From: kernel test robot <oliver.sang@intel.com>
To: Jill Ravaliya <jillravaliya@gmail.com>
Cc: <oe-lkp@lists.linux.dev>, <lkp@intel.com>, <linux-mm@kvack.org>,
<akpm@linux-foundation.org>, <urezki@gmail.com>,
<linux-kernel@vger.kernel.org>,
Jill Ravaliya <jillravaliya@gmail.com>
Subject: Re: [PATCH 2/2] selftests/mm: add test for vrealloc() shrink page freeing
Date: Sat, 23 May 2026 21:34:59 +0800 [thread overview]
Message-ID: <202605231524.731e5313-lkp@intel.com> (raw)
In-Reply-To: <20260507114854.41117-2-jillravaliya@gmail.com>
Hello,
kernel test robot noticed "kernel_BUG_at_mm/vmalloc.c" on:
commit: 7a2723bc6f2ec12f6e8bfccdf20c09b84f721993 ("[PATCH 2/2] selftests/mm: add test for vrealloc() shrink page freeing")
url: https://github.com/intel-lab-lkp/linux/commits/Jill-Ravaliya/selftests-mm-add-test-for-vrealloc-shrink-page-freeing/20260511-181706
base: https://git.kernel.org/cgit/linux/kernel/git/akpm/mm.git mm-everything
patch link: https://lore.kernel.org/all/20260507114854.41117-2-jillravaliya@gmail.com/
patch subject: [PATCH 2/2] selftests/mm: add test for vrealloc() shrink page freeing
in testcase: boot
config: x86_64-kexec
compiler: clang-20
test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 32G
(please refer to attached dmesg/kmsg for entire log/backtrace)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@intel.com>
| Closes: https://lore.kernel.org/oe-lkp/202605231524.731e5313-lkp@intel.com
[ 3.859842][ T1] ------------[ cut here ]------------
[ 3.860491][ T1] kernel BUG at mm/vmalloc.c:488!
[ 3.861026][ T1] Oops: invalid opcode: 0000 [#1] SMP PTI
[ 3.861616][ T1] CPU: 0 UID: 0 PID: 1 Comm: systemd Not tainted 7.1.0-rc1-00283-g7a2723bc6f2e #1 PREEMPT(lazy)
[ 3.862702][ T1] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 3.863724][ T1] RIP: 0010:__vunmap_range_noflush (vmalloc.c:501)
[ 3.864346][ T1] Code: 7c 24 10 48 83 c4 58 5b 41 5c 41 5d 41 5e 41 5f 5d e9 7c 9d d2 ff 48 83 c4 58 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc <0f> 0b 66 66 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00
All code
========
0: 7c 24 jl 0x26
2: 10 48 83 adc %cl,-0x7d(%rax)
5: c4 (bad)
6: 58 pop %rax
7: 5b pop %rbx
8: 41 5c pop %r12
a: 41 5d pop %r13
c: 41 5e pop %r14
e: 41 5f pop %r15
10: 5d pop %rbp
11: e9 7c 9d d2 ff jmp 0xffffffffffd29d92
16: 48 83 c4 58 add $0x58,%rsp
1a: 5b pop %rbx
1b: 41 5c pop %r12
1d: 41 5d pop %r13
1f: 41 5e pop %r14
21: 41 5f pop %r15
23: 5d pop %rbp
24: c3 ret
25: cc int3
26: cc int3
27: cc int3
28: cc int3
29: cc int3
2a:* 0f 0b ud2 <-- trapping instruction
2c: 66 66 66 66 66 66 2e data16 data16 data16 data16 data16 cs nopw 0x0(%rax,%rax,1)
33: 0f 1f 84 00 00 00 00
3a: 00
3b: 0f .byte 0xf
3c: 1f (bad)
3d: 80 00 00 addb $0x0,(%rax)
Code starting with the faulting instruction
===========================================
0: 0f 0b ud2
