* [linux-next:master] [mm/hugetlb] 0e1ad0324a: WARNING:at_mm/mmu_gather.c:#tlb_finish_mmu
@ 2025-12-10 14:55 kernel test robot
2025-12-10 15:02 ` Lorenzo Stoakes
0 siblings, 1 reply; 3+ messages in thread
From: kernel test robot @ 2025-12-10 14:55 UTC (permalink / raw)
To: David Hildenbrand
Cc: oe-lkp, lkp, Andrew Morton, suschako, Laurence Oberman,
aneesh.kumar, Arnd Bergmann, Jann Horn, Liam Howlett, Liu Shixin,
Lorenzo Stoakes, Muchun Song, Nadav Amit, Nicholas Piggin,
Oscar Salvador, Peter Zijlstra, Prakash Sangappa, Rik van Riel,
Vlastimil Babka, Will Deacon, Lance Yang, linux-arch, linux-mm,
oliver.sang
Hello,
kernel test robot noticed "WARNING:at_mm/mmu_gather.c:#tlb_finish_mmu" on:
commit: 0e1ad0324aabb5aef3ef409de9a395cda7ee6098 ("mm/hugetlb: fix excessive IPI broadcasts when unsharing PMD tables using mmu_gather")
https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git master
in testcase: boot
config: x86_64-randconfig-004-20251209
compiler: gcc-14
test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 32G
(please refer to attached dmesg/kmsg for entire log/backtrace)
+--------------------------------------------+------------+------------+
| | ef8ae3fc3a | 0e1ad0324a |
+--------------------------------------------+------------+------------+
| WARNING:at_mm/mmu_gather.c:#tlb_finish_mmu | 0 | 12 |
| RIP:tlb_finish_mmu | 0 | 12 |
+--------------------------------------------+------------+------------+
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@intel.com>
| Closes: https://lore.kernel.org/oe-lkp/202512102246.ee3d6d07-lkp@intel.com
[ 5.210750][ T44] ------------[ cut here ]------------
[ 5.211469][ T44] WARNING: CPU: 0 PID: 44 at mm/mmu_gather.c:475 tlb_finish_mmu (mm/mmu_gather.c:475)
[ 5.212311][ T44] Modules linked in:
[ 5.212737][ T44] CPU: 0 UID: 0 PID: 44 Comm: modprobe Tainted: G T 6.18.0-rc5-00395-g0e1ad0324aab #1 PREEMPT
[ 5.214003][ T44] Tainted: [T]=RANDSTRUCT
[ 5.214515][ T44] RIP: 0010:tlb_finish_mmu (mm/mmu_gather.c:475)
[ 5.215083][ T44] Code: 66 89 47 20 e8 90 fb ff ff ff 86 dc 00 00 00 5d c3 0f 1f 84 00 00 00 00 00 55 48 89 e5 41 54 53 48 89 fb f6 47 21 10 74 04 90 <0f> 0b 90 48 8b 03 8b 80 dc 00 00 00 ff c8 7e 10 80 4b 20 01 48 89
All code
========
0: 66 89 47 20 mov %ax,0x20(%rdi)
4: e8 90 fb ff ff call 0xfffffffffffffb99
9: ff 86 dc 00 00 00 incl 0xdc(%rsi)
f: 5d pop %rbp
10: c3 ret
11: 0f 1f 84 00 00 00 00 nopl 0x0(%rax,%rax,1)
18: 00
19: 55 push %rbp
1a: 48 89 e5 mov %rsp,%rbp
1d: 41 54 push %r12
1f: 53 push %rbx
20: 48 89 fb mov %rdi,%rbx
23: f6 47 21 10 testb $0x10,0x21(%rdi)
27: 74 04 je 0x2d
29: 90 nop
2a:* 0f 0b ud2 <-- trapping instruction
2c: 90 nop
2d: 48 8b 03 mov (%rbx),%rax
30: 8b 80 dc 00 00 00 mov 0xdc(%rax),%eax
36: ff c8 dec %eax
38: 7e 10 jle 0x4a
3a: 80 4b 20 01 orb $0x1,0x20(%rbx)
3e: 48 rex.W
