From: kernel test robot <oliver.sang@intel.com>
To: Yunsheng Lin <linyunsheng@huawei.com>
Cc: <oe-lkp@lists.linux.dev>, <lkp@intel.com>, <oliver.sang@intel.com>
Subject: [linyunsheng:page_frag_cache] [net] b18c35c75e: kernel_BUG_at_mm/usercopy.c
Date: Sun, 31 Mar 2024 10:06:28 +0800 [thread overview]
Message-ID: <202403310850.950947b0-lkp@intel.com> (raw)
Hello,
kernel test robot noticed "kernel_BUG_at_mm/usercopy.c" on:
commit: b18c35c75e141b9cf0d8ac75d687d434946f78be ("net: replace page_frag with page_frag_cache")
https://github.com/gestionlin/linux.git page_frag_cache
in testcase: boot
compiler: gcc-11
test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
(please refer to attached dmesg/kmsg for entire log/backtrace)
+---------------------------------------------------+------------+------------+
| | 3549b28ed8 | b18c35c75e |
+---------------------------------------------------+------------+------------+
| kernel_BUG_at_mm/usercopy.c | 0 | 8 |
| invalid_opcode:#[##] | 0 | 8 |
| RIP:usercopy_abort | 0 | 8 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 8 |
+---------------------------------------------------+------------+------------+
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@intel.com>
| Closes: https://lore.kernel.org/oe-lkp/202403310850.950947b0-lkp@intel.com
[ 399.409298][ T1968] ------------[ cut here ]------------
[ 399.409717][ T1968] kernel BUG at mm/usercopy.c:102!
[ 399.410216][ T1968] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[ 399.410896][ T1968] CPU: 1 PID: 1968 Comm: rsync Tainted: G W 6.8.0-13171-gb18c35c75e14 #2
[ 399.411598][ T1968] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 399.412329][ T1968] RIP: 0010:usercopy_abort (mm/usercopy.c:102 (discriminator 12))
[ 399.412736][ T1968] Code: 56 b3 50 48 c7 c2 00 30 56 b3 57 48 c7 c7 00 31 56 b3 48 0f 44 d6 48 c7 c6 40 30 56 b3 4c 89 d1 49 0f 44 f3 e8 27 09 a7 ff 90 <0f> 0b 49 c7 c1 80 2f 56 b3 4c 89 cf 4d 89 c8 eb a8 0f 1f 44 00 00
All code
========
0: 56 push %rsi
1: b3 50 mov $0x50,%bl
3: 48 c7 c2 00 30 56 b3 mov $0xffffffffb3563000,%rdx
a: 57 push %rdi
b: 48 c7 c7 00 31 56 b3 mov $0xffffffffb3563100,%rdi
12: 48 0f 44 d6 cmove %rsi,%rdx
16: 48 c7 c6 40 30 56 b3 mov $0xffffffffb3563040,%rsi
1d: 4c 89 d1 mov %r10,%rcx
20: 49 0f 44 f3 cmove %r11,%rsi
24: e8 27 09 a7 ff call 0xffffffffffa70950
29: 90 nop
2a:* 0f 0b ud2 <-- trapping instruction
2c: 49 c7 c1 80 2f 56 b3 mov $0xffffffffb3562f80,%r9
33: 4c 89 cf mov %r9,%rdi
36: 4d 89 c8 mov %r9,%r8
39: eb a8 jmp 0xffffffffffffffe3
3b: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
Code starting with the faulting instruction
===========================================
0: 0f 0b ud2
2: 49 c7 c1 80 2f 56 b3 mov $0xffffffffb3562f80,%r9
9: 4c 89 cf mov %r9,%rdi
c: 4d 89 c8 mov %r9,%r8
f: eb a8 jmp 0xffffffffffffffb9
11: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
[ 399.414107][ T1968] RSP: 0018:ffffc900031df908 EFLAGS: 00210246
[ 399.414554][ T1968] RAX: 000000000000005b RBX: 0000000000000000 RCX: 0000000000000000
[ 399.415118][ T1968] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 399.415683][ T1968] RBP: 00000000000013cc R08: 0000000000000000 R09: 0000000000000000
[ 399.416271][ T1968] R10: 0000000000000000 R11: 0000000000000000 R12: ffffea00048f2600
[ 399.416876][ T1968] R13: 0000000000007ec0 R14: 0000000000000140 R15: ffffea00048f2600
[ 399.417464][ T1968] FS: 0000000000000000(0000) GS:ffff8883ae200000(0063) knlGS:00000000f7979700
[ 399.418135][ T1968] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033
[ 399.418608][ T1968] CR2: 000000005668e000 CR3: 0000000114249000 CR4: 00000000000406f0
[ 399.419193][ T1968] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 399.419758][ T1968] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 399.420334][ T1968] Call Trace:
[ 399.420593][ T1968] <TASK>
[ 399.420813][ T1968] ? die (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:434 arch/x86/kernel/dumpstack.c:447)
[ 399.421094][ T1968] ? do_trap (arch/x86/kernel/traps.c:114 arch/x86/kernel/traps.c:155)
[ 399.421402][ T1968] ? usercopy_abort (mm/usercopy.c:102 (discriminator 12))
[ 399.421745][ T1968] ? do_error_trap (arch/x86/include/asm/traps.h:58 arch/x86/kernel/traps.c:176)
