lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <202402192250.f71dd353-lkp@intel.com>
Date: Mon, 19 Feb 2024 22:26:37 +0800
From: kernel test robot <oliver.sang@...el.com>
To: Hugh Dickins <hughd@...gle.com>
CC: <oe-lkp@...ts.linux.dev>, <lkp@...el.com>, <linux-kernel@...r.kernel.org>,
	Christian Brauner <brauner@...nel.org>, Dan Carpenter
	<dan.carpenter@...aro.org>, Jan Kara <jack@...e.cz>, <linux-mm@...ck.org>,
	<oliver.sang@...el.com>
Subject: [linus:master] [shmem]  3c1b7528d8: kernel_BUG_at_mm/page_alloc.c



Hello,

kernel test robot noticed "kernel_BUG_at_mm/page_alloc.c" on:

commit: 3c1b7528d8969a8e89c77cd5eb867503152547b1 ("shmem: move spinlock into shmem_recalc_inode() to fix quota support")
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git master

[test failed on linus/master 6d280f4d760e3bcb4a8df302afebf085b65ec982]
[test failed on linux-next/master 2ae0a045e6814c8c1d676d6153c605a65746aa29]

in testcase: trinity
version: trinity-i386-abe9de86-1_20230429
with following parameters:

	runtime: 300s
	group: group-00
	nr_groups: 5



compiler: clang-17
test machine: qemu-system-i386 -enable-kvm -cpu SandyBridge -smp 2 -m 4G

(please refer to attached dmesg/kmsg for entire log/backtrace)



we noticed this issue happens randomly (54 times out of 999 runs), but keeps
clean on parent's 999 runs.

2be4f05af71bb2a9 3c1b7528d8969a8e89c77cd5eb8
---------------- ---------------------------
       fail:runs  %reproduction    fail:runs
           |             |             |
           :999          5%          54:999   dmesg.kernel_BUG_at_mm/page_alloc.c



If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@...el.com>
| Closes: https://lore.kernel.org/oe-lkp/202402192250.f71dd353-lkp@intel.com


[  114.132867][ T6116] ------------[ cut here ]------------
[  114.133655][ T6116] kernel BUG at mm/page_alloc.c:1107!
[  114.135493][ T6116] invalid opcode: 0000 [#1] SMP
[  114.136282][ T6116] CPU: 1 PID: 6116 Comm: trinity-c5 Tainted: G        W       TN 6.5.0-rc4-00013-g3c1b7528d896 #1 d8510d08c0d53acf78b29e84223457f938377390
[  114.137918][ T6116] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 114.139147][ T6116] EIP: free_unref_page_prepare (mm/page_alloc.c:1107) 
[ 114.139871][ T6116] Code: 8c fd ff 0f 0b 68 18 2e a2 c2 e8 53 dd 5e 00 b3 01 f7 47 04 01 00 00 00 0f 84 b3 fc ff ff 89 f8 ba 39 ba 59 c2 e8 e8 8b fd ff <0f> 0b 68 08 2e a2 c2 e8 2c dd 5e 00 89 fe 64 a1 08 8d cf c2 83 f8
All code
========
   0:	8c fd                	mov    %?,%ebp
   2:	ff 0f                	decl   (%rdi)
   4:	0b 68 18             	or     0x18(%rax),%ebp
   7:	2e a2 c2 e8 53 dd 5e 	cs movabs %al,0x1b3005edd53e8c2
   e:	00 b3 01 
  11:	f7 47 04 01 00 00 00 	testl  $0x1,0x4(%rdi)
  18:	0f 84 b3 fc ff ff    	je     0xfffffffffffffcd1
  1e:	89 f8                	mov    %edi,%eax
  20:	ba 39 ba 59 c2       	mov    $0xc259ba39,%edx
  25:	e8 e8 8b fd ff       	call   0xfffffffffffd8c12
  2a:*	0f 0b                	ud2		<-- trapping instruction
  2c:	68 08 2e a2 c2       	push   $0xffffffffc2a22e08
  31:	e8 2c dd 5e 00       	call   0x5edd62
  36:	89 fe                	mov    %edi,%esi
  38:	64                   	fs
  39:	a1                   	.byte 0xa1
  3a:	08 8d cf c2 83 f8    	or     %cl,-0x77c3d31(%rbp)

