Hello, kernel test robot noticed "BUG:KASAN:global-out-of-bounds_in_hex_string" on: commit: 40fc60e36c60ba85b2974e507b67df40c94e9578 ("trace_seq: Increase the buffer size to almost two pages") https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git master [test failed on linus/master 6c6e47d69d821047097909288b6d7f1aafb3b9b1] [test failed on linux-next/master 8568bb2ccc278f344e6ac44af6ed010a90aa88dc] in testcase: rcuscale version: with following parameters: runtime: 300s scale_type: tasks compiler: clang-17 test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G (please refer to attached dmesg/kmsg for entire log/backtrace) we also noticed this issue does not always happen. we observed it 17 times out of 30 runs as below, but did not observe it on parent. 8ec90be7f15fac42 40fc60e36c60ba85b2974e507b6 ---------------- --------------------------- fail:runs %reproduction fail:runs | | | :30 57% 17:30 dmesg.BUG:KASAN:global-out-of-bounds_in_hex_string If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <oliver.s...@intel.com> | Closes: https://lore.kernel.org/oe-lkp/202404101431.bb9742bf-...@intel.com [ 413.751080][ T494] BUG: KASAN: global-out-of-bounds in hex_string (lib/vsprintf.c:?) [ 413.752115][ T494] Read of size 1 at addr ffffffff960c19c4 by task rcu_scale_write/494 [ 413.753237][ T494] [ 413.753659][ T494] CPU: 0 PID: 494 Comm: rcu_scale_write Tainted: G T 6.7.0-rc2-00035-g40fc60e36c60 #1 a4d5f5b4375fec29a5dddc8a474a6031f87af2c2 [ 413.755544][ T494] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 [ 413.756859][ T494] Call Trace: [ 413.757375][ T494] <TASK> [ 413.757850][ T494] dump_stack_lvl (lib/dump_stack.c:?) [ 413.758486][ T494] print_report (mm/kasan/report.c:365) [ 413.759147][ T494] ? hex_string (lib/vsprintf.c:?) [ 413.759803][ T494] kasan_report (mm/kasan/report.c:590) [ 413.760455][ T494] ? hex_string (lib/vsprintf.c:?) [ 413.761099][ T494] hex_string (lib/vsprintf.c:?) [ 413.761719][ T494] pointer (lib/vsprintf.c:?) [ 413.762328][ T494] vsnprintf (lib/vsprintf.c:2823) [ 413.762978][ T494] seq_buf_vprintf (lib/seq_buf.c:64) [ 413.763647][ T494] trace_seq_vprintf (include/linux/seq_buf.h:53 kernel/trace/trace_seq.c:151) [ 413.764351][ T494] trace_event_printf (kernel/trace/trace_output.c:325) [ 413.765043][ T494] trace_raw_output_i2c_write (include/trace/events/i2c.h:25) i2c_core [ 413.766410][ T494] ? i2c_put_dma_safe_msg_buf (include/trace/events/i2c.h:25) i2c_core [ 413.767794][ T494] ftrace_dump (kernel/trace/trace.c:10262) [ 413.768472][ T494] rcu_scale_writer (kernel/rcu/rcuscale.c:535) rcuscale [ 413.769741][ T494] ? rcu_scale_writer (kernel/rcu/rcuscale.c:526) rcuscale [ 413.771241][ T494] kthread (kernel/kthread.c:390) [ 413.771847][ T494] ? rcu_scale_reader (kernel/rcu/rcuscale.c:453) rcuscale [ 413.773073][ T494] ? kthread_unuse_mm (kernel/kthread.c:341) [ 413.773791][ T494] ret_from_fork (arch/x86/kernel/process.c:153) [ 413.774441][ T494] ? kthread_unuse_mm (kernel/kthread.c:341) [ 413.775186][ T494] ret_from_fork_asm (arch/x86/entry/entry_64.S:250) [ 413.775893][ T494] </TASK> [ 413.776406][ T494] [ 413.776859][ T494] The buggy address belongs to the variable: [ 413.777635][ T494] btf_allowlist_d_path+0x4/0x20 [ 413.778325][ T494] [ 413.778740][ T494] The buggy address belongs to the physical page: [ 413.779592][ T494] page:ffffea00074c3040 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1d30c1 [ 413.780914][ T494] flags: 0x8000000000004000(reserved|zone=2) [ 413.781710][ T494] page_type: 0xffffffff() [ 413.782341][ T494] raw: 8000000000004000 ffffea00074c3048 ffffea00074c3048 0000000000000000 [ 413.783501][ T494] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 413.784669][ T494] page dumped because: kasan: bad access detected [ 413.785556][ T494] page_owner info is not present (never set?) [ 413.786370][ T494] [ 413.786789][ T494] Memory state around the buggy address: [ 413.787550][ T494] ffffffff960c1880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 413.788643][ T494] ffffffff960c1900: 00 00 00 00 f9 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 [ 413.789739][ T494] >ffffffff960c1980: 04 f9 f9 f9 04 f9 f9 f9 04 f9 f9 f9 00 00 00 f9 [ 413.790848][ T494] ^ [ 413.791705][ T494] ffffffff960c1a00: f9 f9 f9 f9 00 f9 f9 f9 00 f9 f9 f9 04 f9 f9 f9 [ 413.792789][ T494] ffffffff960c1a80: 01 f9 f9 f9 01 f9 f9 f9 00 00 f9 f9 00 00 f9 f9 [ 413.797442][ T494] ================================================================== [ 413.798544][ T494] Disabling lock debugging due to kernel taint [ 413.799401][ T494] swapper-1 0dNZ.. 118977266us : i2c_write: i2c--1868734768 #65535 a=ffff f=7b28 l=4231 [00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00] [ 413.802715][ T494] swapper-1 0.N.1. 118977275us : i2c_read: i2c--1868734768 #65535 a=ffff f=36fb l=38182 [ 413.804088][ T494] --------------------------------- [ 413.804885][ T494] tasks-scale: Test complete The kernel config and materials to reproduce are available at: https://download.01.org/0day-ci/archive/20240410/202404101431.bb9742bf-...@intel.com -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki