Hay
Sign in
Date
June 26, 2025, 9:10 a.m.

Environment
juno-r2 

[ 1516.430544] ==================================================================
[ 1516.430553] BUG: KASAN: global-out-of-bounds in cpu_set_hyp_vector+0x190/0x1b0
[ 1516.430579] Read of size 8 at addr ffff800087a64bc0 by task cpuhp/1/21
[ 1516.430590] 
[ 1516.430600] CPU: 1 UID: 0 PID: 21 Comm: cpuhp/1 Tainted: G        W        N  6.16.0-rc3-next-20250626 #1 PREEMPT 
[ 1516.430620] Tainted: [W]=WARN, [N]=TEST
[ 1516.430626] Hardware name: ARM Juno development board (r2) (DT)
[ 1516.430633] Call trace:
[ 1516.430639]  show_stack+0x20/0x38 (C)
[ 1516.430655]  dump_stack_lvl+0x8c/0xd0
[ 1516.430672]  print_report+0x310/0x608
[ 1516.430690]  kasan_report+0xdc/0x128
[ 1516.430705]  __asan_report_load8_noabort+0x20/0x30
[ 1516.430718]  cpu_set_hyp_vector+0x190/0x1b0
[ 1516.430733]  cpu_hyp_init+0x80/0x108
[ 1516.430746]  kvm_arch_enable_virtualization_cpu+0x28/0x98
[ 1516.430763]  kvm_enable_virtualization_cpu+0x74/0x118
[ 1516.430779]  kvm_online_cpu+0x18/0x30
[ 1516.430792]  cpuhp_invoke_callback+0x5b8/0x1620
[ 1516.430810]  cpuhp_thread_fun+0x230/0x5d8
[ 1516.430827]  smpboot_thread_fn+0x2e8/0x760
[ 1516.430843]  kthread+0x328/0x630
[ 1516.430855]  ret_from_fork+0x10/0x20
[ 1516.430870] 
[ 1516.430874] The buggy address belongs to the variable:
[ 1516.430878]  hyp_spectre_vector_selector+0x20/0x40
[ 1516.430894] 
[ 1516.430900] The buggy address belongs to the virtual mapping at
[ 1516.430900]  [ffff800085c60000, ffff800087b81000) created by:
[ 1516.430900]  paging_init+0x66c/0x7d0
[ 1516.430918] 
[ 1516.430923] The buggy address belongs to the physical page:
[ 1516.430930] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x87c64
[ 1516.430943] flags: 0x3fffe0000002000(reserved|node=0|zone=0|lastcpupid=0x1ffff)
[ 1516.430963] raw: 03fffe0000002000 fffffdffc01f1908 fffffdffc01f1908 0000000000000000
[ 1516.430973] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[ 1516.430980] page dumped because: kasan: bad access detected
[ 1516.430985] 
[ 1516.430989] Memory state around the buggy address:
[ 1516.430995]  ffff800087a64a80: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9
[ 1516.431004]  ffff800087a64b00: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 04 f9 f9 f9
[ 1516.431012] >ffff800087a64b80: f9 f9 f9 f9 00 00 00 00 f9 f9 f9 f9 01 f9 f9 f9
[ 1516.431018]                                            ^
[ 1516.431025]  ffff800087a64c00: f9 f9 f9 f9 01 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
[ 1516.431033]  ffff800087a64c80: 00 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9
[ 1516.431039] ==================================================================
Metadata Full log Test run details