2: 66 66 66 66 66 66 2e data16 data16 data16 data16 data16 cs nopw 0x0(%rax,%rax,1)
9: 0f 1f 84 00 00 00 00
10: 00
11: 0f .byte 0xf
12: 1f (bad)
13: 80 00 00 addb $0x0,(%rax)
[ 3.866197][ T1] RSP: 0018:ffffc90000013a70 EFLAGS: 00010246
[ 3.866816][ T1] RAX: ffffc90000035990 RBX: ffffc90000035000 RCX: 0000000000000000
[ 3.867632][ T1] RDX: 0000000000000000 RSI: ffffc90000036000 RDI: ffffc90000036000
[ 3.868442][ T1] RBP: 0000000000400dc0 R08: 00000000ffffffff R09: 0000000000000000
[ 3.869260][ T1] R10: ffffc90000035990 R11: ffffffff8215b050 R12: ffffc90000036000
[ 3.870088][ T1] R13: ffffc90000036000 R14: 0000000000000001 R15: ffff88810f5e18a0
[ 3.870907][ T1] FS: 00007f356fcade40(0000) GS:ffff88889c100000(0000) knlGS:0000000000000000
[ 3.871802][ T1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 3.872461][ T1] CR2: 00007f3570966000 CR3: 000000010c872000 CR4: 00000000000406f0
[ 3.873270][ T1] Call Trace:
[ 3.873666][ T1] <TASK>
[ 3.874083][ T1] ? krealloc_node_align_noprof (slub.c:?)
[ 3.874811][ T1] ? find_instance (bpf/liveness.c:66)
[ 3.875300][ T1] vrealloc_node_align_noprof (vmalloc.c:506 vmalloc.c:521 vmalloc.c:4345)
[ 3.875883][ T1] bpf_patch_insn_data (bpf/fixups.c:254)
[ 3.876410][ T1] bpf_convert_ctx_accesses (bpf/fixups.c:974)
[ 3.876975][ T1] bpf_check (bpf/verifier.c:20094)
[ 3.877441][ T1] bpf_prog_load (bpf/syscall.c:3082)
[ 3.877951][ T1] __sys_bpf (bpf/syscall.c:6248)
[ 3.878419][ T1] __x64_sys_bpf (bpf/syscall.c:6361 bpf/syscall.c:6359 bpf/syscall.c:6359)
[ 3.878891][ T1] do_syscall_64 (x86/entry/syscall_64.c:63 x86/entry/syscall_64.c:94)
[ 3.879373][ T1] entry_SYSCALL_64_after_hwframe (x86/entry/entry_64.S:121)
[ 3.879974][ T1] RIP: 0033:0x7f3570834779
[ 3.880451][ T1] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 4f 86 0d 00 f7 d8 64 89 01 48
All code
========
0: ff c3 inc %ebx
2: 66 2e 0f 1f 84 00 00 cs nopw 0x0(%rax,%rax,1)
9: 00 00 00
c: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
11: 48 89 f8 mov %rdi,%rax
14: 48 89 f7 mov %rsi,%rdi
17: 48 89 d6 mov %rdx,%rsi
1a: 48 89 ca mov %rcx,%rdx
1d: 4d 89 c2 mov %r8,%r10
20: 4d 89 c8 mov %r9,%r8
23: 4c 8b 4c 24 08 mov 0x8(%rsp),%r9
28: 0f 05 syscall
2a:* 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax <-- trapping instruction
30: 73 01 jae 0x33
32: c3 ret
33: 48 8b 0d 4f 86 0d 00 mov 0xd864f(%rip),%rcx # 0xd8689
3a: f7 d8 neg %eax
3c: 64 89 01 mov %eax,%fs:(%rcx)
3f: 48 rex.W
Code starting with the faulting instruction
===========================================
0: 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax
6: 73 01 jae 0x9
8: c3 ret
9: 48 8b 0d 4f 86 0d 00 mov 0xd864f(%rip),%rcx # 0xd865f
10: f7 d8 neg %eax
12: 64 89 01 mov %eax,%fs:(%rcx)
15: 48 rex.W
[ 3.882300][ T1] RSP: 002b:00007ffcd8cbbc88 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 3.883149][ T1] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007f3570834779