3f: 89 .byte 0x89
Code starting with the faulting instruction
===========================================
0: 0f 0b ud2
2: 90 nop
3: 48 8b 03 mov (%rbx),%rax
6: 8b 80 dc 00 00 00 mov 0xdc(%rax),%eax
c: ff c8 dec %eax
e: 7e 10 jle 0x20
10: 80 4b 20 01 orb $0x1,0x20(%rbx)
14: 48 rex.W
15: 89 .byte 0x89
[ 5.217110][ T44] RSP: 0000:ffff888103fc7c28 EFLAGS: 00010202
[ 5.217747][ T44] RAX: 0000000000000000 RBX: ffff888103fc7cc8 RCX: ffff888103fc7c68
[ 5.218585][ T44] RDX: ffff888102b85000 RSI: ffff888103fc7cc8 RDI: ffff888103fc7cc8
[ 5.219466][ T44] RBP: ffff888103fc7c38 R08: 00007fffffffe000 R09: 00007ffffffff000
[ 5.220295][ T44] R10: 0000000094692512 R11: ffff888101b54948 R12: 00007ffeaa1ad000
[ 5.221108][ T44] R13: 0000000000000000 R14: ffff888103f70a00 R15: ffff888102b85000
[ 5.221923][ T44] FS: 0000000000000000(0000) GS:0000000000000000(0000) knlGS:0000000000000000
[ 5.222854][ T44] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 5.223545][ T44] CR2: ffff88883ffff000 CR3: 000000010172b000 CR4: 00000000000406b0
[ 5.224429][ T44] Call Trace:
[ 5.224782][ T44] <TASK>
[ 5.225096][ T44] setup_arg_pages (fs/exec.c:674)
[ 5.225621][ T44] load_elf_binary (fs/binfmt_elf.c:1028 (discriminator 1))
[ 5.226127][ T44] ? exec_binprm (fs/exec.c:1670 fs/exec.c:1702)
[ 5.226612][ T44] ? __lock_release+0x4e/0x120
[ 5.227188][ T44] ? exec_binprm (fs/exec.c:1670 fs/exec.c:1702)
[ 5.227678][ T44] ? __this_cpu_preempt_check (lib/smp_processor_id.c:65)
[ 5.228270][ T44] exec_binprm (fs/exec.c:1672 fs/exec.c:1702)
[ 5.228746][ T44] bprm_execve (fs/exec.c:1754)
[ 5.229212][ T44] kernel_execve (fs/exec.c:1922)
[ 5.229754][ T44] call_usermodehelper_exec_async (kernel/umh.c:109)
[ 5.230368][ T44] ? umh_complete (kernel/umh.c:64)
[ 5.230867][ T44] ret_from_fork (arch/x86/kernel/process.c:164)
[ 5.231341][ T44] ? umh_complete (kernel/umh.c:64)
[ 5.231813][ T44] ret_from_fork_asm (arch/x86/entry/entry_64.S:258)
[ 5.232321][ T44] </TASK>
[ 5.232643][ T44] irq event stamp: 469
[ 5.233065][ T44] hardirqs last enabled at (477): __up_console_sem (arch/x86/include/asm/irqflags.h:26 arch/x86/include/asm/irqflags.h:109 arch/x86/include/asm/irqflags.h:151 kernel/printk/printk.c:345)
[ 5.234028][ T44] hardirqs last disabled at (484): __up_console_sem (kernel/printk/printk.c:343 (discriminator 3))
[ 5.235062][ T44] softirqs last enabled at (504): handle_softirqs (kernel/softirq.c:469 (discriminator 2) kernel/softirq.c:650 (discriminator 2))
[ 5.236041][ T44] softirqs last disabled at (493): __do_softirq (kernel/softirq.c:657)
[ 5.236959][ T44] ---[ end trace 0000000000000000 ]---
The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20251210/202512102246.ee3d6d07-lkp@intel.com
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [linux-next:master] [mm/hugetlb] 0e1ad0324a: WARNING:at_mm/mmu_gather.c:#tlb_finish_mmu
