* [willy-pagecache:slab-future] [slab] d7a6fafee0: RIP:__ksize
@ 2025-09-02 14:35 kernel test robot
2025-09-03 11:43 ` Matthew Wilcox
0 siblings, 1 reply; 4+ messages in thread
From: kernel test robot @ 2025-09-02 14:35 UTC (permalink / raw)
To: Matthew Wilcox; +Cc: oe-lkp, lkp, oliver.sang
Hello,
kernel test robot noticed "RIP:__ksize" on:
commit: d7a6fafee020f8dbe5863d2b6c2e8af5560df707 ("slab: Remove folio references from __ksize()")
git://git.infradead.org/users/willy/pagecache slab-future
in testcase: boot
config: x86_64-rhel-9.4-rust
compiler: clang-20
test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
(please refer to attached dmesg/kmsg for entire log/backtrace)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@intel.com>
| Closes: https://lore.kernel.org/oe-lkp/202509022248.dbe9cc08-lkp@intel.com
[ 33.277388][ T1] ------------[ cut here ]------------
[ 33.279697][ T1] WARNING: mm/slab_common.c:1016 at __ksize+0xf2/0x120, CPU#0: swapper/0/1
[ 33.285126][ T1] Modules linked in:
[ 33.286841][ T1] CPU: 0 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.17.0-rc3-next-20250829-00007-gd7a6fafee020 #1 PREEMPT(voluntary)
[ 33.291730][ T1] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 33.295871][ T1] RIP: 0010:__ksize (mm/slab_common.c:1016)
[ 33.297925][ T1] Code: 40 b8 00 10 00 00 48 d3 e0 48 3d 00 20 00 00 76 3b 49 29 f8 49 c1 e0 06 49 01 d0 4c 39 c6 74 cf 0f 0b 31 c0 c3 cc cc cc cc cc <0f> 0b 49 f7 00 40 00 00 00 75 04 31 c9 eb 05 41 0f b6 48 40 b8 00
All code
========
0: 40 b8 00 10 00 00 rex mov $0x1000,%eax
6: 48 d3 e0 shl %cl,%rax
9: 48 3d 00 20 00 00 cmp $0x2000,%rax
f: 76 3b jbe 0x4c
11: 49 29 f8 sub %rdi,%r8
14: 49 c1 e0 06 shl $0x6,%r8
18: 49 01 d0 add %rdx,%r8
1b: 4c 39 c6 cmp %r8,%rsi
1e: 74 cf je 0xffffffffffffffef
20: 0f 0b ud2
22: 31 c0 xor %eax,%eax
24: c3 ret
25: cc int3
26: cc int3
27: cc int3
28: cc int3
29: cc int3
2a:* 0f 0b ud2 <-- trapping instruction
2c: 49 f7 00 40 00 00 00 testq $0x40,(%r8)
33: 75 04 jne 0x39
35: 31 c9 xor %ecx,%ecx
37: eb 05 jmp 0x3e
39: 41 0f b6 48 40 movzbl 0x40(%r8),%ecx
3e: b8 .byte 0xb8
...
Code starting with the faulting instruction
===========================================
0: 0f 0b ud2
2: 49 f7 00 40 00 00 00 testq $0x40,(%r8)
9: 75 04 jne 0xf
b: 31 c9 xor %ecx,%ecx
d: eb 05 jmp 0x14
f: 41 0f b6 48 40 movzbl 0x40(%r8),%ecx
14: b8 .byte 0xb8
...
[ 33.305617][ T1] RSP: 0000:ffffd2b500013758 EFLAGS: 00010206
[ 33.308164][ T1] RAX: 00000000ff000000 RBX: ffff8afbc1151000 RCX: 00000000ffffff01
[ 33.311355][ T1] RDX: ffff8afac0000000 RSI: ffff8afbc1151000 RDI: fffff31e80000000
[ 33.314664][ T1] RBP: 00000000ffffffea R08: fffff31e84045440 R09: 0000000000000000
[ 33.317962][ T1] R10: ffff8afbc1151000 R11: ffffffff89ff2090 R12: ffff8afbc3133220
[ 33.322047][ T1] R13: ffff8afc76ef1108 R14: ffff8afbc3133e00 R15: ffff8afbc1151800
[ 33.325523][ T1] FS: 0000000000000000(0000) GS:ffff8aff63a29000(0000) knlGS:0000000000000000
[ 33.329151][ T1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 33.331822][ T1] CR2: ffff8afefffff000 CR3: 00000002e1e20000 CR4: 00000000000406f0
[ 33.335127][ T1] Call Trace:
[ 33.340398][ T1] <TASK>
[ 33.341827][ T1] kfree_sensitive (mm/slab_common.c:1234)
[ 33.343783][ T1] mpi_free (lib/crypto/mpi/mpiutil.c:?)
