \
--cc=richard@nod.at \
--cc=song@kernel.org \
--cc=svens@linux.ibm.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox