lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <202405101421.84a43285-lkp@intel.com>
Date: Fri, 10 May 2024 15:15:49 +0800
From: kernel test robot <yujie.liu@...el.com>
To: Roman Gushchin <roman.gushchin@...ux.dev>
CC: <oe-lkp@...ts.linux.dev>, <lkp@...el.com>, <linux-mm@...ck.org>,
	<linux-kernel@...r.kernel.org>, <cgroups@...r.kernel.org>,
	<ltp@...ts.linux.it>, Andrew Morton <akpm@...ux-foundation.org>, Muchun Song
	<muchun.song@...ux.dev>, Johannes Weiner <hannes@...xchg.org>, Michal Hocko
	<mhocko@...nel.org>, Shakeel Butt <shakeel.butt@...ux.dev>, "Frank van der
 Linden" <fvdl@...gle.com>, Roman Gushchin <roman.gushchin@...ux.dev>
Subject: Re: [PATCH v1 2/4] mm: memcg: merge multiple page_counters into a
 single structure

Hello,

kernel test robot noticed "WARNING:at_mm/page_counter.c:#page_counter_cancel" on:

commit: 214583b2262ef6157ee9834fa23a7da8f2292dd2 ("[PATCH v1 2/4] mm: memcg: merge multiple page_counters into a single structure")
url: https://github.com/intel-lab-lkp/linux/commits/Roman-Gushchin/mm-memcg-convert-enum-res_type-to-mem_counter_type/20240504-042046
base: https://git.kernel.org/cgit/linux/kernel/git/akpm/mm.git mm-everything
patch link: https://lore.kernel.org/all/20240503201835.2969707-3-roman.gushchin@linux.dev/
patch subject: [PATCH v1 2/4] mm: memcg: merge multiple page_counters into a single structure

in testcase: ltp
version: ltp-x86_64-14c1f76-1_20240504
with following parameters:

	disk: 1HDD
	fs: xfs
	test: syscalls-03

compiler: gcc-13
test machine: 4 threads 1 sockets Intel(R) Core(TM) i3-3220 CPU @ 3.30GHz (Ivy Bridge) with 8G memory

(please refer to attached dmesg/kmsg for entire log/backtrace)

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <yujie.liu@...el.com>
| Closes: https://lore.kernel.org/oe-lkp/202405101421.84a43285-lkp@intel.com


kern  :warn  : [  551.565920] ------------[ cut here ]------------
kern  :warn  : [  551.573137] page_counter underflow: -512 nr_pages=512
kern :warn : [  551.585841] WARNING: CPU: 0 PID: 6724 at mm/page_counter.c:58 page_counter_cancel (mm/page_counter.c:58 (discriminator 1)) 
kern  :warn  : [  551.810031] CPU: 0 PID: 6724 Comm: memfd_create03 Tainted: G S                 6.9.0-rc4-00574-g214583b2262e #1
kern  :warn  : [  551.820871] Hardware name: Hewlett-Packard HP Pro 3340 MT/17A1, BIOS 8.07 01/24/2013
kern :warn : [  551.829368] RIP: 0010:page_counter_cancel (mm/page_counter.c:58 (discriminator 1)) 
kern :warn : [ 551.835103] Code: 3c 02 00 75 4f 49 c7 04 24 00 00 00 00 31 f6 e9 71 ff ff ff 48 89 ea 48 c7 c7 a0 88 f6 83 c6 05 06 21 d6 03 01 e8 84 d9 72 ff <0f> 0b eb ad 48 89 34 24 e8 d7 94 fb ff 48 8b 34 24 e9 67 ff ff ff
All code
========
   0:	3c 02                	cmp    $0x2,%al
   2:	00 75 4f             	add    %dh,0x4f(%rbp)
   5:	49 c7 04 24 00 00 00 	movq   $0x0,(%r12)
   c:	00 
   d:	31 f6                	xor    %esi,%esi
   f:	e9 71 ff ff ff       	jmp    0xffffffffffffff85
  14:	48 89 ea             	mov    %rbp,%rdx
  17:	48 c7 c7 a0 88 f6 83 	mov    $0xffffffff83f688a0,%rdi
  1e:	c6 05 06 21 d6 03 01 	movb   $0x1,0x3d62106(%rip)        # 0x3d6212b
  25:	e8 84 d9 72 ff       	call   0xffffffffff72d9ae
  2a:*	0f 0b                	ud2		<-- trapping instruction
  2c:	eb ad                	jmp    0xffffffffffffffdb
  2e:	48 89 34 24          	mov    %rsi,(%rsp)
  32:	e8 d7 94 fb ff       	call   0xfffffffffffb950e
  37:	48 8b 34 24          	mov    (%rsp),%rsi
  3b:	e9 67 ff ff ff       	jmp    0xffffffffffffffa7