[ 33.345494][ T1] rsa_enc (crypto/rsa.c:62)
[ 33.347230][ T1] rsassa_pkcs1_verify (include/linux/crypto.h:383 crypto/rsassa-pkcs1.c:256)
[ 33.349482][ T1] public_key_verify_signature (crypto/asymmetric_keys/public_key.c:432)
[ 33.352192][ T1] ? __kmalloc_noprof (include/linux/kernel.h:?)
[ 33.354454][ T1] ? asymmetric_key_generate_id (crypto/asymmetric_keys/asymmetric_type.c:147)
[ 33.357247][ T1] x509_check_for_self_signed (crypto/asymmetric_keys/x509_public_key.c:126)
[ 33.359744][ T1] x509_cert_parse (crypto/asymmetric_keys/x509_cert_parser.c:130)
[ 33.361690][ T1] x509_key_preparse (crypto/asymmetric_keys/x509_public_key.c:157)
[ 33.368645][ T1] asymmetric_key_preparse (crypto/asymmetric_keys/asymmetric_type.c:409)
[ 33.371160][ T1] __key_create_or_update (security/keys/key.c:858)
[ 33.373639][ T1] key_create_or_update (security/keys/key.c:1021)
[ 33.376003][ T1] x509_load_certificate_list (crypto/asymmetric_keys/x509_loader.c:31)
[ 33.378485][ T1] ? load_module_cert (certs/system_keyring.c:280)
[ 33.380708][ T1] do_one_initcall (init/main.c:1281)
[ 33.382872][ T1] ? crng_make_state (include/linux/spinlock.h:406 drivers/char/random.c:363)
[ 33.385184][ T1] ? get_random_u32 (include/linux/string.h:366 include/crypto/chacha.h:119 drivers/char/random.c:425 drivers/char/random.c:554)
[ 33.387436][ T1] ? __get_random_u32_below (drivers/char/random.c:568)
[ 33.389903][ T1] ? allocate_slab (mm/slub.c:3073)
[ 33.392145][ T1] ? sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1050)
[ 33.394715][ T1] ? asm_sysvec_apic_timer_interrupt (arch/x86/include/asm/idtentry.h:697)
[ 33.397519][ T1] ? strlen (lib/string.c:420)
[ 33.399382][ T1] ? parameq (kernel/params.c:90 kernel/params.c:99)
[ 33.401356][ T1] ? do_initcall_level (init/main.c:1327)
[ 33.403660][ T1] ? parse_args (kernel/params.c:153)
[ 33.405789][ T1] do_initcall_level (init/main.c:1342)
[ 33.408096][ T1] do_initcalls (init/main.c:1356)
[ 33.410025][ T1] kernel_init_freeable (init/main.c:1593)
[ 33.412141][ T1] ? rest_init (init/main.c:1473)
[ 33.414170][ T1] kernel_init (init/main.c:1483)
[ 33.416292][ T1] ret_from_fork (arch/x86/kernel/process.c:154)
[ 33.418432][ T1] ? rest_init (init/main.c:1473)
[ 33.420469][ T1] ret_from_fork_asm (arch/x86/entry/entry_64.S:255)
[ 33.422651][ T1] </TASK>
[ 33.424207][ T1] ---[ end trace 0000000000000000 ]---
The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20250902/202509022248.dbe9cc08-lkp@intel.com
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [willy-pagecache:slab-future] [slab] d7a6fafee0: RIP:__ksize
2025-09-02 14:35 [willy-pagecache:slab-future] [slab] d7a6fafee0: RIP:__ksize kernel test robot
@ 2025-09-03 11:43 ` Matthew Wilcox
2025-09-03 13:40 ` Oliver Sang
0 siblings, 1 reply; 4+ messages in thread
From: Matthew Wilcox @ 2025-09-03 11:43 UTC (permalink / raw)
To: kernel test robot; +Cc: oe-lkp, lkp
On Tue, Sep 02, 2025 at 10:35:26PM +0800, kernel test robot wrote:
> Hello,
>
> kernel test robot noticed "RIP:__ksize" on:
>
> commit: d7a6fafee020f8dbe5863d2b6c2e8af5560df707 ("slab: Remove folio references from __ksize()")
> git://git.infradead.org/users/willy/pagecache slab-future
>
> in testcase: boot
>
> config: x86_64-rhel-9.4-rust
> compiler: clang-20
> test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
>
> (please refer to attached dmesg/kmsg for entire log/backtrace)
Hi. Do you have a log for this configuration without this patchset?
