From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from esa6.hgst.iphmx.com (esa6.hgst.iphmx.com [216.71.154.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C26422D24B7 for ; Tue, 10 Feb 2026 07:33:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=216.71.154.45 ARC-Seal:i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1770708819; cv=fail; b=AgKQD2H2CPCaP1UKTD56vHs0p9ccUOACYo0qAxsTKRsAt3IFCOM96KQvjIbZYACe9wrYnKuRz12qIbKFnxdAGKwELZo7k3giyjXJJajCTU56Svlod4jrzVTU/GYy6Zpvfv3yvHTOWnw9boPNTztbxEvELVL1fQqN6ru+tVosTI4= ARC-Message-Signature:i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1770708819; c=relaxed/simple; bh=OIV9MNyFicTyTJYSH981gryxmszBpdHekm0N3dvjWv4=; h=From:To:CC:Subject:Date:Message-ID:References:In-Reply-To: Content-Type:MIME-Version; b=M3OnJc3dBZAHYqaifQ/fdHLlm4D59ilK10MsWIuHknmBTaYaj6WzVE9Ml4OoRqf5K6TbtI3CeU97zJv2S5TVEn304FLZlQLTAns8FSuuJ60QxEpJ/Ru7mx8LwAKr2B9ZPe7epvDkbdf7FBgC+NTcCKq+cMsvsjxPv6IrcnzXFDc= ARC-Authentication-Results:i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=wdc.com; spf=pass smtp.mailfrom=wdc.com; dkim=pass (2048-bit key) header.d=wdc.com header.i=@wdc.com header.b=EmptoP3g; dkim=pass (1024-bit key) header.d=sharedspace.onmicrosoft.com header.i=@sharedspace.onmicrosoft.com header.b=bujgTQPL; arc=fail smtp.client-ip=216.71.154.45 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=wdc.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=wdc.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=wdc.com header.i=@wdc.com header.b="EmptoP3g"; dkim=pass (1024-bit key) header.d=sharedspace.onmicrosoft.com header.i=@sharedspace.onmicrosoft.com header.b="bujgTQPL" DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=wdc.com; i=@wdc.com; q=dns/txt; s=dkim.wdc.com; t=1770708817; x=1802244817; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=OIV9MNyFicTyTJYSH981gryxmszBpdHekm0N3dvjWv4=; b=EmptoP3gxEjirZpuHGYANFuov1HRObMkrXzYkNcYaQM6YdSRL8cdQXWy rLbZR6pXs5VqL3VQV6LQ7zjyYDIuFtCq7BEcd5PGcNCT7+i8Nm9BdGrWF GyfGL/cdYAK+pZdA9q4ElrhxqOsbxgjsmRdIg9xHris0WgTWVYYkJ0zhp SYGpKV9SyOvNJ+BfJ3WSwi7Eo/i/Pp9oMnWcfsTRar6jKnejsh71oZuUF 3VzLd64CpLFV+yPCMCEOz/9B7aYym11wJO0UHAOr+VU5pDoTAFMbFnY39 WCGtGFhmEvs1K3vmW9BFxL6QGTxSXWG+GFjHAYs22nt4DsY5O1XzGp3hl Q==; X-CSE-ConnectionGUID: 8EpnaOuDRRescZZ1+6sK0w== X-CSE-MsgGUID: yTC6pkPwS22mRtrYVvp1MQ== X-IronPort-AV: E=Sophos;i="6.21,283,1763395200"; d="scan'208";a="139583153" Received: from mail-centralusazon11011008.outbound.protection.outlook.com (HELO DM5PR21CU001.outbound.protection.outlook.com) ([52.101.62.8]) by ob1.hgst.iphmx.com with ESMTP/TLS/ECDHE-RSA-AES128-GCM-SHA256; 10 Feb 2026 15:33:36 +0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=nyz4fVDaUkJhihE41XAeoAdWAEGAihwaSqb3BCfrHqIfOpj1pkB1TBAY0CuqgdQb7Ft7L32/h9QGebFEFbTN22XvtNXnjQkvcpUUkRMMoZpzONFkiiCEPPAR0NpvpJHi6B8OZl2IZB66Jdzf+qZaFN3epW5WDGh6E5Va1xHRsjzXshB8VZplHJhiKV4Mbpvfuj0IOt+u3cghkKx/zvqT3a8lwIgGO1LlwMuNE4FcdXNC6XH/aqgZwFfwJ5CFts/pTRn2qMwqqwTkkfjHKiWLj5Us5fzcNBU2lO5wr3h5/Q2uBvsTX1n4YQQVRaDduRA9aOhYUYtwN09sHYH/XEQ3+g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=2UsuPweuCZ+Jjm3MBGTn8qy0rnKZnxfS5YMFH16ChL8=; b=BdwKl0YkbmvIwE+Ld8bMxa8FcexlKad0DtcNdNQurIQJSV5tuAgOjVmo4mU74eDcXpfbywBSkgLSeOh8e2PS/jAeRjjHzZtoN1dxxXxQCxYUCJyQfg8AW6OR6YfUggp5f/s7UoYZ7DiSx3cZpgr77fNweiYCyNsDOrd4UMD2KhIDA4g99JR4N12UluejvYw+hwCXaCp82afdgyPeEetvIcNsiDH4Ra2kmXn2+HqTAX9G8IKD1TRWD8dtWzj/eIssEoAUn/W9hLCTIbstA3DvWb0GWOWIKEFF+9wrN5XRQeqdPFCCU0WxeVstqWH4lM7Onv0CtwmF/MgaZgq4tCYBsw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=wdc.com; dmarc=pass action=none header.from=wdc.com; dkim=pass header.d=wdc.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sharedspace.onmicrosoft.com; s=selector2-sharedspace-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2UsuPweuCZ+Jjm3MBGTn8qy0rnKZnxfS5YMFH16ChL8=; b=bujgTQPLTXAnMlzZMfiUxTI8YuHv9akuz80ykLIR/M2cGzTaFXW+Lvo45jCQGIHzL3B1Nzb70PM7VGot3mpXAeLjLEpxDKcyk4t1ubyFLCJGtHIeIrFX/8pdg9CF80WI2lkGgmHuU3HRIOQ/cxj6n23Jnzf3/8wRzjM1OQ8m+Ig= Received: from SN7PR04MB8532.namprd04.prod.outlook.com (2603:10b6:806:350::6) by SJ0PR04MB7376.namprd04.prod.outlook.com (2603:10b6:a03:295::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9611.8; Tue, 10 Feb 2026 07:33:33 +0000 Received: from SN7PR04MB8532.namprd04.prod.outlook.com ([fe80::4e14:94e7:a9b3:a4d4]) by SN7PR04MB8532.namprd04.prod.outlook.com ([fe80::4e14:94e7:a9b3:a4d4%5]) with mapi id 15.20.9611.004; Tue, 10 Feb 2026 07:33:33 +0000 From: Shinichiro Kawasaki To: Thomas Gleixner CC: LKML , Ihor Solodrai , Shrikanth Hegde , Peter Zijlstra , Mathieu Desnoyers , Michael Jeanson Subject: Re: [patch V2 3/4] sched/mmcid: Drop per CPU CID immediately when switching to per task mode Thread-Topic: [patch V2 3/4] sched/mmcid: Drop per CPU CID immediately when switching to per task mode Thread-Index: AQHcml+PLO/xV8naRkaVyFCdn6e9ig== Date: Tue, 10 Feb 2026 07:33:33 +0000 Message-ID: References: <20260201192234.380608594@kernel.org> <20260201192835.032221009@kernel.org> In-Reply-To: <20260201192835.032221009@kernel.org> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=wdc.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: SN7PR04MB8532:EE_|SJ0PR04MB7376:EE_ x-ms-office365-filtering-correlation-id: 7dd30bb1-190b-4152-1d57-08de6876b21d wdcipoutbound: EOP-TRUE x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0;ARA:13230040|366016|1800799024|376014|19092799006|38070700021; x-microsoft-antispam-message-info: =?us-ascii?Q?Fum3zdmaEm1IgojBdrsPSoYuSVgPFQqvZIQKdM5rRXo/4vgoK2o1Bxh38rMP?= =?us-ascii?Q?BStH3mk0O/I0FaYsS+hyr/Y8Tq5Lx2ccXZku9mgs1itZanjlLCFIpq3A+i/6?= =?us-ascii?Q?MkYLgLO3EDidAKubFSF50poHeZaEmYI0O9zjbj0ZngHzlCwtJPYiXxbfPRd2?= =?us-ascii?Q?4ixHyyQEbaO+0LljlgcsETgYKavFhWkIf6pLhd1qDUQBkCRoFMOyWLZnemnG?= =?us-ascii?Q?tB+A5+va7JAKxm7lTZ7ggJKA4lbb9u8WDMfI3GTBZcEug/KpKC/I8WUuLv18?= =?us-ascii?Q?82p1eRiab5INlC63OwY/mmIiCWOlruEFL7P1M4tO/SoFFsG3LRdE1BjHqDmt?= =?us-ascii?Q?7Yl4qQICw7ZUy59nWrHMWh+NPy3ud0fkz03TA7sgCoW1KNHoTkgNxikitolU?= =?us-ascii?Q?xeLPvR3JCH4eUR+WZM6rZZdExXa+iykDZPbEdw9/Iv7t6cEFVw1zh/MIbvmv?= =?us-ascii?Q?EFnqWEAWVaAJMKNiyi1Kkcb6WF9BjVV8xOiTebwK2QLCfKuj8Keo741Ei9kD?= =?us-ascii?Q?bv1ODoW/IDl9D6zV1DjHrBNdNw+7Kx1Aomg4/1mAZoMUkNs9kl0m/1Txr9Zs?= =?us-ascii?Q?R+uSpN8jFqaz2sMj/SAKUigUU03fk3eFP5wpDSrGZr8CfZ9fO/v1AG7gr35W?= =?us-ascii?Q?Q8bpqacQF4iCxC8A9CDxzKeLpDEDL3nBowCtH4rR5feFfjUpET/7zFH/fPa6?= =?us-ascii?Q?gz3HID2J6SMMUq3AQMuz/tlNx1X3qP4z5R5Pe79mzK7qHVi59LYN8b+HDNjC?= =?us-ascii?Q?1UvS/1J25uRZ2Uxz+ln4Ziq7v9uSUgegQ4s9aXG8yjVR74kEcECHmcKadmDD?= =?us-ascii?Q?VOLorOTVEjUXtovGh8Mkptmw2OX41QWtoDM/bYfvHgTzb99QzVBTuyC9RRJI?= =?us-ascii?Q?NwdVAJePyxwAc+6CGZtv0N5EDF3+i+9aR2DqqXZ6MlicuFO5TtkqxVuHo6Y6?= =?us-ascii?Q?8sjRQKaooDpOcaGLhLWjXnewqm9KmBgzHUopBTOG2qfJUiw0f40pQKu4LLl0?= =?us-ascii?Q?6fMZ7j3e1asEEJVULap7OJSdNF640V7d6fAT0fb5hHDEM5Wr6zS5C8as5+uP?= =?us-ascii?Q?LEHPWIhLaTGhMOAaxnTAAKGwGW47yzbKXUy+9eob6DvPQZessVc+jFNn9ndP?= =?us-ascii?Q?w/q3jfRpIR3ozoEf6f7RfrrzX7rHisL4h28A5ApoSCRcknfs4BgpCLtjD5Rc?= =?us-ascii?Q?xg0yUo6yKD5E8yl2eNTySpyanRh/vpW9uIh1gkh7ZfjFSoidftLihu8P1VVH?= =?us-ascii?Q?2nhQqzXqJ8CBC9RTR6mtROKmbpw/N4maNMIeG72N4DAAHaYAlK5LG2X9ZxUK?= =?us-ascii?Q?ztExp5S3gX1Muq3M9N5MDupd7hwXaNCIKXyTUHyGR+iSrDnnVAC/A91cTOnP?= =?us-ascii?Q?3UeUV+TIQxJo5W+2sTtGXzo3g4DHjVl6imoIeuI/8Hr+wXhXH9xj3vjDNVfi?= =?us-ascii?Q?3YsBTWZly1nlLlV582SaZyEuvgGBKfBN539DDmKtssErmJDTXqTMc+Yi+aIF?= =?us-ascii?Q?QQsCDNTVbztMIuqXd2pogcowSprH53Eb8xl7eaDmVPo659rLpjOgGa6ueBDg?= =?us-ascii?Q?/yLqeP6BPOJbYdIGSwlD9AIV2C9BXrbhy1QLofttNIkbCgUc2nXQnt0maeEZ?= =?us-ascii?Q?pN9Mb9uBGu+gVuiPnM1EMU0=3D?= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN7PR04MB8532.namprd04.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(366016)(1800799024)(376014)(19092799006)(38070700021);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?6ngw8Bbj+ltC+BhLFZSeaq/dW6kpwBtojuUzhj2AzsRCXGzkitSB5caWvOHd?= =?us-ascii?Q?r76I49PejKIPxi5Bc1eDYYFfvc1SmRgFpaDVjz6GihStNCksk/xjJboKCl7n?= =?us-ascii?Q?XyxGpwxvci39oWAddKPNjTUcj0NWsdl9BVfb1+wUwmFODUUn+sj4WOnFbyie?= =?us-ascii?Q?AU/VaiL8I5vAG7VjrCBGDMhyuYGIZbwNTlz8OFxdlsi4sFriYNdcekuYkCmx?= =?us-ascii?Q?2GZPAEm7I5B7weoykkoJkCJCFjfRO+IXUlT2bXcG4m8qmz8PWctADgixcYSs?= =?us-ascii?Q?fcr9nfl9+5k67qh7iTYrMV/rUUxdqAFwkIdPbqyONU2wJxClEIXc80Wz/gOn?= =?us-ascii?Q?zSJrKaXf45aUzJdL4N8EHJhWgo7YTozPGBD83pKhToocRra/xGJN2BuugiVx?= =?us-ascii?Q?WZ1qdk02/GIq84jIP7TM7/84/E3HpDLksr7vqLTuqxgcXbc4TCtmxLiAXej4?= =?us-ascii?Q?BEbb9ByZZWcQB0Blt023OKm7GiylJoJbaOCjw6eKtB0+HW/R47o+kSZz4rix?= =?us-ascii?Q?prL4M1JhLHXlYeMNRMVkpbY2+XvjUTemVvLJKqMXsr+riaATI4wf3zmO63+0?= =?us-ascii?Q?h6G9dfAKw584HBK/T/PsIU48iZ0PlS4DAYmTbSid3HhDn8Psp33IbPTdT1GX?= =?us-ascii?Q?tI2yY3hZVO57+J0L99r9rRJDlU3tmqhd+v/pNHr/H0OaZARNldZxxNczObvL?= =?us-ascii?Q?bziqFoo0qdwASnWUuJGEY1OddFEWNehL6xIwpK3lL/iEtn9WokCajlyIwzSv?