lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <202508221045.ecc6098e-lkp@intel.com>
Date: Fri, 22 Aug 2025 10:49:04 +0800
From: kernel test robot <oliver.sang@...el.com>
To: "Paul E. McKenney" <paulmck@...nel.org>
CC: <oe-lkp@...ts.linux.dev>, <lkp@...el.com>, Andrii Nakryiko
	<andrii@...nel.org>, Alexei Starovoitov <ast@...nel.org>,
	<rcu@...r.kernel.org>, <linux-kernel@...r.kernel.org>,
	<oliver.sang@...el.com>
Subject: [paulmckrcu:dev.2025.08.14a] [rcu]  2ad3ef4260:
 WARNING:at_mm/slub.c:#free_large_kmalloc


hi, Paul,

we noticed there are similar commits and fix commits in newer branches.
  dev.2025.08.19a
  dev.2025.08.20a
but we didn't finish the test/bisect for new branches.

this report is just FYI, if the issue was already fixed in new branches, please
ignore this report. sorry if any inconvenience.


Hello,

kernel test robot noticed "WARNING:at_mm/slub.c:#free_large_kmalloc" on:

commit: 2ad3ef4260e9bd8628025b35fa2613c7e4e7720f ("rcu: Re-implement RCU Tasks Trace in terms of SRCU-fast")
https://github.com/paulmckrcu/linux dev.2025.08.14a

in testcase: rcutorture
version: 
with following parameters:

	runtime: 300s
	test: default
	torture_type: tasks-tracing



config: i386-randconfig-013-20250820
compiler: clang-20
test machine: qemu-system-i386 -enable-kvm -cpu SandyBridge -smp 2 -m 4G

(please refer to attached dmesg/kmsg for entire log/backtrace)



If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@...el.com>
| Closes: https://lore.kernel.org/oe-lkp/202508221045.ecc6098e-lkp@intel.com


[    5.780201][    T1] ------------[ cut here ]------------
[ 5.780793][ T1] WARNING: CPU: 0 PID: 1 at mm/slub.c:4790 free_large_kmalloc (mm/slub.c:4790 (discriminator 12)) 
[    5.781568][    T1] Modules linked in:
[    5.782001][    T1] CPU: 0 UID: 0 PID: 1 Comm: swapper/0 Tainted: G                T   6.17.0-rc1-00030-g2ad3ef4260e9 #1 PREEMPT(lazy)  f3de4fe5b382f5192602efb6727d7dab8a9b7f2f
[    5.784147][    T1] Tainted: [T]=RANDSTRUCT
[    5.784803][    T1] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 5.786255][ T1] EIP: free_large_kmalloc (mm/slub.c:4790 (discriminator 12)) 
[ 5.787027][ T1] Code: 89 d9 d3 e2 c1 fa 0c 01 15 ac cf d2 d0 01 15 d4 d5 5c d1 83 3e ff 74 06 c7 06 ff ff ff ff 89 da e8 8d 55 ff ff 5e 5f 5b 5d c3 <0f> 0b ba 2c b2 4e d0 e8 6c a4 c7 ff eb ed 89 c7 b8 30 26 b3 d0 ba
All code
========
   0:	89 d9                	mov    %ebx,%ecx
   2:	d3 e2                	shl    %cl,%edx
   4:	c1 fa 0c             	sar    $0xc,%edx
   7:	01 15 ac cf d2 d0    	add    %edx,-0x2f2d3054(%rip)        # 0xffffffffd0d2cfb9
   d:	01 15 d4 d5 5c d1    	add    %edx,-0x2ea32a2c(%rip)        # 0xffffffffd15cd5e7
  13:	83 3e ff             	cmpl   $0xffffffff,(%rsi)
  16:	74 06                	je     0x1e
  18:	c7 06 ff ff ff ff    	movl   $0xffffffff,(%rsi)
  1e:	89 da                	mov    %ebx,%edx
  20:	e8 8d 55 ff ff       	call   0xffffffffffff55b2
  25:	5e                   	pop    %rsi
  26:	5f                   	pop    %rdi
  27:	5b                   	pop    %rbx
  28:	5d                   	pop    %rbp
  29:	c3                   	ret
  2a:*	0f 0b                	ud2		<-- trapping instruction
  2c:	ba 2c b2 4e d0       	mov    $0xd04eb22c,%edx
  31:	e8 6c a4 c7 ff       	call   0xffffffffffc7a4a2
  36:	eb ed                	jmp    0x25
  38:	89 c7                	mov    %eax,%edi
  3a:	b8 30 26 b3 d0       	mov    $0xd0b32630,%eax
  3f:	ba                   	.byte 0xba