I believe it should hit this warning:
static void free_large_kmalloc(struct folio *folio, void *object)
{
unsigned int order = folio_order(folio);
if (WARN_ON_ONCE(!folio_test_large_kmalloc(folio))) {
dump_page(&folio->page, "Not a kmalloc allocation");
return;
}
> The kernel config and materials to reproduce are available at:
> https://download.01.org/0day-ci/archive/20250902/202509022248.dbe9cc08-lkp@intel.com
I'll give this a try.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [willy-pagecache:slab-future] [slab] d7a6fafee0: RIP:__ksize
2025-09-03 11:43 ` Matthew Wilcox
@ 2025-09-03 13:40 ` Oliver Sang
2025-09-09 18:25 ` Matthew Wilcox
0 siblings, 1 reply; 4+ messages in thread
From: Oliver Sang @ 2025-09-03 13:40 UTC (permalink / raw)
To: Matthew Wilcox; +Cc: oe-lkp, lkp, oliver.sang
[-- Attachment #1: Type: text/plain, Size: 6582 bytes --]
hi, Matthew Wilcox,
On Wed, Sep 03, 2025 at 12:43:49PM +0100, Matthew Wilcox wrote:
> On Tue, Sep 02, 2025 at 10:35:26PM +0800, kernel test robot wrote:
> > Hello,
> >
> > kernel test robot noticed "RIP:__ksize" on:
> >
> > commit: d7a6fafee020f8dbe5863d2b6c2e8af5560df707 ("slab: Remove folio references from __ksize()")
> > git://git.infradead.org/users/willy/pagecache slab-future
> >
> > in testcase: boot
> >
> > config: x86_64-rhel-9.4-rust
> > compiler: clang-20
> > test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
> >
> > (please refer to attached dmesg/kmsg for entire log/backtrace)
>
> Hi. Do you have a log for this configuration without this patchset?
> I believe it should hit this warning:
do you mean the dmesg from parent commit?
(attach one as dmesg-c5bbf49e67ff44.xz which seems quite clean)
or a dmesg from below commit
3cace99d63192a (tag: next-20250829,
which seems the base of this branch?
6259b37f692a4f (willy-pagecache/slab-future) mm: Remove redundant test in validate_page_before_insert()
20f8e938ae667d slab: Remove references to folios from virt_to_slab()
...