[ 399.422085][ T1968] ? usercopy_abort (mm/usercopy.c:102 (discriminator 12))
[ 399.422426][ T1968] ? usercopy_abort (mm/usercopy.c:102 (discriminator 12))
[ 399.422766][ T1968] ? handle_invalid_op (arch/x86/kernel/traps.c:214)
[ 399.423123][ T1968] ? usercopy_abort (mm/usercopy.c:102 (discriminator 12))
[ 399.423462][ T1968] ? exc_invalid_op (arch/x86/kernel/traps.c:266)
[ 399.423825][ T1968] ? asm_exc_invalid_op (arch/x86/include/asm/idtentry.h:621)
[ 399.424191][ T1968] ? usercopy_abort (mm/usercopy.c:102 (discriminator 12))
[ 399.425012][ T1968] ? usercopy_abort (mm/usercopy.c:102 (discriminator 12))
[ 399.425379][ T1968] check_heap_object (mm/usercopy.c:177)
[ 399.425751][ T1968] __check_object_size (mm/percpu-stats.c:27)
[ 399.426177][ T1968] skb_do_copy_data_nocache (include/linux/uio.h:204 include/linux/uio.h:211 include/net/sock.h:2231)
[ 399.426595][ T1968] ? check_prev_add (kernel/locking/lockdep.c:3825)
[ 399.426951][ T1968] ? can_map_frag+0xa0/0xa0
[ 399.427364][ T1968] ? __sk_mem_schedule (net/core/sock.c:3176)
[ 399.427731][ T1968] tcp_sendmsg_locked (include/net/sock.h:2274 net/ipv4/tcp.c:1210)
[ 399.428115][ T1968] ? __lock_release (kernel/locking/lockdep.c:353 kernel/locking/lockdep.c:5436)
[ 399.428490][ T1968] ? tcp_sendmsg_fastopen (net/ipv4/tcp.c:1040)
[ 399.428881][ T1968] ? hlock_class (arch/x86/include/asm/bitops.h:227 arch/x86/include/asm/bitops.h:239 include/asm-generic/bitops/instrumented-non-atomic.h:142 kernel/locking/lockdep.c:228)
[ 399.429211][ T1968] ? mark_lock (kernel/locking/lockdep.c:4656 (discriminator 3))
[ 399.429530][ T1968] tcp_sendmsg (net/ipv4/tcp.c:1344)
[ 399.429839][ T1968] sock_write_iter (net/socket.c:730 net/socket.c:745 net/socket.c:1160)
[ 399.430211][ T1968] ? call_trace_sock_send_length+0x190/0x190
[ 399.430730][ T1968] ? lock_downgrade (kernel/locking/lockdep.c:5406)
[ 399.431099][ T1968] ? __might_fault (mm/memory.c:6214 mm/memory.c:6207)
[ 399.431472][ T1968] vfs_write (include/linux/fs.h:2108 fs/read_write.c:497 fs/read_write.c:590)
[ 399.431781][ T1968] ? poll_freewait (fs/select.c:301)
[ 399.432128][ T1968] ? kernel_write (fs/read_write.c:571)
[ 399.432482][ T1968] ? ktime_get_ts64 (kernel/time/timekeeping.c:258 kernel/time/timekeeping.c:388 kernel/time/timekeeping.c:981)
[ 399.432839][ T1968] ? __fget_light (include/linux/atomic/atomic-arch-fallback.h:479 include/linux/atomic/atomic-instrumented.h:50 fs/file.c:1145)
[ 399.433179][ T1968] ksys_write (fs/read_write.c:643)
[ 399.433494][ T1968] ? __ia32_sys_read (fs/read_write.c:633)
[ 399.433843][ T1968] __do_fast_syscall_32 (arch/x86/entry/common.c:165 arch/x86/entry/common.c:321)
[ 399.434221][ T1968] do_fast_syscall_32 (arch/x86/entry/common.c:346)
[ 399.434576][ T1968] entry_SYSENTER_compat_after_hwframe (arch/x86/entry/entry_64_compat.S:121)
[ 399.435050][ T1968] RIP: 0023:0xf7fab579
[ 399.435370][ T1968] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
All code
========
0: b8 01 10 06 03 mov $0x3061001,%eax
5: 74 b4 je 0xffffffffffffffbb
7: 01 10 add %edx,(%rax)
9: 07 (bad)
a: 03 74 b0 01 add 0x1(%rax,%rsi,4),%esi
e: 10 08 adc %cl,(%rax)
10: 03 74 d8 01 add 0x1(%rax,%rbx,8),%esi
...
20: 00 51 52 add %dl,0x52(%rcx)
23: 55 push %rbp
24:* 89 e5 mov %esp,%ebp <-- trapping instruction
26: 0f 34 sysenter
28: cd 80 int $0x80
2a: 5d pop %rbp
2b: 5a pop %rdx
2c: 59 pop %rcx
2d: c3 ret
2e: 90 nop
2f: 90 nop
30: 90 nop
31: 90 nop
32: 8d b4 26 00 00 00 00 lea 0x0(%rsi,%riz,1),%esi
39: 8d b4 26 00 00 00 00 lea 0x0(%rsi,%riz,1),%esi
Code starting with the faulting instruction
===========================================
0: 5d pop %rbp
1: 5a pop %rdx
2: 59 pop %rcx
3: c3 ret
4: 90 nop
5: 90 nop
6: 90 nop
7: 90 nop
8: 8d b4 26 00 00 00 00 lea 0x0(%rsi,%riz,1),%esi
f: 8d b4 26 00 00 00 00 lea 0x0(%rsi,%riz,1),%esi
The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20240331/202403310850.950947b0-lkp@intel.com
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
reply other threads:[~2024-03-31 2:06 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202403310850.950947b0-lkp@intel.com \
--to=oliver.sang@intel.com \
--cc=linyunsheng@huawei.com \
--cc=lkp@intel.com \
--cc=oe-lkp@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).