= =?us-ascii?Q?aTJm+VJAq4j8ShiE77OYxAbAMOgsTbcNQoBU1Rbpng/Uy50vfRZj5B4ImhYq?= =?us-ascii?Q?r0rsEG0iZkdip2sv7+RO2Bef7RaF+YwwzYIkyy1cwtdV39lWHUgErsaGA7N+?= =?us-ascii?Q?/mLYPnSGyCRm8pV+idFwosS37f7CuPTjeifTF4X0huGbca+dRIYpC2X2nBcs?= =?us-ascii?Q?9g6BrkiMfuJUwaKb2AbtMvM4lj/EAfuHybXZL/gRspmCmVFVIvK1KQguh+6f?= =?us-ascii?Q?6h4wRCDSY7p2FjfYdg/KOJj0DgVMQf5am8279dAaOEytE8QRbNHFvH7g1Jxu?= =?us-ascii?Q?Bt+fruK42wGSSuhbd9l1uq96XHFj21kmwLARVmIUjXCJ/bd3APrOSgYDeb1z?= =?us-ascii?Q?yrr+/uYhm9ZtNbkgUn2+5syIxFozLR4Q9UBVb4QUaeBggidb46U/tUjf+vN5?= =?us-ascii?Q?QReTytL0lVZt9Oh9whfGsmRcaWkoWt659A01dnhCd8VdTo4TchwA8ghsOTnT?= =?us-ascii?Q?Ap7A5masRU8ZIhqtkbzlfLyJc9XUyGZ+BI3RshZmRbZH0d/0b0rXvnczt2/w?= =?us-ascii?Q?Vdz9JGaeg167xyix/X4taTMWVj/VdoNlLhFfI2VL5g781tGzY5nigLu0s6M+?= =?us-ascii?Q?8ffTpwIrLz5vHuHe5OBwYgD74sESo/1Wgf2rkJOqDDYfhjc1ljgxFxuFIjmw?= =?us-ascii?Q?MT8zGd89msvODsvvs0CgP27QIYaP4G9Q3poj8DM6W2K4VhM97UnpJ8wwOqbf?= =?us-ascii?Q?F/N27Ml67TSZQ8lybpw+vIDolZC7jIwgiAj9TwEH1zAiPpWteRn0gLeFgkL3?= =?us-ascii?Q?XV+gSgwL+9bHFf0RWsGnVsR7oRTwSbfBVwucSW8r+Yav+8e5MrPqGvDjw7va?= =?us-ascii?Q?NoB0E8/6GKJ02aLsOjcO9k6RL+GhlTa25hWdfaxR3JZmnKA9r6cGcDdnAu2c?= =?us-ascii?Q?jC6ruQJ/eI0Ft0NluBB3FSbV1b9iRDePJYbZ4sB0lwI2xEHem8s+hs4r4xZa?= =?us-ascii?Q?FsB0avtCofHkC5iqhltoDWBhgEz4Xpo=3D?= Content-Type: text/plain; charset="us-ascii" Content-ID: Content-Transfer-Encoding: quoted-printable Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-MS-Exchange-AntiSpam-ExternalHop-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-ExternalHop-MessageData-0: NziBwNaxejw7UMfacVrWIOvHv/yyBHy69QlmCUgLRyWMJWwJYiE9D36vHmf8NIq4CYMaok147elUxwQQryunxJjp8Y9W5Yic3kCso3HWd2bJvrb9cWhdH2O6uKp1iP3/KFEQPLMMwutrvh1cTdMVprDW4BxlMdxgL8rxRCB0ENG20jeWYcpUiDqk7jjgRXyPcYNfMspSjuDepHLmqEYt3q6IX8bbzQwjTHSzkwdpFkddgVOEoifFWdKeHGgIMMtRexN4FoBeKGXd3ok3VYQmVgUOwQov0KNXq5XcPD9nHI8TXgY6hvRP/9009GYmUwxVauJILhLH1tFYTejnelC6ThpHCDTuh6hmAbeWooJiUnFagK7YhpsXxOxrmBuHAaeYGNQJwa6OFJVjO9kDb582m6OLFqyb/HXiMgetbOYDIzGbZ0oh2l4HwFlw5tRFdy1idnK4/L+AQL/GNeJAkODZRueTSJz5nKyPQsucs7ojXhjtAFB1ScC3x9wRHGsNm2PsgOBkxfez/c/IUJpLN78OpRDs6Hs0K7+VWqUpLaLXWs8efJdPCnv0BsufD18IPoMWKcNj0Tp/TLycsk6RMWkWoL5EDezSYYPt4tLbzMZIIk7Kh6EJg5lNednVjCXekS0j X-OriginatorOrg: wdc.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: SN7PR04MB8532.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 7dd30bb1-190b-4152-1d57-08de6876b21d X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Feb 2026 07:33:33.6833 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: b61c8803-16f3-4c35-9b17-6f65f441df86 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: s9uniVaGIqtTnBVev1ijsFwjMryI8bPeqxEBeOFJ6iJSghUJCzGrfWp3mrGvWVQxnrTpdbSecD3aCoBVWVOsBf6EnEE2JXfYob4hY2yY1ds= X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR04MB7376 On Feb 02, 2026 / 10:39, Thomas Gleixner wrote: > When a exiting task initiates the switch from per CPU back to per task > mode, it has already dropped its CID and marked itself inactive. But a > leftover from an earlier iteration of the rework then reassigns the per > CPU CID to the exiting task with the transition bit set. >=20 > That's wrong as the task is already marked CID inactive, which means it i= s > inconsistent state. It's harmless because the CID is marked in transit an= d > therefore dropped back into the pool when the exiting task schedules out > either through preemption or the final schedule(). >=20 > Simply drop the per CPU CID when the exiting task triggered the transitio= n. >=20 > Fixes: fbd0e71dc370 ("sched/mmcid: Provide CID ownership mode fixup funct= ions") > Signed-off-by: Thomas Gleixner > Reviewed-by: Mathieu Desnoyers Hello all, While I evaluated v6.19 kernel, I observed a BUG KASAN. The KASAN is recrea= ted in stable manner by running the test case zbd/013 of blktests [1] on some o= f my test systems. I bisected and found that this patch as the commit 007d84287c= 74 triggered the KASAN. When I reverted this patch from v6.19 kernel, the KASA= N disappeared. Of note is that the KASAN symptom slightly varies for each run= . I observed KASAN slab-use-after-free [2], use-after-free [3] and slab-out-of- bounds [4]. All those KASANs happened "in sched_mm_cid_exit". Actions for fix will be appreciated. If I can help by trying trial some pat= ches on my test systems, please let me know. [1] https://github.com/linux-blktests/blktests [2] KASAN slab-use-after-free [ 64.540760] [ T1234] run blktests zbd/013 at 2026-02-10 11:06:48 [ 64.638773] [ T1252] null_blk: disk nullb1 created [ 64.749061] [ T1252] null_blk: nullb2: using native zone append [ 64.764569] [ T1252] null_blk: disk nullb2 created [ 65.767294] [ T1296] =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D [ 65.768341] [ T1296] BUG: KASAN: slab-use-after-free in sched_mm_cid_e= xit+0x298/0x500 [ 65.769378] [ T1296] Write of size 8 at addr ffff888149792410 by task = cryptsetup/1296 [ 65.770700] [ T1296] CPU: 1 UID: 0 PID: 1296 Comm: cryptsetup Not tain= ted 6.19.0 #571 PREEMPT(voluntary)=20 [ 65.770705] [ T1296] Hardware name: QEMU Standard PC (i440FX + PIIX, 1= 996), BIOS 1.16.3-4.fc42 04/01/2014 [ 65.770709] [ T1296] Call Trace: [ 65.770711] [ T1296] [ 65.770713] [ T1296] dump_stack_lvl+0x6a/0x90 [ 65.770718] [ T1296] ? sched_mm_cid_exit+0x298/0x500 [ 65.770721] [ T1296] print_report+0x170/0x4f3 [ 65.770725] [ T1296] ? __virt_addr_valid+0x22e/0x4e0 [ 65.770729] [ T1296] ? sched_mm_cid_exit+0x298/0x500 [ 65.770732] [ T1296] kasan_report+0xad/0x150 [ 65.770737] [ T1296] ? sched_mm_cid_exit+0x298/0x500 [ 65.770742] [ T1296] kasan_check_range+0x115/0x1f0 [ 65.770745] [ T1296] sched_mm_cid_exit+0x298/0x500 [ 65.770750] [ T1296] do_exit+0x25e/0x24c0 [ 65.770755] [ T1296] ? __pfx_do_exit+0x10/0x10 [ 65.770758] [ T1296] ? lockdep_hardirqs_on+0x88/0x130 [ 65.770761] [ T1296] ? entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 65.770764] [ T1296] ? do_syscall_64+0x1d7/0x540 [ 65.770766] [ T1296] ? do_raw_spin_lock+0x124/0x260 [ 65.770769] [ T1296] ? lock_acquire+0x180/0x300 [ 65.770771] [ T1296] ? find_held_lock+0x2b/0x80 [ 65.770775] [ T1296] __x64_sys_exit+0x3e/0x50 [ 65.770780] [ T1296] x64_sys_call+0x14fe/0x1500 [ 65.770784] [ T1296] do_syscall_64+0x95/0x540 [ 65.770787] [ T1296] ? lockdep_hardirqs_on+0x88/0x130 [ 65.770790] [ T1296] ? _raw_spin_unlock_irq+0x24/0x50 [ 65.770792] [ T1296] ? _raw_spin_unlock_irq+0x34/0x50 [ 65.770795] [ T1296] ? __x64_sys_rt_sigprocmask+0x23d/0x400 [ 65.770798] [ T1296] ? __pfx___x64_sys_rt_sigprocmask+0x10/0x10 [ 65.770800] [ T1296] ? rcu_nocb_unlock_irqrestore+0x87/0xb0 [ 65.770804] [ T1296] ? rcu_do_batch+0x867/0xd90 [ 65.770809] [ T1296] ? lockdep_hardirqs_on+0x88/0x130 [ 65.770811] [ T1296] ? entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 65.770813] [ T1296] ? do_syscall_64+0x1d7/0x540 [ 65.770816] [ T1296] ? __pfx_sched_clock_cpu+0x10/0x10 [ 65.770819] [ T1296] ? lock_is_held_type+0xd5/0x140 [ 65.770824] [ T1296] ? irqtime_account_irq+0xe4/0x330 [ 65.770827] [ T1296] ? lockdep_softirqs_on+0xc3/0x140 [ 65.770829] [ T1296] ? __irq_exit_rcu+0x126/0x240 [ 65.770832] [ T1296] ? handle_softirqs+0x6c5/0x790 [ 65.770836] [ T1296] ? __pfx_handle_softirqs+0x10/0x10 [ 65.770839] [ T1296] ? irqtime_account_irq+0x1a2/0x330 [ 65.770842] [ T1296] ? lockdep_hardirqs_on_prepare+0xce/0x1b0 [ 65.770844] [ T1296] ? irqentry_exit+0xe2/0x6a0 [ 65.770848] [ T1296] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 65.770850] [ T1296] RIP: 0033:0x7f96978fef89 [ 65.770854] [ T1296] Code: ff 31 c9 48 89 88 20 06 00 00 31 c0 87 07 8= 3 e8 01 7f 19 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 31 ff b8 3c 00 00 0= 0 0f 05 f5 89 95 74 ff ff ff e8 9a d0 ff ff 83 bd 74 ff ff ff 01 0f 85 [ 65.770856] [ T1296] RSP: 002b:00007f9691de0d30 EFLAGS: 00000246 ORIG_= RAX: 000000000000003c [ 65.770861] [ T1296] RAX: ffffffffffffffda RBX: 00007f9691de16c0 RCX: = 00007f96978fef89 [ 65.770863] [ T1296] RDX: 0000000000000000 RSI: 0000000000800000 RDI: = 0000000000000000 [ 65.770865] [ T1296] RBP: 00007f9691de0df0 R08: 0000000015fc5864 R09: = 0000000000000000 [ 65.770866] [ T1296] R10: 0000000000000008 R11: 0000000000000246 R12: = 00007f9691de16c0 [ 65.770867] [ T1296] R13: 00007fff8d18af10 R14: 00007f9691de1cdc R15: = 00007fff8d18b017 [ 65.770875] [ T1296] [ 65.805902] [ T1296] Allocated by task 668: [ 65.806662] [ T1296] kasan_save_stack+0x2c/0x50 [ 65.807400] [ T1296] kasan_save_track+0x10/0x30 [ 65.808130] [ T1296] __kasan_slab_alloc+0x7a/0x90 [ 65.808842] [ T1296] kmem_cache_alloc_noprof+0x238/0x7a0 [ 65.809569] [ T1296] getname_flags.part.0+0x48/0x4d0 [ 65.810280] [ T1296] do_sys_openat2+0xa8/0x180 [ 65.810972] [ T1296] __x64_sys_openat+0x10a/0x200 [ 65.811637] [ T1296] do_syscall_64+0x95/0x540 [ 65.812267] [ T1296] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 65.813538] [ T1296] Freed by task 668: [ 65.814189] [ T1296] kasan_save_stack+0x2c/0x50 [ 65.814884] [ T1296] kasan_save_track+0x10/0x30 [ 65.815545] [ T1296] kasan_save_free_info+0x37/0x70 [ 65.816318] [ T1296] __kasan_slab_free+0x67/0x80 [ 65.817002] [ T1296] kmem_cache_free+0x1ae/0x6d0 [ 65.817700] [ T1296] audit_reset_context+0x3c7/0xeb0 [ 65.818401] [ T1296] syscall_exit_work+0x17f/0x1b0 [ 65.819124] [ T1296] do_syscall_64+0x2fe/0x540 [ 65.819812] [ T1296] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 65.821100] [ T1296] The buggy address belongs to the object at ffff88= 8149792200 which belongs to the cache names_cache of size 4= 096 [ 65.822824] [ T1296] The buggy address is located 528 bytes inside of freed 4096-byte region [ffff888149792200, ffff88= 8149793200) [ 65.825027] [ T1296] The buggy address belongs to the physical page: [ 65.825856] [ T1296] page: refcount:0 mapcount:0 mapping:0000000000000= 000 index:0x0 pfn:0x149790 [ 65.826846] [ T1296] head: order:3 mapcount:0 entire_mapcount:0 nr_pag= es_mapped:0 pincount:0 [ 65.827840] [ T1296] flags: 0x17ffffc0000040(head|node=3D0|zone=3D2|la= stcpupid=3D0x1fffff) [ 65.828768] [ T1296] page_type: f5(slab) [ 65.829405] [ T1296] raw: 0017ffffc0000040 ffff888100902b40 ffffea0005= 314600 dead000000000002 [ 65.830402] [ T1296] raw: 0000000000000000 0000000000070007 00000000f5= 000000 0000000000000000 [ 65.831493] [ T1296] head: 0017ffffc0000040 ffff888100902b40 ffffea000= 5314600 dead000000000002 [ 65.832644] [ T1296] head: 0000000000000000 0000000000070007 00000000f= 5000000 0000000000000000 [ 65.833723] [ T1296] head: 0017ffffc0000003 ffffea000525e401 00000000f= fffffff 00000000ffffffff [ 65.834798] [ T1296] head: ffffffffffffffff 0000000000000000 00000000f= fffffff 0000000000000008 [ 65.835827] [ T1296] page dumped because: kasan: bad access detected [ 65.837253] [ T1296] Memory state around the buggy address: [ 65.838039] [ T1296] ffff888149792300: fb fb fb fb fb fb fb fb fb fb = fb fb fb fb fb fb [ 65.838991] [ T1296] ffff888149792380: fb fb fb fb fb fb fb fb fb fb = fb fb fb fb fb fb [ 65.839939] [ T1296] >ffff888149792400: fb fb fb fb fb fb fb fb fb fb = fb fb fb fb fb fb [ 65.840894] [ T1296] ^ [ 65.841569] [ T1296] ffff888149792480: fb fb fb fb fb fb fb fb fb fb = fb fb fb fb fb fb [ 65.842554] [ T1296] ffff888149792500: fb fb fb fb fb fb fb fb fb fb = fb fb fb fb fb fb [ 65.843504] [ T1296] =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D [ 65.844500] [ T1296] Disabling lock debugging due to kernel taint [ 71.925834] [ T1650] device-mapper: zone: dm-0 using emulated zone app= end [ 72.474170] [ C1] hrtimer: interrupt took 1119829 ns [3] KASAN use-after-free [ 145.885127] [ T1246] run blktests zbd/013 at 2026-02-10 10:57:04 [ 145.985394] [ T1264] null_blk: disk nullb1 created [ 146.091908] [ T1264] null_blk: nullb2: using native zone append [ 146.106425] [ T1264] null_blk: disk nullb2 created [ 147.822863] [ T1479] =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D [ 147.823592] [ T1479] BUG: KASAN: use-after-free in sched_mm_cid_exit+0= x298/0x500 [ 147.824479] [ T1479] Write of size 8 at addr ffff8881185cb050 by task = cryptsetup/1479 [ 147.825468] [ T1479] CPU: 2 UID: 0 PID: 1479 Comm: cryptsetup Not tain= ted 6.19.0 #571 PREEMPT(voluntary)=20 [ 147.825472] [ T1479] Hardware name: QEMU Standard PC (i440FX + PIIX, 1= 996), BIOS 1.16.3-4.fc42 04/01/2014 [ 147.825476] [ T1479] Call Trace: [ 147.825478] [ T1479] [ 147.825480] [ T1479] dump_stack_lvl+0x6a/0x90 [ 147.825484] [ T1479] ? sched_mm_cid_exit+0x298/0x500 [ 147.825487] [ T1479] print_report+0x170/0x4f3 [ 147.825490] [ T1479] ? __virt_addr_valid+0x22e/0x4e0 [ 147.825494] [ T1479] ? sched_mm_cid_exit+0x298/0x500 [ 147.825496] [ T1479] kasan_report+0xad/0x150 [ 147.825500] [ T1479] ? sched_mm_cid_exit+0x298/0x500 [ 147.825504] [ T1479] kasan_check_range+0x115/0x1f0 [ 147.825507] [ T1479] sched_mm_cid_exit+0x298/0x500 [ 147.825510] [ T1479] do_exit+0x25e/0x24c0 [ 147.825514] [ T1479] ? lockdep_hardirqs_on+0x88/0x130 [ 147.825517] [ T1479] ? __pfx_do_exit+0x10/0x10 [ 147.825520] [ T1479] ? irqtime_account_irq+0xe4/0x330 [ 147.825524] [ T1479] __x64_sys_exit+0x3e/0x50 [ 147.825526] [ T1479] x64_sys_call+0x14fe/0x1500 [ 147.825529] [ T1479] do_syscall_64+0x95/0x540 [ 147.825531] [ T1479] ? __pfx_handle_softirqs+0x10/0x10 [ 147.825534] [ T1479] ? irqtime_account_irq+0x1a2/0x330 [ 147.825536] [ T1479] ? lockdep_hardirqs_on_prepare+0xce/0x1b0 [ 147.825539] [ T1479] ? irqentry_exit+0xe2/0x6a0 [ 147.825542] [ T1479] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 147.825544] [ T1479] RIP: 0033:0x7f505e211f89 [ 147.825547] [ T1479] Code: ff 31 c9 48 89 88 20 06 00 00 31 c0 87 07 8= 3 e8 01 7f 19 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 31 ff b8 3c 00 00 0= 0 0f 05 f5 89 95 74 ff ff ff e8 9a d0 ff ff 83 bd 74 ff ff ff 01 0f 85 [ 147.825549] [ T1479] RSP: 002b:00007f50585fbd30 EFLAGS: 00000246 ORIG_= RAX: 000000000000003c [ 147.825553] [ T1479] RAX: ffffffffffffffda RBX: 00007f50585fc6c0 RCX: = 00007f505e211f89 [ 147.825555] [ T1479] RDX: 0000000000000000 RSI: 0000000000800000 RDI: = 0000000000000000 [ 147.825556] [ T1479] RBP: 00007f50585fbdf0 R08: 00005566eb14ea20 R09: = 00005566eb14ea38 [ 147.825558] [ T1479] R10: 0000000000000008 R11: 0000000000000246 R12: = 00007f50585fc6c0 [ 147.825559] [ T1479] R13: 00007fff4289e220 R14: 00007f50585fccdc R15: = 00007fff4289e327 [ 147.825564] [ T1479] [ 147.844213] [ T1479] The buggy address belongs to the physical page: [ 147.845137] [ T1479] page: refcount:0 mapcount:0 mapping:0000000000000= 000 index:0x10 pfn:0x1185cb [ 147.846323] [ T1479] flags: 0x17ffffc0000000(node=3D0|zone=3D2|lastcpu= pid=3D0x1fffff) [ 147.847389] [ T1479] raw: 0017ffffc0000000 dead000000000100 dead000000= 000122 0000000000000000 [ 147.848662] [ T1479] raw: 0000000000000010 0000000000000000 00000000ff= ffffff 0000000000000000 [ 147.849887] [ T1479] page dumped because: kasan: bad access detected [ 147.851495] [ T1479] Memory state around the buggy address: [ 147.852479] [ T1479] ffff8881185caf00: ff ff ff ff ff ff ff ff ff ff = ff ff ff ff ff ff [ 147.853600] [ T1479] ffff8881185caf80: ff ff ff ff ff ff ff ff ff ff = ff ff ff ff ff ff [ 147.854690] [ T1479] >ffff8881185cb000: ff ff ff ff ff ff ff ff ff ff = ff ff ff ff ff ff [ 147.855852] [ T1479] = ^ [ 147.856798] [ T1479] ffff8881185cb080: ff ff ff ff ff ff ff ff ff ff = ff ff ff ff ff ff [ 147.857855] [ T1479] ffff8881185cb100: ff ff ff ff ff ff ff ff ff ff = ff ff ff ff ff ff [ 147.858857] [ T1479] =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D [ 147.859888] [ T1479] Disabling lock debugging due to kernel taint [ 153.349607] [ T1982] device-mapper: zone: dm-0 using emulated zone app= end [ 153.715923] [ C3] hrtimer: interrupt took 475570 ns [ 282.408372] [ T3034] null_blk: disk nullb0 created [ 282.409360] [ T3034] null_blk: module loaded [4] KASAN slab-out-of-bounds Feb 09 15:14:28 testnode2 unknown: run blktests zbd/013 at 2026-02-09 15:14= :28 Feb 09 15:14:28 testnode2 kernel: null_blk: disk nullb1 created Feb 09 15:14:28 testnode2 kernel: null_blk: nullb2: using native zone appen= d Feb 09 15:14:28 testnode2 kernel: null_blk: disk nullb2 created Feb 09 15:14:29 testnode2 kernel: =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D Feb 09 15:14:29 testnode2 kernel: BUG: KASAN: slab-out-of-bounds in sched_m= m_cid_exit+0x298/0x500 Feb 09 15:14:29 testnode2 kernel: Write of size 8 at addr ffff8881580db050 = by task cryptsetup/136938 Feb 09 15:14:29 testnode2 kernel:=20 Feb 09 15:14:29 testnode2 kernel: CPU: 3 UID: 0 PID: 136938 Comm: cryptsetu= p Not tainted 6.19.0 #571 PREEMPT(voluntary)=20 Feb 09 15:14:29 testnode2 kernel: Hardware name: QEMU Standard PC (i440FX += PIIX, 1996), BIOS 1.16.3-4.fc42 04/01/2014 Feb 09 15:14:29 testnode2 kernel: Call Trace: Feb 09 15:14:29 testnode2 kernel: Feb 09 15:14:29 testnode2 kernel: dump_stack_lvl+0x6a/0x90 Feb 09 15:14:29 testnode2 kernel: ? sched_mm_cid_exit+0x298/0x500 Feb 09 15:14:29 testnode2 kernel: print_report+0x170/0x4f3 Feb 09 15:14:29 testnode2 kernel: ? __virt_addr_valid+0x22e/0x4e0 Feb 09 15:14:29 testnode2 kernel: ? sched_mm_cid_exit+0x298/0x500 Feb 09 15:14:29 testnode2 kernel: kasan_report+0xad/0x150 Feb 09 15:14:29 testnode2 kernel: ? sched_mm_cid_exit+0x298/0x500 Feb 09 15:14:29 testnode2 kernel: kasan_check_range+0x115/0x1f0 Feb 09 15:14:29 testnode2 kernel: sched_mm_cid_exit+0x298/0x500 Feb 09 15:14:29 testnode2 kernel: do_exit+0x25e/0x24c0 Feb 09 15:14:29 testnode2 kernel: ? __pfx_do_exit+0x10/0x10 Feb 09 15:14:29 testnode2 kernel: ? rcu_is_watching+0x11/0xb0 Feb 09 