Code starting with the faulting instruction
===========================================
   0:	0f 0b                	ud2
   2:	68 08 2e a2 c2       	push   $0xffffffffc2a22e08
   7:	e8 2c dd 5e 00       	call   0x5edd38
   c:	89 fe                	mov    %edi,%esi
   e:	64                   	fs
   f:	a1                   	.byte 0xa1
  10:	08 8d cf c2 83 f8    	or     %cl,-0x77c3d31(%rbp)
[  114.142105][ T6116] EAX: 00000001 EBX: 00000000 ECX: 8efe0b10 EDX: c29ff294
[  114.142985][ T6116] ESI: 000974aa EDI: e0e80540 EBP: e60b5a87 ESP: e60b5a6b
[  114.143842][ T6116] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 EFLAGS: 00010282
[  114.144800][ T6116] CR0: 80050033 CR2: b7026000 CR3: 2c942000 CR4: 000406d0
[  114.145654][ T6116] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
[  114.146518][ T6116] DR6: fffe0ff0 DR7: 00000400
[  114.147143][ T6116] Call Trace:
[ 114.147648][ T6116] ? fault_in_iov_iter_readable (lib/iov_iter.c:231) 
[ 114.148387][ T6116] ? generic_perform_write (mm/filemap.c:?) 
[ 114.149072][ T6116] ? __generic_file_write_iter (mm/filemap.c:?) 
[ 114.149798][ T6116] ? generic_file_write_iter (mm/filemap.c:4044) 
[ 114.150512][ T6116] ? lock_acquire (kernel/locking/lockdep.c:5761) 
[ 114.151142][ T6116] ? do_iter_readv_writev (fs/read_write.c:736) 
[ 114.151814][ T6116] ? do_iter_write (fs/read_write.c:860) 
[ 114.152403][ T6116] ? rcu_read_lock_any_held (kernel/rcu/update.c:387) 
[ 114.153081][ T6116] ? do_pwritev (fs/read_write.c:933 fs/read_write.c:1030) 
[ 114.153702][ T6116] ? __might_fault (mm/memory.c:?) 
[ 114.154324][ T6116] ? __ia32_sys_pwritev2 (fs/read_write.c:1089 fs/read_write.c:1080 fs/read_write.c:1080) 
[ 114.155004][ T6116] ? __do_fast_syscall_32 (arch/x86/entry/common.c:112) 
[ 114.155656][ T6116] ? rcu_lock_acquire (include/linux/rcupdate.h:307) 
[ 114.156289][ T6116] ? syscall_exit_to_user_mode (kernel/entry/common.c:300) 
[ 114.157000][ T6116] ? __do_fast_syscall_32 (arch/x86/entry/common.c:165) 
[ 114.157660][ T6116] ? __do_fast_syscall_32 (arch/x86/entry/common.c:165) 
[ 114.158302][ T6116] ? __do_fast_syscall_32 (arch/x86/entry/common.c:165) 
[ 114.158947][ T6116] ? irqentry_exit_to_user_mode (kernel/entry/common.c:313) 
[ 114.159660][ T6116] ? do_fast_syscall_32 (arch/x86/entry/common.c:203) 
[ 114.160301][ T6116] ? do_SYSENTER_32 (arch/x86/entry/common.c:246) 
[ 114.160891][ T6116] ? entry_SYSENTER_32 (arch/x86/entry/entry_32.S:840) 
[  114.161534][ T6116] Modules linked in: mousedev snd_pcsp snd_pcm crc32_pclmul crc32c_intel input_leds snd_timer psmouse snd evdev floppy tiny_power_button rtc_cmos processor button fuse
[  114.163575][ T6116] ---[ end trace 0000000000000000 ]---
[ 114.185146][ T6116] EIP: free_unref_page_prepare (mm/page_alloc.c:1107) 
[ 114.185909][ T6116] Code: 8c fd ff 0f 0b 68 18 2e a2 c2 e8 53 dd 5e 00 b3 01 f7 47 04 01 00 00 00 0f 84 b3 fc ff ff 89 f8 ba 39 ba 59 c2 e8 e8 8b fd ff <0f> 0b 68 08 2e a2 c2 e8 2c dd 5e 00 89 fe 64 a1 08 8d cf c2 83 f8
All code
========
   0:	8c fd                	mov    %?,%ebp
   2:	ff 0f                	decl   (%rdi)
   4:	0b 68 18             	or     0x18(%rax),%ebp
   7:	2e a2 c2 e8 53 dd 5e 	cs movabs %al,0x1b3005edd53e8c2
   e:	00 b3 01 
  11:	f7 47 04 01 00 00 00 	testl  $0x1,0x4(%rdi)
  18:	0f 84 b3 fc ff ff    	je     0xfffffffffffffcd1
  1e:	89 f8                	mov    %edi,%eax
  20:	ba 39 ba 59 c2       	mov    $0xc259ba39,%edx
  25:	e8 e8 8b fd ff       	call   0xfffffffffffd8c12
  2a:*	0f 0b                	ud2		<-- trapping instruction
  2c:	68 08 2e a2 c2       	push   $0xffffffffc2a22e08
  31:	e8 2c dd 5e 00       	call   0x5edd62
  36:	89 fe                	mov    %edi,%esi
  38:	64                   	fs
  39:	a1                   	.byte 0xa1
  3a:	08 8d cf c2 83 f8    	or     %cl,-0x77c3d31(%rbp)

Code starting with the faulting instruction
===========================================
   0:	0f 0b                	ud2
   2:	68 08 2e a2 c2       	push   $0xffffffffc2a22e08
   7:	e8 2c dd 5e 00       	call   0x5edd38
   c:	89 fe                	mov    %edi,%esi
   e:	64                   	fs
   f:	a1                   	.byte 0xa1
  10:	08 8d cf c2 83 f8    	or     %cl,-0x77c3d31(%rbp)


The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20240219/202402192250.f71dd353-lkp@intel.com



-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