Code starting with the faulting instruction
===========================================
   0:	0f 0b                	ud2
   2:	ba 2c b2 4e d0       	mov    $0xd04eb22c,%edx
   7:	e8 6c a4 c7 ff       	call   0xffffffffffc7a478
   c:	eb ed                	jmp    0xfffffffffffffffb
   e:	89 c7                	mov    %eax,%edi
  10:	b8 30 26 b3 d0       	mov    $0xd0b32630,%eax
  15:	ba                   	.byte 0xba
[    5.789718][    T1] EAX: e7722700 EBX: e7238660 ECX: ff000000 EDX: e7238660
[    5.790702][    T1] ESI: e7722700 EDI: cecc63c8 EBP: c1259a80 ESP: c1259a74
[    5.791669][    T1] DS: 007b ES: 007b FS: 0000 GS: 0000 SS: 0068 EFLAGS: 00010206
[    5.792787][    T1] CR0: 80050033 CR2: b7fa3cd4 CR3: 10ed1000 CR4: 000406d0
[    5.793708][    T1] Call Trace:
[ 5.794192][ T1] ? crypto842_free_ctx (crypto/842.c:40) 
[ 5.794849][ T1] kfree (mm/slub.c:4874) 
[ 5.795393][ T1] crypto842_free_ctx (crypto/842.c:40) 
[ 5.796104][ T1] crypto_acomp_alloc_streams (include/linux/err.h:70 crypto/acompress.c:431) 
[ 5.796915][ T1] crypto_scomp_init_tfm (crypto/scompress.c:128) 
[ 5.797665][ T1] crypto_create_tfm_node (crypto/api.c:541) 
[ 5.798430][ T1] crypto_init_scomp_ops_async (include/linux/err.h:70 crypto/scompress.c:314) 
[ 5.799284][ T1] crypto_acomp_init_tfm (crypto/acompress.c:124) 
[ 5.800029][ T1] crypto_create_tfm_node (crypto/api.c:541) 
[ 5.800809][ T1] crypto_alloc_tfm_node (crypto/api.c:642) 
[ 5.801584][ T1] crypto_alloc_acomp_node (crypto/acompress.c:162) 
[ 5.802380][ T1] zswap_cpu_comp_prepare (mm/zswap.c:836) 
[ 5.803160][ T1] ? zswap_setup (mm/zswap.c:822) 
[ 5.803856][ T1] cpuhp_issue_call (kernel/cpu.c:205) 
[ 5.804563][ T1] ? mutex_lock_nested (kernel/locking/mutex.c:760 kernel/locking/mutex.c:812) 
[ 5.805313][ T1] ? zswap_setup (mm/zswap.c:822) 
[ 5.806053][ T1] __cpuhp_state_add_instance (kernel/cpu.c:2427 kernel/cpu.c:2448) 
[ 5.806918][ T1] zswap_pool_create (mm/zswap.c:295) 
[ 5.807704][ T1] __zswap_pool_create_fallback (mm/zswap.c:362) 
[ 5.808596][ T1] zswap_setup (mm/zswap.c:1868) 
[ 5.809302][ T1] zswap_init (mm/zswap.c:?) 
[ 5.809938][ T1] do_one_initcall (init/main.c:1269) 
[ 5.810654][ T1] ? __lock_acquire (kernel/locking/lockdep.c:4674) 
[ 5.811372][ T1] ? __lock_acquire (kernel/locking/lockdep.c:4674) 
[ 5.812111][ T1] ? __lock_acquire (kernel/locking/lockdep.c:4674) 
[ 5.812834][ T1] ? __lock_acquire (kernel/locking/lockdep.c:4674) 
[ 5.813557][ T1] ? __update_load_avg_cfs_rq (include/trace/events/sched.h:833 (discriminator 3)) 
[ 5.814379][ T1] ? lock_acquire (kernel/locking/lockdep.c:5868) 
[ 5.815070][ T1] ? lock_acquire (kernel/locking/lockdep.c:5868) 
[ 5.815799][ T1] ? ktime_get (include/linux/seqlock.h:226 (discriminator 3)) 