15:14:29 testnode2 kernel: __x64_sys_exit+0x3e/0x50 Feb 09 15:14:29 testnode2 kernel: x64_sys_call+0x14fe/0x1500 Feb 09 15:14:29 testnode2 kernel: do_syscall_64+0x95/0x540 Feb 09 15:14:29 testnode2 kernel: ? sched_tick+0x330/0x960 Feb 09 15:14:29 testnode2 kernel: ? rcu_is_watching+0x11/0xb0 Feb 09 15:14:29 testnode2 kernel: ? trace_hardirqs_on_prepare+0xfd/0x130 Feb 09 15:14:29 testnode2 kernel: ? do_syscall_64+0x1d7/0x540 Feb 09 15:14:29 testnode2 kernel: ? do_futex+0x1bf/0x210 Feb 09 15:14:29 testnode2 kernel: ? __pfx_do_futex+0x10/0x10 Feb 09 15:14:29 testnode2 kernel: ? rcu_is_watching+0x11/0xb0 Feb 09 15:14:29 testnode2 kernel: ? profile_tick+0x18/0x90 Feb 09 15:14:29 testnode2 kernel: ? __x64_sys_futex+0x22f/0x4a0 Feb 09 15:14:29 testnode2 kernel: ? __pfx_do_raw_spin_lock+0x10/0x10 Feb 09 15:14:29 testnode2 kernel: ? lock_release+0x242/0x2f0 Feb 09 15:14:29 testnode2 kernel: ? __pfx___x64_sys_futex+0x10/0x10 Feb 09 15:14:29 testnode2 kernel: ? timerqueue_add+0x207/0x3c0 Feb 09 15:14:29 testnode2 kernel: ? enqueue_hrtimer+0x1f0/0x290 Feb 09 15:14:29 testnode2 kernel: ? sched_clock_cpu+0x65/0x5c0 Feb 09 15:14:29 testnode2 kernel: ? rcu_is_watching+0x11/0xb0 Feb 09 15:14:29 testnode2 kernel: ? trace_hardirqs_on_prepare+0xfd/0x130 Feb 09 15:14:29 testnode2 kernel: ? do_syscall_64+0x1d7/0x540 Feb 09 15:14:29 testnode2 kernel: ? lock_release+0x242/0x2f0 Feb 09 15:14:29 testnode2 kernel: ? rcu_is_watching+0x11/0xb0 Feb 09 15:14:29 testnode2 kernel: ? trace_hardirqs_on+0x14/0x140 Feb 09 15:14:29 testnode2 kernel: ? kvm_sched_clock_read+0xd/0x20 Feb 09 15:14:29 testnode2 kernel: ? sched_clock+0xc/0x30 Feb 09 15:14:29 testnode2 kernel: ? sched_clock_cpu+0x65/0x5c0 Feb 09 15:14:29 testnode2 kernel: ? irqtime_account_irq+0xe4/0x330 Feb 09 15:14:29 testnode2 kernel: ? kvm_sched_clock_read+0xd/0x20 Feb 09 15:14:29 testnode2 kernel: ? sched_clock+0xc/0x30 Feb 09 15:14:29 testnode2 kernel: ? sched_clock_cpu+0x65/0x5c0 Feb 09 15:14:29 testnode2 kernel: ? __pfx_sched_clock_cpu+0x10/0x10 Feb 09 15:14:29 testnode2 kernel: ? flush_tlb_func+0xb5/0x760 Feb 09 15:14:29 testnode2 kernel: ? irqtime_account_irq+0x1a2/0x330 Feb 09 15:14:29 testnode2 kernel: ? rcu_is_watching+0x11/0xb0 Feb 09 15:14:29 testnode2 kernel: ? trace_hardirqs_on_prepare+0xfd/0x130 Feb 09 15:14:29 testnode2 kernel: ? irqentry_exit+0xe2/0x6a0 Feb 09 15:14:29 testnode2 kernel: entry_SYSCALL_64_after_hwframe+0x76/0x7e Feb 09 15:14:29 testnode2 kernel: RIP: 0033:0x7fca4fbf5f89 Feb 09 15:14:29 testnode2 kernel: Code: ff 31 c9 48 89 88 20 06 00 00 31 c0= 87 07 83 e8 01 7f 19 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 31 ff b8 3c= 00 00 00 0f 05 f5 89 95 74 ff ff ff e8 9a d0 ff ff 83 bd 74 ff ff ff = 01 0f 85 Feb 09 15:14:29 testnode2 kernel: RSP: 002b:00007fca497fad30 EFLAGS: 000002= 46 ORIG_RAX: 000000000000003c Feb 09 15:14:29 testnode2 kernel: RAX: ffffffffffffffda RBX: 00007fca497fb6= c0 RCX: 00007fca4fbf5f89 Feb 09 15:14:29 testnode2 kernel: RDX: 0000000000000000 RSI: 00000000008000= 00 RDI: 0000000000000000 Feb 09 15:14:29 testnode2 kernel: RBP: 00007fca497fadf0 R08: 0000557abe711c= b0 R09: 0000557abe711cc8 Feb 09 15:14:29 testnode2 kernel: R10: 0000000000000008 R11: 00000000000002= 46 R12: 00007fca497fb6c0 Feb 09 15:14:29 testnode2 kernel: R13: 00007ffc5119c9c0 R14: 00007fca497fbc= dc R15: 00007ffc5119cac7 Feb 09 15:14:29 testnode2 kernel: Feb 09 15:14:29 testnode2 kernel:=20 Feb 09 15:14:29 testnode2 kernel: Allocated by task 136663: Feb 09 15:14:29 testnode2 kernel: kasan_save_stack+0x2c/0x50 Feb 09 15:14:29 testnode2 kernel: kasan_save_track+0x10/0x30 Feb 09 15:14:29 testnode2 kernel: __kasan_slab_alloc+0x7a/0x90 Feb 09 15:14:29 testnode2 kernel: kmem_cache_alloc_noprof+0x238/0x7a0 Feb 09 15:14:29 testnode2 kernel: mempool_alloc_noprof+0x150/0x250 Feb 09 15:14:29 testnode2 kernel: bio_alloc_bioset+0x1d7/0x720 Feb 09 15:14:29 testnode2 kernel: blkdev_direct_IO+0x3a7/0x1f40 Feb 09 15:14:29 testnode2 kernel: blkdev_write_iter+0x52b/0xba0 Feb 09 15:14:29 testnode2 kernel: aio_write+0x33a/0x7c0 Feb 09 15:14:29 testnode2 kernel: io_submit_one+0xd97/0x1a00 Feb 09 15:14:29 testnode2 kernel: __x64_sys_io_submit+0x15d/0x2b0 Feb 09 15:14:29 testnode2 kernel: do_syscall_64+0x95/0x540 Feb 09 15:14:29 testnode2 kernel: entry_SYSCALL_64_after_hwframe+0x76/0x7e Feb 09 15:14:29 testnode2 kernel:=20 Feb 09 15:14:29 