Code starting with the faulting instruction
===========================================
   0:	0f 0b                	ud2
   2:	eb ad                	jmp    0xffffffffffffffb1
   4:	48 89 34 24          	mov    %rsi,(%rsp)
   8:	e8 d7 94 fb ff       	call   0xfffffffffffb94e4
   d:	48 8b 34 24          	mov    (%rsp),%rsi
  11:	e9 67 ff ff ff       	jmp    0xffffffffffffff7d
kern  :warn  : [  551.854617] RSP: 0018:ffffc9000817fb58 EFLAGS: 00010286
kern  :warn  : [  551.860610] RAX: 0000000000000000 RBX: ffff8881001c4100 RCX: ffffffff8239a90e
kern  :warn  : [  551.868499] RDX: 1ffff11030706a6c RSI: 0000000000000008 RDI: ffff888183835360
kern  :warn  : [  551.876394] RBP: 0000000000000200 R08: 0000000000000001 R09: fffff5200102ff23
kern  :warn  : [  551.884295] R10: ffffc9000817f91f R11: 205d363233542020 R12: ffff8881001c4100
kern  :warn  : [  551.892184] R13: 0000000000000000 R14: 0000000000000000 R15: ffffffff869a1de8
kern  :warn  : [  551.900067] FS:  00007f45c0bc1740(0000) GS:ffff888183800000(0000) knlGS:0000000000000000
kern  :warn  : [  551.908910] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
kern  :warn  : [  551.915420] CR2: 00007f45c0c73900 CR3: 0000000206448002 CR4: 00000000001706f0
kern  :warn  : [  551.923304] Call Trace:
kern  :warn  : [  551.926508]  <TASK>
kern :warn : [  551.929366] ? __warn (kernel/panic.c:694) 
kern :warn : [  551.933354] ? page_counter_cancel (mm/page_counter.c:58 (discriminator 1)) 
kern :warn : [  551.938467] ? report_bug (lib/bug.c:180 lib/bug.c:219) 
kern :warn : [  551.942892] ? handle_bug (arch/x86/kernel/traps.c:239 (discriminator 1)) 
kern :warn : [  551.947142] ? exc_invalid_op (arch/x86/kernel/traps.c:260 (discriminator 1)) 
kern :warn : [  551.951741] ? asm_exc_invalid_op (arch/x86/include/asm/idtentry.h:621) 
kern :warn : [  551.956684] ? llist_add_batch (lib/llist.c:33 (discriminator 14)) 
kern :warn : [  551.961451] ? page_counter_cancel (mm/page_counter.c:58 (discriminator 1)) 
kern :warn : [  551.966564] ? page_counter_cancel (mm/page_counter.c:58 (discriminator 1)) 
kern :warn : [  551.971674] page_counter_uncharge (mm/page_counter.c:168 (discriminator 3)) 
kern :warn : [  551.976706] hugetlb_cgroup_uncharge_counter (mm/hugetlb_cgroup.c:392) 
kern :warn : [  551.982684] hugetlb_vm_op_close (mm/hugetlb.c:5222) 
kern :warn : [  551.987713] remove_vma (mm/mmap.c:142) 
kern :warn : [  551.991870] do_vmi_align_munmap (mm/mmap.c:2336 mm/mmap.c:2685) 
kern :warn : [  551.996897] ? __pfx_do_vmi_align_munmap (mm/mmap.c:2561) 
kern :warn : [  552.002446] do_vmi_munmap (mm/mmap.c:2757) 
kern :warn : [  552.006948] __vm_munmap (mm/mmap.c:3036) 
kern :warn : [  552.011288] ? __pfx___vm_munmap (mm/mmap.c:3027) 
kern :warn : [  552.016138] ? __pfx_ksys_write (fs/read_write.c:633) 
kern :warn : [  552.020914] __x64_sys_munmap (mm/mmap.c:3050) 
kern :warn : [  552.025509] do_syscall_64 (arch/x86/entry/common.c:52 (discriminator 1) arch/x86/entry/common.c:83 (discriminator 1)) 
kern :warn : [  552.029924] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) 
kern  :warn  : [  552.035733] RIP: 0033:0x7f45c0cc58f7
kern :warn : [ 552.040067] Code: 00 00 00 48 8b 15 09 05 0d 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 0b 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d d9 04 0d 00 f7 d8 64 89 01 48
All code
========
   0:	00 00                	add    %al,(%rax)
   2:	00 48 8b             	add    %cl,-0x75(%rax)
   5:	15 09 05 0d 00       	adc    $0xd0509,%eax
   a:	f7 d8                	neg    %eax
   c:	64 89 02             	mov    %eax,%fs:(%rdx)
   f:	48 c7 c0 ff ff ff ff 	mov    $0xffffffffffffffff,%rax
  16:	c3                   	ret
  17:	66 2e 0f 1f 84 00 00 	cs nopw 0x0(%rax,%rax,1)
  1e:	00 00 00 
  21:	66 90                	xchg   %ax,%ax
  23:	b8 0b 00 00 00       	mov    $0xb,%eax
  28:	0f 05                	syscall
  2a:*	48 3d 01 f0 ff ff    	cmp    $0xfffffffffffff001,%rax		<-- trapping instruction
  30:	73 01                	jae    0x33
  32:	c3                   	ret
  33:	48 8b 0d d9 04 0d 00 	mov    0xd04d9(%rip),%rcx        # 0xd0513
  3a:	f7 d8                	neg    %eax
  3c:	64 89 01             	mov    %eax,%fs:(%rcx)
  3f:	48                   	rex.W

Code starting with the faulting instruction
===========================================
   0:	48 3d 01 f0 ff ff    	cmp    $0xfffffffffffff001,%rax
   6:	73 01                	jae    0x9
   8:	c3                   	ret
   9:	48 8b 0d d9 04 0d 00 	mov    0xd04d9(%rip),%rcx        # 0xd04e9
  10:	f7 d8                	neg    %eax
  12:	64 89 01             	mov    %eax,%fs:(%rcx)
  15:	48                   	rex.W


The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20240510/202405101421.84a43285-lkp@intel.com

-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