lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20220605151216.GB27576@xsang-OptiPlex-9020>
Date:   Sun, 5 Jun 2022 23:12:16 +0800
From:   kernel test robot <oliver.sang@...el.com>
To:     "Liam R. Howlett" <Liam.Howlett@...cle.com>
Cc:     Andrew Morton <akpm@...ux-foundation.org>,
        Matthew Wilcox <willy@...radead.org>,
        Catalin Marinas <catalin.marinas@....com>,
        David Howells <dhowells@...hat.com>,
        SeongJae Park <sj@...nel.org>,
        Vlastimil Babka <vbabka@...e.cz>,
        Will Deacon <will@...nel.org>,
        Davidlohr Bueso <dave@...olabs.net>,
        LKML <linux-kernel@...r.kernel.org>,
        Linux Memory Management List <linux-mm@...ck.org>,
        tboot-devel@...ts.sourceforge.net, linux-efi@...r.kernel.org,
        lkp@...ts.01.org, lkp@...el.com
Subject: [mm]  5a32db2a9f: WARNING:at_mm/slub.c:#kmem_cache_free_bulk



Greeting,

FYI, we noticed the following commit (built with gcc-11):

commit: 5a32db2a9fbeba1aebc8a7a18cae9e38873b7994 ("mm: start tracking VMAs with maple tree")
https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git master

in testcase: igt
version: igt-x86_64-7c3ceb08-1_20220518
with following parameters:

	group: group-13
	ucode: 0xc2



on test machine: 20 threads 1 sockets Commet Lake with 16G memory

caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):



If you fix the issue, kindly add following tag
Reported-by: kernel test robot <oliver.sang@...el.com>


kern :warn : [  145.520879] WARNING: CPU: 3 PID: 2749 at mm/slub.c:3643 kmem_cache_free_bulk (mm/slub.c:3643 (discriminator 1)) 
kern  :warn  : [  145.535092] Modules linked in: netconsole intel_rapl_msr intel_rapl_common btrfs blake2b_generic xor raid6_pq x86_pkg_temp_thermal intel_powerclamp zstd_compress coretemp libcrc32c sd_mod t10_pi ipmi_devintf kvm_intel ipmi_msghandler i915 crc64_rocksoft_generic kvm crc64_rocksoft crc64 intel_gtt sg drm_buddy drm_display_helper irqbypass ttm crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel drm_kms_helper sdhci_pci ahci cqhci rapl ppdev intel_wmi_thunderbolt wmi_bmof intel_cstate libahci sdhci syscopyarea parport_pc sysfillrect i2c_designware_platform mei_me intel_uncore sysimgblt serio_raw libata joydev mmc_core mei i2c_designware_core idma64 intel_pch_thermal fb_sys_fops wmi parport video acpi_tad intel_pmc_core acpi_pad drm fuse ip_tables
kern  :warn  : [  145.602685] CPU: 3 PID: 2749 Comm: gem_userptr_bli Not tainted 5.18.0-11966-g5a32db2a9fbe #1
kern :warn : [  145.611909] RIP: 0010:kmem_cache_free_bulk (mm/slub.c:3643 (discriminator 1)) 
kern :warn : [ 145.617773] Code: 84 48 8b 55 08 f0 48 83 2a 01 0f 85 22 ff ff ff 48 8b 55 08 48 89 ef 48 8b 52 08 ff d2 0f 1f 00 b8 00 00 00 80 e9 08 ff ff ff <0f> 0b 48 83 c4 30 5b 5d 41 5c 41 5d 41 5e 41 5f c3 48 8b 0d 1e 6b
All code
========
   0:	84 48 8b             	test   %cl,-0x75(%rax)
   3:	55                   	push   %rbp
   4:	08 f0                	or     %dh,%al
   6:	48 83 2a 01          	subq   $0x1,(%rdx)
   a:	0f 85 22 ff ff ff    	jne    0xffffffffffffff32
  10:	48 8b 55 08          	mov    0x8(%rbp),%rdx
  14:	48 89 ef             	mov    %rbp,%rdi
  17:	48 8b 52 08          	mov    0x8(%rdx),%rdx
  1b:	ff d2                	callq  *%rdx
  1d:	0f 1f 00             	nopl   (%rax)
  20:	b8 00 00 00 80       	mov    $0x80000000,%eax
  25:	e9 08 ff ff ff       	jmpq   0xffffffffffffff32
  2a:*	0f 0b                	ud2    		<-- trapping instruction
  2c:	48 83 c4 30          	add    $0x30,%rsp
  30:	5b                   	pop    %rbx
  31:	5d                   	pop    %rbp
  32:	41 5c                	pop    %r12
  34:	41 5d                	pop    %r13
  36:	41 5e                	pop    %r14
  38:	41 5f                	pop    %r15
  3a:	c3                   	retq   
  3b:	48                   	rex.W
  3c:	8b                   	.byte 0x8b
  3d:	0d                   	.byte 0xd
  3e:	1e                   	(bad)  
  3f:	6b                   	.byte 0x6b