testnode2 kernel: Freed by task 37: Feb 09 15:14:29 testnode2 kernel: kasan_save_stack+0x2c/0x50 Feb 09 15:14:29 testnode2 kernel: kasan_save_track+0x10/0x30 Feb 09 15:14:29 testnode2 kernel: kasan_save_free_info+0x37/0x70 Feb 09 15:14:29 testnode2 kernel: __kasan_slab_free+0x67/0x80 Feb 09 15:14:29 testnode2 kernel: slab_free_after_rcu_debug+0xf5/0x200 Feb 09 15:14:29 testnode2 kernel: rcu_do_batch+0x37a/0xd90 Feb 09 15:14:29 testnode2 kernel: rcu_core+0x6f1/0xad0 Feb 09 15:14:29 testnode2 kernel: handle_softirqs+0x1ee/0x790 Feb 09 15:14:29 testnode2 kernel: run_ksoftirqd+0x3b/0x60 Feb 09 15:14:29 testnode2 kernel: smpboot_thread_fn+0x2fd/0x9a0 Feb 09 15:14:29 testnode2 kernel: kthread+0x3af/0x770 Feb 09 15:14:29 testnode2 kernel: ret_from_fork+0x55c/0x810 Feb 09 15:14:29 testnode2 kernel: ret_from_fork_asm+0x1a/0x30 Feb 09 15:14:29 testnode2 kernel:=20 Feb 09 15:14:29 testnode2 kernel: Last potentially related work creation: Feb 09 15:14:29 testnode2 kernel: kasan_save_stack+0x2c/0x50 Feb 09 15:14:29 testnode2 kernel: kasan_record_aux_stack+0xac/0xc0 Feb 09 15:14:29 testnode2 kernel: kmem_cache_free+0x4af/0x6d0 Feb 09 15:14:29 testnode2 kernel: mempool_free+0xbe/0x110 Feb 09 15:14:29 testnode2 kernel: blk_update_request+0x443/0x1190 Feb 09 15:14:29 testnode2 kernel: scsi_end_request+0x70/0x7b0 Feb 09 15:14:29 testnode2 kernel: scsi_io_completion+0xea/0x1440 Feb 09 15:14:29 testnode2 kernel: blk_complete_reqs+0xa8/0x120 Feb 09 15:14:29 testnode2 kernel: handle_softirqs+0x1ee/0x790 Feb 09 15:14:29 testnode2 kernel: run_ksoftirqd+0x3b/0x60 Feb 09 15:14:29 testnode2 kernel: smpboot_thread_fn+0x2fd/0x9a0 Feb 09 15:14:29 testnode2 kernel: kthread+0x3af/0x770 Feb 09 15:14:29 testnode2 kernel: ret_from_fork+0x55c/0x810 Feb 09 15:14:29 testnode2 kernel: ret_from_fork_asm+0x1a/0x30 Feb 09 15:14:29 testnode2 kernel:=20 Feb 09 15:14:29 testnode2 kernel: The buggy address belongs to the object a= t ffff8881580daf00 which belongs to the cache bio-264 of si= ze 264 Feb 09 15:14:29 testnode2 kernel: The buggy address is located 72 bytes to = the right of allocated 264-byte region [ffff8881580da= f00, ffff8881580db008) Feb 09 15:14:29 testnode2 kernel:=20 Feb 09 15:14:29 testnode2 kernel: The buggy address belongs to the physical= page: Feb 09 15:14:29 testnode2 kernel: page: refcount:0 mapcount:0 mapping:00000= 00000000000 index:0x0 pfn:0x1580da Feb 09 15:14:29 testnode2 kernel: head: order:1 mapcount:0 entire_mapcount:= 0 nr_pages_mapped:0 pincount:0 Feb 09 15:14:29 testnode2 kernel: flags: 0x17ffffc0000040(head|node=3D0|zon= e=3D2|lastcpupid=3D0x1fffff) Feb 09 15:14:29 testnode2 kernel: page_type: f5(slab) Feb 09 15:14:29 testnode2 kernel: raw: 0017ffffc0000040 ffff88810536c500 de= ad000000000122 0000000000000000 Feb 09 15:14:29 testnode2 kernel: raw: 0000000000000000 0000000000150015 00= 000000f5000000 0000000000000000 Feb 09 15:14:29 testnode2 kernel: head: 0017ffffc0000040 ffff88810536c500 d= ead000000000122 0000000000000000 Feb 09 15:14:29 testnode2 kernel: head: 0000000000000000 0000000000150015 0= 0000000f5000000 0000000000000000 Feb 09 15:14:29 testnode2 kernel: head: 0017ffffc0000001 ffffea0005603681 0= 0000000ffffffff 00000000ffffffff Feb 09 15:14:29 testnode2 kernel: head: ffffffffffffffff 0000000000000000 0= 0000000ffffffff 0000000000000002 Feb 09 15:14:29 testnode2 kernel: page dumped because: kasan: bad access de= tected Feb 09 15:14:29 testnode2 kernel:=20 Feb 09 15:14:29 testnode2 kernel: Memory state around the buggy address: Feb 09 15:14:29 testnode2 kernel: ffff8881580daf00: fa fb fb fb fb fb fb f= b fb fb fb fb fb fb fb fb Feb 09 15:14:29 testnode2 kernel: ffff8881580daf80: fb fb fb fb fb fb fb f= b fb fb fb fb fb fb fb fb Feb 09 15:14:29 testnode2 kernel: >ffff8881580db000: fb fc fc fc fc fc fc f= c fc fc fc fc fc fc fc fc Feb 09 15:14:29 testnode2 kernel: = ^ Feb 09 15:14:29 testnode2 kernel: ffff8881580db080: fa fb fb fb fb fb fb f= b fb fb fb fb fb fb fb fb Feb 09 15:14:29 testnode2 kernel: ffff8881580db100: fb fb fb fb fb fb fb f= b fb fb fb fb fb fb fb fb Feb 09 15:14:29 testnode2 kernel: =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D Feb 09 15:14:34 testnode2 kernel: device-mapper: zone: dm-0 using emulated = zone append Feb 09 15:16:09 testnode2 kernel: null_blk: disk nullb0 created Feb 09 15:16:09 testnode2 kernel: null_blk: module loaded=