ab89f51ec71be2 slab: Remove unnecessary test from alloc_debug_processing()
3cace99d63192a (tag: next-20250829,
but we didn't capure WARNING from 3cace99d63192a, but a random issue as below
(dmesg is attached as dmesg-3cace99d63192a.xz)
[ 24.754435][ T1] BUG: kernel NULL pointer dereference, address: 0000000000000020
[ 24.755442][ T1] #PF: supervisor read access in kernel mode
[ 24.755789][ T160] BUG: Bad rss-counter state mm:00000000c2e0242b type:MM_FILEPAGES val:1069571904 Comm:(udev-worker) Pid:160
[ 24.755942][ T1] #PF: error_code(0x0000) - not-present page
[ 24.755945][ T1] PGD 0
[ 24.756972][ T160] BUG: Bad rss-counter state mm:00000000c2e0242b type:MM_ANONPAGES val:-4606 Comm:(udev-worker) Pid:160
[ 24.757459][ T1] P4D 0
[ 24.757463][ T1] Oops: Oops: 0000 [#1] SMP PTI
[ 24.757467][ T1] CPU: 0 UID: 0 PID: 1 Comm: systemd Not tainted 6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary)
[ 24.757472][ T1] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 24.757474][ T1] RIP: 0010:css_rstat_flush+0xec/0x520
[ 24.764270][ T1] Code: 8b 6b 20 49 63 ee 4c 8b 24 ed 90 1d f0 a2 4d 01 e7 eb 03 48 89 0a 4c 89 ff e8 d0 4c 50 00 48 85 c0 74 5e 48 89 00 48 8b 48 08 <48> 8b 51 20 48 8b 04 ed 90 1d f0 a2 48 83 7c 10 08 00 75 d8 48 01
[ 24.766491][ T1] RSP: 0018:ffffce0240013ca0 EFLAGS: 00010082
[ 24.767233][ T1] RAX: ffffee023fc05f40 RBX: ffff896751f31000 RCX: 0000000000000000
[ 24.768215][ T1] RDX: ffffee023fc05f40 RSI: 0000000000000000 RDI: ffff89696fc20cb8
[ 24.769370][ T1] RBP: 0000000000000000 R08: 0000000000001001 R09: 0000000000000006
[ 24.770349][ T1] R10: ffff8969cbc29000 R11: ffffffffa19d8400 R12: ffff8969cbc29000
[ 24.771335][ T1] R13: 0000649873fe0150 R14: 0000000000000000 R15: ffff89696fc20cb8
[ 24.772313][ T1] FS: 00007f3dcc29d940(0000) GS:ffff8969cbc29000(0000) knlGS:0000000000000000
[ 24.773415][ T1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 24.774196][ T1] CR2: 0000000000000020 CR3: 0000000101770000 CR4: 00000000000406f0
[ 24.775178][ T1] Call Trace:
[ 24.777101][ T1] <TASK>
[ 24.777548][ T1] cgroup_base_stat_cputime_show+0x4b/0x2b0
[ 24.778281][ T1] ? __memcg_slab_post_alloc_hook+0x2a2/0x390
[ 24.779028][ T1] ? __kvmalloc_node_noprof+0x4d7/0x680
[ 24.779719][ T1] cpu_stat_show+0x14/0xd0
[ 24.780291][ T1] seq_read_iter+0x19f/0x430
[ 24.784259][ T1] vfs_read+0x26c/0x300
[ 24.784821][ T1] __x64_sys_read+0x70/0xe0
[ 24.785410][ T1] do_syscall_64+0x81/0x8e0
[ 24.785990][ T1] entry_SYSCALL_64_after_hwframe+0x6c/0x74
[ 24.786705][ T1] RIP: 0033:0x7f3dcce031dc
[ 24.787283][ T1] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 d9 d5 f8 ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f d6 f8 ff 48
[ 24.789503][ T1] RSP: 002b:00007ffc86a3f180 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 24.790524][ T1] RAX: ffffffffffffffda RBX: 000055772801e4f0 RCX: 00007f3dcce031dc
[ 24.791512][ T1] RDX: 0000000000001000 RSI: 0000557728153450 RDI: 0000000000000034
[ 24.792484][ T1] RBP: 00007f3dcceda5e0 R08: 0000000000000000 R09: 00007f3dcceddcf0
[ 24.793479][ T1] R10: 0000000000001000 R11: 0000000000000246 R12: 0000557728152c40
[ 24.794464][ T1] R13: 0000000000000d68 R14: 00007f3dcced99e0 R15: 0000000000000d68
[ 24.795636][ T1] </TASK>
[ 24.796087][ T1] Modules linked in: binfmt_misc drm loop fuse dm_mod
[ 24.796953][ T1] CR2: 0000000000000020
[ 24.797505][ T1] ---[ end trace 0000000000000000 ]---