[ 5.816484][ T1] ? ktime_get (include/linux/seqlock.h:226 (discriminator 3)) 
[ 5.817045][ T1] ? ktime_get (include/linux/seqlock.h:226 (discriminator 3)) 
[ 5.817486][ T1] ? kvm_clock_get_cycles (arch/x86/include/asm/preempt.h:95 arch/x86/kernel/kvmclock.c:80 arch/x86/kernel/kvmclock.c:86) 
[ 5.817998][ T1] ? ktime_get (kernel/time/timekeeping.c:289 kernel/time/timekeeping.c:398 kernel/time/timekeeping.c:820) 
[ 5.818440][ T1] ? clockevents_program_event (kernel/time/clockevents.c:336) 
[ 5.818995][ T1] ? profile_tick (include/linux/profile.h:50) 
[ 5.819423][ T1] ? trace_hardirqs_on (kernel/trace/trace_preemptirq.c:80) 
[ 5.819882][ T1] ? irqentry_exit (kernel/entry/common.c:?) 
[ 5.820317][ T1] ? sysvec_hyperv_stimer0 (arch/x86/kernel/apic/apic.c:1050) 
[ 5.820829][ T1] ? sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1050 (discriminator 6)) 
[ 5.821357][ T1] ? handle_exception (arch/x86/entry/entry_32.S:1048) 
[ 5.821826][ T1] ? strlen (arch/x86/lib/string_32.c:167) 
[ 5.822209][ T1] ? next_arg (lib/cmdline.c:273) 
[ 5.822623][ T1] ? parameq (kernel/params.c:90 (discriminator 1) kernel/params.c:99 (discriminator 1)) 
[ 5.823014][ T1] ? swapfile_init (mm/zswap.c:1900) 
[ 5.823449][ T1] do_initcall_level (init/main.c:1330 (discriminator 6)) 
[ 5.823906][ T1] do_initcalls (init/main.c:1344 (discriminator 2)) 
[ 5.824319][ T1] ? rest_init (init/main.c:1461) 
[ 5.824747][ T1] ? rest_init (init/main.c:1461) 
[ 5.825163][ T1] do_basic_setup (init/main.c:1367) 
[ 5.825590][ T1] kernel_init_freeable (init/main.c:1581) 
[ 5.826058][ T1] kernel_init (init/main.c:1471) 
[ 5.826472][ T1] ret_from_fork (arch/x86/kernel/process.c:154) 
[ 5.826906][ T1] ? rest_init (init/main.c:1461) 
[ 5.827326][ T1] ret_from_fork_asm (arch/x86/entry/entry_32.S:737) 
[ 5.827778][ T1] entry_INT80_32 (arch/x86/entry/entry_32.S:945) 
[    5.828225][    T1] irq event stamp: 1016907
[ 5.828641][ T1] hardirqs last enabled at (1016917): __console_unlock (arch/x86/include/asm/irqflags.h:19 arch/x86/include/asm/irqflags.h:109 arch/x86/include/asm/irqflags.h:151 kernel/printk/printk.c:344 kernel/printk/printk.c:2885) 
[ 5.829782][ T1] hardirqs last disabled at (1016928): __console_unlock (kernel/printk/printk.c:342 (discriminator 9)) 
[ 5.831001][ T1] softirqs last enabled at (1008778): __do_softirq (kernel/softirq.c:614) 
[ 5.832169][ T1] softirqs last disabled at (1008769): __do_softirq (kernel/softirq.c:614) 
[    5.833335][    T1] ---[ end trace 0000000000000000 ]---


The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20250822/202508221045.ecc6098e-lkp@intel.com



-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