From: kernel test robot <oliver.sang@intel.com>
To: Mateusz Guzik <mjguzik@gmail.com>
Cc: <oe-lkp@lists.linux.dev>, <lkp@intel.com>,
Linux Memory Management List <linux-mm@kvack.org>,
Christian Brauner <brauner@kernel.org>, Jan Kara <jack@suse.cz>,
<linux-fsdevel@vger.kernel.org>, <oliver.sang@intel.com>
Subject: [linux-next:master] [vfs] 632586fb1b: WARNING:at_mm/slub.c:#cache_from_obj
Date: Fri, 21 Jun 2024 17:24:13 +0800 [thread overview]
Message-ID: <202406211634.7ef4671b-lkp@intel.com> (raw)
Hello,
kernel test robot noticed "WARNING:at_mm/slub.c:#cache_from_obj" on:
commit: 632586fb1b5da157f060730549ad45ba9f5e0371 ("vfs: shave a branch in getname_flags")
https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git master
[test failed on linux-next/master 6906a84c482f098d31486df8dc98cead21cce2d0]
in testcase: trinity
version: trinity-i386-abe9de86-1_20230429
with following parameters:
runtime: 300s
group: group-04
nr_groups: 5
compiler: gcc-13
test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
(please refer to attached dmesg/kmsg for entire log/backtrace)
we noticed the issue does not always happen, 27 out of 50 runs as below.
but keeps clean on parent.
dff60734fc7606fa 632586fb1b5da157f060730549a
---------------- ---------------------------
fail:runs %reproduction fail:runs
| | |
:50 54% 27:50 dmesg.BUG:KASAN:double-free_in_getname_flags
:50 54% 27:50 dmesg.RIP:cache_from_obj
:50 54% 27:50 dmesg.WARNING:at_mm/slub.c:#cache_from_obj
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@intel.com>
| Closes: https://lore.kernel.org/oe-lkp/202406211634.7ef4671b-lkp@intel.com
[ 270.294992][ T3903] ------------[ cut here ]------------
[ 270.296024][ T3903] cache_from_obj: Wrong slab cache. names_cache but object is from kmalloc-64
[ 270.297635][ T3903] WARNING: CPU: 1 PID: 3903 at mm/slub.c:4490 cache_from_obj (mm/slub.c:4490 (discriminator 1))
[ 270.299438][ T3903] Modules linked in:
[ 270.300188][ T3903] CPU: 1 PID: 3903 Comm: trinity-c7 Not tainted 6.10.0-rc1-00012-g632586fb1b5d #1
[ 270.301728][ T3903] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 270.303625][ T3903] RIP: 0010:cache_from_obj (mm/slub.c:4490 (discriminator 1))
[ 270.304640][ T3903] Code: d0 4c 8d 70 ff 4c 89 f3 e9 cd fd ff ff 90 49 8b 4e 60 49 8b 55 60 48 c7 c6 58 30 7c 86 48 c7 c7 08 bd a3 87 e8 1b 12 80 ff 90 <0f> 0b 90 90 b9 01 00 00 00 31 d2 be 01 00 00 00 48 c7 c7 00 e7 84
All code
========
0: d0 4c 8d 70 rorb 0x70(%rbp,%rcx,4)
4: ff 4c 89 f3 decl -0xd(%rcx,%rcx,4)
8: e9 cd fd ff ff jmp 0xfffffffffffffdda
d: 90 nop
e: 49 8b 4e 60 mov 0x60(%r14),%rcx
12: 49 8b 55 60 mov 0x60(%r13),%rdx
16: 48 c7 c6 58 30 7c 86 mov $0xffffffff867c3058,%rsi
1d: 48 c7 c7 08 bd a3 87 mov $0xffffffff87a3bd08,%rdi
24: e8 1b 12 80 ff call 0xffffffffff801244
29: 90 nop
2a:* 0f 0b ud2 <-- trapping instruction
2c: 90 nop
2d: 90 nop
2e: b9 01 00 00 00 mov $0x1,%ecx
33: 31 d2 xor %edx,%edx
35: be 01 00 00 00 mov $0x1,%esi
3a: 48 rex.W
3b: c7 .byte 0xc7
3c: c7 .byte 0xc7
3d: 00 e7 add %ah,%bh
3f: 84 .byte 0x84
Code starting with the faulting instruction
===========================================
0: 0f 0b ud2
2: 90 nop
3: 90 nop
4: b9 01 00 00 00 mov $0x1,%ecx
9: 31 d2 xor %edx,%edx
b: be 01 00 00 00 mov $0x1,%esi
10: 48 rex.W
11: c7 .byte 0xc7
12: c7 .byte 0xc7
13: 00 e7 add %ah,%bh
15: 84 .byte 0x84
[ 270.322649][ T3903] RSP: 0000:ffffc90005877da0 EFLAGS: 00010246
[ 270.323751][ T3903] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000
[ 270.325199][ T3903] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 270.326772][ T3903] RBP: ffffc90005877dd0 R08: 0000000000000000 R09: 0000000000000000
[ 270.328141][ T3903] R10: 0000000000000000 R11: 0000000000000000 R12: ffff888163657c00
[ 270.329532][ T3903] R13: ffff88810037ea00 R14: ffff8881000418c0 R15: 0000000000000000
[ 270.337444][ T3903] FS: 0000000000000000(0000) GS:ffff8883ae600000(0063) knlGS:00000000f7f8a040
[ 270.339031][ T3903] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033
[ 270.340221][ T3903] CR2: 0000000000000004 CR3: 0000000107680000 CR4: 00000000000406b0
[ 270.341572][ T3903] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 270.354716][ T3903] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 270.356112][ T3903] Call Trace:
[ 270.356773][ T3903] <TASK>
[ 270.357370][ T3903] ? show_regs (arch/x86/kernel/dumpstack.c:479)
[ 270.358166][ T3903] ? cache_from_obj (mm/slub.c:4490 (discriminator 1))
[ 270.359164][ T3903] ? __warn (kernel/panic.c:693)
[ 270.359930][ T3903] ? cache_from_obj (mm/slub.c:4490 (discriminator 1))
[ 270.360833][ T3903] ? report_bug (lib/bug.c:180 lib/bug.c:219)
[ 270.361735][ T3903] ? handle_bug (arch/x86/kernel/traps.c:239 (discriminator 1))
[ 270.362633][ T3903] ? exc_invalid_op (arch/x86/kernel/traps.c:260 (discriminator 1))
[ 270.363485][ T3903] ? asm_exc_invalid_op (arch/x86/include/asm/idtentry.h:621)
[ 270.364477][ T3903] ? cache_from_obj (mm/slub.c:4490 (discriminator 1))
[ 270.365528][ T3903] ? __might_fault (mm/memory.c:6233 (discriminator 1))
[ 270.366514][ T3903] kmem_cache_free (mm/slub.c:4508)
[ 270.367386][ T3903] ? strncpy_from_user (lib/strncpy_from_user.c:145)
[ 270.368374][ T3903] ? ftrace_likely_update (arch/x86/include/asm/smap.h:56 kernel/trace/trace_branch.c:229)
[ 270.369368][ T3903] getname_flags (fs/namei.c:197)
[ 270.370337][ T3903] user_path_at (fs/namei.c:2936)
[ 270.371150][ T3903] __ia32_sys_oldumount (fs/namespace.c:1916 fs/namespace.c:1934 fs/namespace.c:1932 fs/namespace.c:1932)
[ 270.372081][ T3903] ? __pfx___ia32_sys_oldumount (fs/namespace.c:1932)
[ 270.373093][ T3903] ? ftrace_likely_update (arch/x86/include/asm/smap.h:56 kernel/trace/trace_branch.c:229)
[ 270.374009][ T3903] ia32_sys_call (arch/x86/entry/syscall_32.c:42)
[ 270.375005][ T3903] do_int80_emulation (arch/x86/entry/common.c:165 (discriminator 1) arch/x86/entry/common.c:253 (discriminator 1))
[ 270.375956][ T3903] asm_int80_emulation (arch/x86/include/asm/idtentry.h:626)
[ 270.376722][ T3903] RIP: 0023:0xf7f90092
[ 270.377483][ T3903] Code: 00 00 00 e9 90 ff ff ff ff a3 24 00 00 00 68 30 00 00 00 e9 80 ff ff ff ff a3 f8 ff ff ff 66 90 00 00 00 00 00 00 00 00 cd 80 <c3> 8d b4 26 00 00 00 00 8d b6 00 00 00 00 8b 1c 24 c3 8d b4 26 00
All code
========
0: 00 00 add %al,(%rax)
2: 00 e9 add %ch,%cl
4: 90 nop
5: ff (bad)
6: ff (bad)
7: ff (bad)
8: ff a3 24 00 00 00 jmp *0x24(%rbx)
e: 68 30 00 00 00 push $0x30
13: e9 80 ff ff ff jmp 0xffffffffffffff98
18: ff a3 f8 ff ff ff jmp *-0x8(%rbx)
1e: 66 90 xchg %ax,%ax
...
28: cd 80 int $0x80
2a:* c3 ret <-- trapping instruction
2b: 8d b4 26 00 00 00 00 lea 0x0(%rsi,%riz,1),%esi
32: 8d b6 00 00 00 00 lea 0x0(%rsi),%esi
38: 8b 1c 24 mov (%rsp),%ebx
3b: c3 ret
3c: 8d .byte 0x8d
3d: b4 26 mov $0x26,%ah
...
Code starting with the faulting instruction
===========================================
0: c3 ret
1: 8d b4 26 00 00 00 00 lea 0x0(%rsi,%riz,1),%esi
8: 8d b6 00 00 00 00 lea 0x0(%rsi),%esi
e: 8b 1c 24 mov (%rsp),%ebx
11: c3 ret
12: 8d .byte 0x8d
13: b4 26 mov $0x26,%ah
The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20240621/202406211634.7ef4671b-lkp@intel.com
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
next reply other threads:[~2024-06-21 9:24 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-06-21 9:24 kernel test robot [this message]
2024-06-21 9:40 ` [linux-next:master] [vfs] 632586fb1b: WARNING:at_mm/slub.c:#cache_from_obj Christian Brauner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202406211634.7ef4671b-lkp@intel.com \
--to=oliver.sang@intel.com \
--cc=brauner@kernel.org \
--cc=jack@suse.cz \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=lkp@intel.com \
--cc=mjguzik@gmail.com \
--cc=oe-lkp@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.