Code starting with the faulting instruction
===========================================
   0:	0f 0b                	ud2    
   2:	48 83 c4 30          	add    $0x30,%rsp
   6:	5b                   	pop    %rbx
   7:	5d                   	pop    %rbp
   8:	41 5c                	pop    %r12
   a:	41 5d                	pop    %r13
   c:	41 5e                	pop    %r14
   e:	41 5f                	pop    %r15
  10:	c3                   	retq   
  11:	48                   	rex.W
  12:	8b                   	.byte 0x8b
  13:	0d                   	.byte 0xd
  14:	1e                   	(bad)  
  15:	6b                   	.byte 0x6b
kern  :warn  : [  145.637336] RSP: 0018:ffffc90007d7f160 EFLAGS: 00010246
kern  :warn  : [  145.643314] RAX: 0000000000000000 RBX: 0000000000000000 RCX: fffffbfff07c4fe0
kern  :warn  : [  145.651213] RDX: ffff88844ac93450 RSI: 0000000000000000 RDI: ffff88810004e8c0
kern  :warn  : [  145.659121] RBP: ffff88844ac93450 R08: ffff88844ac93450 R09: 0000000000000003
kern  :warn  : [  145.667051] R10: ffff88844ac93420 R11: ffffffff83e27f03 R12: dffffc0000000000
kern  :warn  : [  145.674941] R13: ffff88844ac93400 R14: 0000000000000000 R15: 0000000000000003
kern  :warn  : [  145.682807] FS:  00007f1f51b36bc0(0000) GS:ffff8883a1f80000(0000) knlGS:0000000000000000
kern  :warn  : [  145.691658] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
kern  :warn  : [  145.698162] CR2: 00007f1f540bcfe0 CR3: 0000000458db6005 CR4: 00000000003706e0
kern  :warn  : [  145.706056] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
kern  :warn  : [  145.713952] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
kern  :warn  : [  145.721853] Call Trace:
kern  :warn  : [  145.725062]  <TASK>
kern :warn : [  145.727921] ? _raw_write_lock_irq (kernel/locking/spinlock.c:153) 
kern :warn : [  145.733133] ? mt_destroy_walk (lib/maple_tree.c:5454) 
kern :warn : [  145.737988] ? kmem_cache_free (mm/slub.c:1753 mm/slub.c:3507 mm/slub.c:3524) 
kern :warn : [  145.742774] mt_destroy_walk (lib/maple_tree.c:158 lib/maple_tree.c:5427) 
kern :warn : [  145.747453] ? mas_mab_cp (lib/maple_tree.c:1921) 
kern :warn : [  145.751912] ? mas_prev_entry (lib/maple_tree.c:5404) 
kern :warn : [  145.756833] ? memcpy (mm/kasan/shadow.c:65 (discriminator 1)) 
kern :warn : [  145.760738] mas_wmb_replace (lib/maple_tree.c:5472 lib/maple_tree.c:986 lib/maple_tree.c:2668) 
kern :warn : [  145.765389] mas_spanning_rebalance+0x3828/0x8300 
kern :warn : [  145.771461] ? unwind_next_frame (arch/x86/kernel/unwind_orc.c:355 arch/x86/kernel/unwind_orc.c:600) 
kern :warn : [  145.776664] ? arch_stack_walk (arch/x86/kernel/stacktrace.c:24) 
kern :warn : [  145.781433] ? mas_destroy_rebalance (lib/maple_tree.c:2876) 
kern :warn : [  145.786978] ? unwind_next_frame (arch/x86/kernel/unwind_orc.c:596) 
kern :warn : [  145.792107] ? is_bpf_text_address (arch/x86/include/asm/preempt.h:85 include/linux/rcupdate.h:73 include/linux/rcupdate.h:727 kernel/bpf/core.c:716) 
kern :warn : [  145.797141] ? kernel_text_address (kernel/extable.c:97 kernel/extable.c:94) 
kern :warn : [  145.802260] ? __kernel_text_address (kernel/extable.c:79) 
kern :warn : [  145.807380] ? unwind_get_return_address (arch/x86/kernel/unwind_orc.c:318 arch/x86/kernel/unwind_orc.c:313) 
kern :warn : [  145.812932] ? create_prof_cpu_mask (kernel/stacktrace.c:83) 
kern :warn : [  145.818049] ? mas_update_gap+0x202/0x680 
kern :warn : [  145.823427] ? memcpy (mm/kasan/shadow.c:65 (discriminator 1)) 
kern :warn : [  145.827331] ? memcpy (mm/kasan/shadow.c:65 (discriminator 1)) 
kern :warn : [  145.831234] ? mas_store_b_node (lib/maple_tree.c:2107) 
kern :warn : [  145.836269] mas_wr_spanning_store+0x50e/0xe80 
kern :warn : [  145.842081] ? orc_find+0x1ed/0x300 
kern :warn : [  145.846951] ? mas_commit_b_node+0xcc0/0xcc0 
kern :warn : [  145.852589] ? unwind_next_frame (arch/x86/kernel/unwind_orc.c:596) 
kern :warn : [  145.857674] ? drm_ioctl (drivers/gpu/drm/drm_ioctl.c:885) drm
kern :warn : [  145.862580] ? drm_ioctl (drivers/gpu/drm/drm_ioctl.c:885) drm
kern :warn : [  145.867476] ? arch_stack_walk (arch/x86/kernel/stacktrace.c:24) 
kern :warn : [  145.872243] ? is_bpf_text_address (arch/x86/include/asm/preempt.h:85 include/linux/rcupdate.h:73 include/linux/rcupdate.h:727 kernel/bpf/core.c:716) 
kern :warn : [  145.877240] ? kernel_text_address (kernel/extable.c:97 kernel/extable.c:94) 
kern :warn : [  145.882356] ? __radix_tree_delete (arch/x86/include/asm/bitops.h:68 include/asm-generic/bitops/instrumented-non-atomic.h:28 lib/radix-tree.c:101 lib/radix-tree.c:943 lib/radix-tree.c:1372) 
kern :warn : [  145.887556] ? mas_wr_store_entry+0x36e/0x1540 
kern :warn : [  145.893365] ? kasan_unpoison (mm/kasan/shadow.c:108 mm/kasan/shadow.c:142) 
kern :warn : [  145.897953] mas_store_prealloc (lib/maple_tree.c:248 lib/maple_tree.c:5570) 
kern :warn : [  145.902806] ? mas_destroy (lib/maple_tree.c:5564) 
kern :warn : [  145.907281] __do_munmap (mm/mmap.c:2913 mm/mmap.c:3105) 
kern :warn : [  145.911701] ? drm_ioctl (drivers/gpu/drm/drm_ioctl.c:886) drm
kern :warn : [  145.916567] ? split_vma (mm/mmap.c:3027) 
kern :warn : [  145.920982] ? security_mmap_file (security/security.c:1592) 
kern :warn : [  145.925983] __vm_munmap (mm/mmap.c:3140) 
kern :warn : [  145.930234] ? __do_munmap (mm/mmap.c:3132) 
kern :warn : [  145.934887] __x64_sys_munmap (mm/mmap.c:3162) 
kern :warn : [  145.939478] do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80) 
kern :warn : [  145.943781] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:115) 
kern  :warn  : [  145.949567] RIP: 0033:0x7f1f53d9fbf7
kern :warn : [ 145.953873] Code: 38 eb 85 48 8b 15 99 52 0c 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb 85 66 2e 0f 1f 84 00 00 00 00 00 90 b8 0b 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 69 52 0c 00 f7 d8 64 89 01 48
All code
========
   0:	38 eb                	cmp    %ch,%bl
   2:	85 48 8b             	test   %ecx,-0x75(%rax)
   5:	15 99 52 0c 00       	adc    $0xc5299,%eax
   a:	f7 d8                	neg    %eax
   c:	64 89 02             	mov    %eax,%fs:(%rdx)
   f:	48 c7 c0 ff ff ff ff 	mov    $0xffffffffffffffff,%rax
  16:	eb 85                	jmp    0xffffffffffffff9d
  18:	66 2e 0f 1f 84 00 00 	nopw   %cs:0x0(%rax,%rax,1)
  1f:	00 00 00 
  22:	90                   	nop
  23:	b8 0b 00 00 00       	mov    $0xb,%eax
  28:	0f 05                	syscall 
  2a:*	48 3d 01 f0 ff ff    	cmp    $0xfffffffffffff001,%rax		<-- trapping instruction
  30:	73 01                	jae    0x33
  32:	c3                   	retq   
  33:	48 8b 0d 69 52 0c 00 	mov    0xc5269(%rip),%rcx        # 0xc52a3
  3a:	f7 d8                	neg    %eax
  3c:	64 89 01             	mov    %eax,%fs:(%rcx)
  3f:	48                   	rex.W