2025-12-10 14:55 [linux-next:master] [mm/hugetlb] 0e1ad0324a: WARNING:at_mm/mmu_gather.c:#tlb_finish_mmu kernel test robot
@ 2025-12-10 15:02 ` Lorenzo Stoakes
2025-12-11 0:55 ` David Hildenbrand (Red Hat)
0 siblings, 1 reply; 3+ messages in thread
From: Lorenzo Stoakes @ 2025-12-10 15:02 UTC (permalink / raw)
To: kernel test robot
Cc: David Hildenbrand, oe-lkp, lkp, Andrew Morton, suschako,
Laurence Oberman, aneesh.kumar, Arnd Bergmann, Jann Horn,
Liam Howlett, Liu Shixin, Muchun Song, Nadav Amit,
Nicholas Piggin, Oscar Salvador, Peter Zijlstra, Prakash Sangappa,
Rik van Riel, Vlastimil Babka, Will Deacon, Lance Yang,
linux-arch, linux-mm
On Wed, Dec 10, 2025 at 10:55:40PM +0800, kernel test robot wrote:
>
>
> Hello,
>
> kernel test robot noticed "WARNING:at_mm/mmu_gather.c:#tlb_finish_mmu" on:
>
> commit: 0e1ad0324aabb5aef3ef409de9a395cda7ee6098 ("mm/hugetlb: fix excessive IPI broadcasts when unsharing PMD tables using mmu_gather")
> https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git master
This is the:
VM_WARN_ON_ONCE(tlb->fully_unshared_tables);
test case, so is likely the issue that Nadav raised where this isn't being
initialised properly so is just spuriously firing off.
Cheers, Lorenzo
>
> in testcase: boot
>
> config: x86_64-randconfig-004-20251209
> compiler: gcc-14
> test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 32G
>
> (please refer to attached dmesg/kmsg for entire log/backtrace)
>
>
> +--------------------------------------------+------------+------------+
> | | ef8ae3fc3a | 0e1ad0324a |
> +--------------------------------------------+------------+------------+
> | WARNING:at_mm/mmu_gather.c:#tlb_finish_mmu | 0 | 12 |
> | RIP:tlb_finish_mmu | 0 | 12 |
> +--------------------------------------------+------------+------------+
>
>
> If you fix the issue in a separate patch/commit (i.e. not just a new version of
> the same patch/commit), kindly add following tags
> | Reported-by: kernel test robot <oliver.sang@intel.com>
> | Closes: https://lore.kernel.org/oe-lkp/202512102246.ee3d6d07-lkp@intel.com
>
>
> [ 5.210750][ T44] ------------[ cut here ]------------
> [ 5.211469][ T44] WARNING: CPU: 0 PID: 44 at mm/mmu_gather.c:475 tlb_finish_mmu (mm/mmu_gather.c:475)
> [ 5.212311][ T44] Modules linked in:
> [ 5.212737][ T44] CPU: 0 UID: 0 PID: 44 Comm: modprobe Tainted: G T 6.18.0-rc5-00395-g0e1ad0324aab #1 PREEMPT
> [ 5.214003][ T44] Tainted: [T]=RANDSTRUCT
> [ 5.214515][ T44] RIP: 0010:tlb_finish_mmu (mm/mmu_gather.c:475)
> [ 5.215083][ T44] Code: 66 89 47 20 e8 90 fb ff ff ff 86 dc 00 00 00 5d c3 0f 1f 84 00 00 00 00 00 55 48 89 e5 41 54 53 48 89 fb f6 47 21 10 74 04 90 <0f> 0b 90 48 8b 03 8b 80 dc 00 00 00 ff c8 7e 10 80 4b 20 01 48 89
> All code
> ========
> 0: 66 89 47 20 mov %ax,0x20(%rdi)