[ 24.798177][ T1] RIP: 0010:css_rstat_flush+0xec/0x520
[ 24.798854][ T1] Code: 8b 6b 20 49 63 ee 4c 8b 24 ed 90 1d f0 a2 4d 01 e7 eb 03 48 89 0a 4c 89 ff e8 d0 4c 50 00 48 85 c0 74 5e 48 89 00 48 8b 48 08 <48> 8b 51 20 48 8b 04 ed 90 1d f0 a2 48 83 7c 10 08 00 75 d8 48 01
[ 24.801069][ T1] RSP: 0018:ffffce0240013ca0 EFLAGS: 00010082
[ 24.801807][ T1] RAX: ffffee023fc05f40 RBX: ffff896751f31000 RCX: 0000000000000000
[ 24.802795][ T1] RDX: ffffee023fc05f40 RSI: 0000000000000000 RDI: ffff89696fc20cb8
[ 24.803781][ T1] RBP: 0000000000000000 R08: 0000000000001001 R09: 0000000000000006
[ 24.804765][ T1] R10: ffff8969cbc29000 R11: ffffffffa19d8400 R12: ffff8969cbc29000
[ 24.805751][ T1] R13: 0000649873fe0150 R14: 0000000000000000 R15: ffff89696fc20cb8
[ 24.806732][ T1] FS: 00007f3dcc29d940(0000) GS:ffff8969cbc29000(0000) knlGS:0000000000000000
[ 24.807812][ T1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 24.808612][ T1] CR2: 0000000000000020 CR3: 0000000101770000 CR4: 00000000000406f0
[ 24.809592][ T1] Kernel panic - not syncing: Fatal exception
[ 24.810451][ T1] Kernel Offset: 0x20600000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
>
> static void free_large_kmalloc(struct folio *folio, void *object)
> {
> unsigned int order = folio_order(folio);
>
> if (WARN_ON_ONCE(!folio_test_large_kmalloc(folio))) {
> dump_page(&folio->page, "Not a kmalloc allocation");
> return;
> }
>
> > The kernel config and materials to reproduce are available at:
> > https://download.01.org/0day-ci/archive/20250902/202509022248.dbe9cc08-lkp@intel.com
>
> I'll give this a try.
>
[-- Attachment #2: dmesg-c5bbf49e67ff44.xz --]
[-- Type: application/x-xz, Size: 14648 bytes --]
[-- Attachment #3: dmesg-3cace99d63192a.xz --]
[-- Type: application/x-xz, Size: 14548 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [willy-pagecache:slab-future] [slab] d7a6fafee0: RIP:__ksize
2025-09-03 13:40 ` Oliver Sang
@ 2025-09-09 18:25 ` Matthew Wilcox
0 siblings, 0 replies; 4+ messages in thread
From: Matthew Wilcox @ 2025-09-09 18:25 UTC (permalink / raw)
To: Oliver Sang; +Cc: oe-lkp, lkp
On Wed, Sep 03, 2025 at 09:40:49PM +0800, Oliver Sang wrote:
> > Hi. Do you have a log for this configuration without this patchset?
> > I believe it should hit this warning:
>
> do you mean the dmesg from parent commit?
> (attach one as dmesg-c5bbf49e67ff44.xz which seems quite clean)
>
> or a dmesg from below commit
>
> 3cace99d63192a (tag: next-20250829,
>
> which seems the base of this branch?
>
> 6259b37f692a4f (willy-pagecache/slab-future) mm: Remove redundant test in validate_page_before_insert()
> 20f8e938ae667d slab: Remove references to folios from virt_to_slab()
> ...
> ab89f51ec71be2 slab: Remove unnecessary test from alloc_debug_processing()
> 3cace99d63192a (tag: next-20250829,
>
>
> but we didn't capure WARNING from 3cace99d63192a, but a random issue as below
> (dmesg is attached as dmesg-3cace99d63192a.xz)
Ah, the bug was not what I thought it was. Thank you for providing the
reproducer; it was very useful.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2025-09-09 18:25 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-09-02 14:35 [willy-pagecache:slab-future] [slab] d7a6fafee0: RIP:__ksize kernel test robot
2025-09-03 11:43 ` Matthew Wilcox
2025-09-03 13:40 ` Oliver Sang
2025-09-09 18:25 ` Matthew Wilcox
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.