[ 3.883966][ T1] RDX: 0000000000000094 RSI: 00007ffcd8cbbd10 RDI: 0000000000000005
[ 3.884774][ T1] RBP: 0000000000000013 R08: 00007ffcd8cbbe40 R09: 0000559a2fc27b30
[ 3.885594][ T1] R10: 0000000000000013 R11: 0000000000000246 R12: 0000000000000094
[ 3.886456][ T1] R13: 00007ffcd8cbbd10 R14: 00007ffcd8cbbd10 R15: 0000000000000008
[ 3.887273][ T1] </TASK>
[ 3.887627][ T1] Modules linked in:
[ 3.888071][ T1] ---[ end trace 0000000000000000 ]---
[ 3.888642][ T1] RIP: 0010:__vunmap_range_noflush (vmalloc.c:501)
[ 3.889273][ T1] Code: 7c 24 10 48 83 c4 58 5b 41 5c 41 5d 41 5e 41 5f 5d e9 7c 9d d2 ff 48 83 c4 58 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc <0f> 0b 66 66 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00
All code
========
0: 7c 24 jl 0x26
2: 10 48 83 adc %cl,-0x7d(%rax)
5: c4 (bad)
6: 58 pop %rax
7: 5b pop %rbx
8: 41 5c pop %r12
a: 41 5d pop %r13
c: 41 5e pop %r14
e: 41 5f pop %r15
10: 5d pop %rbp
11: e9 7c 9d d2 ff jmp 0xffffffffffd29d92
16: 48 83 c4 58 add $0x58,%rsp
1a: 5b pop %rbx
1b: 41 5c pop %r12
1d: 41 5d pop %r13
1f: 41 5e pop %r14
21: 41 5f pop %r15
23: 5d pop %rbp
24: c3 ret
25: cc int3
26: cc int3
27: cc int3
28: cc int3
29: cc int3
2a:* 0f 0b ud2 <-- trapping instruction
2c: 66 66 66 66 66 66 2e data16 data16 data16 data16 data16 cs nopw 0x0(%rax,%rax,1)
33: 0f 1f 84 00 00 00 00
3a: 00
3b: 0f .byte 0xf
3c: 1f (bad)
3d: 80 00 00 addb $0x0,(%rax)
Code starting with the faulting instruction
===========================================
0: 0f 0b ud2
2: 66 66 66 66 66 66 2e data16 data16 data16 data16 data16 cs nopw 0x0(%rax,%rax,1)
9: 0f 1f 84 00 00 00 00
10: 00
11: 0f .byte 0xf
12: 1f (bad)
13: 80 00 00 addb $0x0,(%rax)
The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20260523/202605231524.731e5313-lkp@intel.com
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
next prev parent reply other threads:[~2026-05-23 13:35 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-07 11:48 [PATCH 1/2] mm/vmalloc: free unused pages when shrinking vrealloc() allocation Jill Ravaliya
2026-05-07 11:48 ` [PATCH 2/2] selftests/mm: add test for vrealloc() shrink page freeing Jill Ravaliya
2026-05-23 13:34 ` kernel test robot [this message]
2026-05-23 16:20 ` Uladzislau Rezki
2026-05-24 2:53 ` Jill Ravaliya
2026-05-07 17:17 ` [PATCH 1/2] mm/vmalloc: free unused pages when shrinking vrealloc() allocation Uladzislau Rezki
2026-05-07 20:26 ` [syzbot ci] " syzbot ci
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202605231524.731e5313-lkp@intel.com \
--to=oliver.sang@intel.com \
--cc=akpm@linux-foundation.org \
--cc=jillravaliya@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=lkp@intel.com \
--cc=oe-lkp@lists.linux.dev \
--cc=urezki@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.