Code starting with the faulting instruction
===========================================
   0:	48 3d 01 f0 ff ff    	cmp    $0xfffffffffffff001,%rax
   6:	73 01                	jae    0x9
   8:	c3                   	retq   
   9:	48 8b 0d 69 52 0c 00 	mov    0xc5269(%rip),%rcx        # 0xc5279
  10:	f7 d8                	neg    %eax
  12:	64 89 01             	mov    %eax,%fs:(%rcx)
  15:	48                   	rex.W


To reproduce:

        git clone https://github.com/intel/lkp-tests.git
        cd lkp-tests
        sudo bin/lkp install job.yaml           # job file is attached in this email
        bin/lkp split-job --compatible job.yaml # generate the yaml file for lkp run
        sudo bin/lkp run generated-yaml-file

        # if come across any failure that blocks the test,
        # please remove ~/.lkp and /lkp dir to run from a clean state.



-- 
0-DAY CI Kernel Test Service
https://01.org/lkp



View attachment "config-5.18.0-11966-g5a32db2a9fbe" of type "text/plain" (167269 bytes)

View attachment "job-script" of type "text/plain" (5276 bytes)

Download attachment "kmsg.xz" of type "application/x-xz" (57972 bytes)

View attachment "igt" of type "text/plain" (224278 bytes)

View attachment "job.yaml" of type "text/plain" (4329 bytes)

View attachment "reproduce" of type "text/plain" (13920 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