> 4: e8 90 fb ff ff call 0xfffffffffffffb99
> 9: ff 86 dc 00 00 00 incl 0xdc(%rsi)
> f: 5d pop %rbp
> 10: c3 ret
> 11: 0f 1f 84 00 00 00 00 nopl 0x0(%rax,%rax,1)
> 18: 00
> 19: 55 push %rbp
> 1a: 48 89 e5 mov %rsp,%rbp
> 1d: 41 54 push %r12
> 1f: 53 push %rbx
> 20: 48 89 fb mov %rdi,%rbx
> 23: f6 47 21 10 testb $0x10,0x21(%rdi)
> 27: 74 04 je 0x2d
> 29: 90 nop
> 2a:* 0f 0b ud2 <-- trapping instruction
> 2c: 90 nop
> 2d: 48 8b 03 mov (%rbx),%rax
> 30: 8b 80 dc 00 00 00 mov 0xdc(%rax),%eax
> 36: ff c8 dec %eax
> 38: 7e 10 jle 0x4a
> 3a: 80 4b 20 01 orb $0x1,0x20(%rbx)
> 3e: 48 rex.W
> 3f: 89 .byte 0x89
>
> Code starting with the faulting instruction
> ===========================================
> 0: 0f 0b ud2
> 2: 90 nop
> 3: 48 8b 03 mov (%rbx),%rax
> 6: 8b 80 dc 00 00 00 mov 0xdc(%rax),%eax
> c: ff c8 dec %eax
> e: 7e 10 jle 0x20
> 10: 80 4b 20 01 orb $0x1,0x20(%rbx)
> 14: 48 rex.W
> 15: 89 .byte 0x89
> [ 5.217110][ T44] RSP: 0000:ffff888103fc7c28 EFLAGS: 00010202
> [ 5.217747][ T44] RAX: 0000000000000000 RBX: ffff888103fc7cc8 RCX: ffff888103fc7c68
> [ 5.218585][ T44] RDX: ffff888102b85000 RSI: ffff888103fc7cc8 RDI: ffff888103fc7cc8
> [ 5.219466][ T44] RBP: ffff888103fc7c38 R08: 00007fffffffe000 R09: 00007ffffffff000
> [ 5.220295][ T44] R10: 0000000094692512 R11: ffff888101b54948 R12: 00007ffeaa1ad000
> [ 5.221108][ T44] R13: 0000000000000000 R14: ffff888103f70a00 R15: ffff888102b85000
> [ 5.221923][ T44] FS: 0000000000000000(0000) GS:0000000000000000(0000) knlGS:0000000000000000
> [ 5.222854][ T44] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 5.223545][ T44] CR2: ffff88883ffff000 CR3: 000000010172b000 CR4: 00000000000406b0
> [ 5.224429][ T44] Call Trace:
> [ 5.224782][ T44] <TASK>
> [ 5.225096][ T44] setup_arg_pages (fs/exec.c:674)
> [ 5.225621][ T44] load_elf_binary (fs/binfmt_elf.c:1028 (discriminator 1))
> [ 5.226127][ T44] ? exec_binprm (fs/exec.c:1670 fs/exec.c:1702)
> [ 5.226612][ T44] ? __lock_release+0x4e/0x120
> [ 5.227188][ T44] ? exec_binprm (fs/exec.c:1670 fs/exec.c:1702)
> [ 5.227678][ T44] ? __this_cpu_preempt_check (lib/smp_processor_id.c:65)
> [ 5.228270][ T44] exec_binprm (fs/exec.c:1672 fs/exec.c:1702)
> [ 5.228746][ T44] bprm_execve (fs/exec.c:1754)
> [ 5.229212][ T44] kernel_execve (fs/exec.c:1922)
> [ 5.229754][ T44] call_usermodehelper_exec_async (kernel/umh.c:109)
> [ 5.230368][ T44] ? umh_complete (kernel/umh.c:64)
> [ 5.230867][ T44] ret_from_fork (arch/x86/kernel/process.c:164)
> [ 5.231341][ T44] ? umh_complete (kernel/umh.c:64)
> [ 5.231813][ T44] ret_from_fork_asm (arch/x86/entry/entry_64.S:258)
> [ 5.232321][ T44] </TASK>
> [ 5.232643][ T44] irq event stamp: 469
> [ 5.233065][ T44] hardirqs last enabled at (477): __up_console_sem (arch/x86/include/asm/irqflags.h:26 arch/x86/include/asm/irqflags.h:109 arch/x86/include/asm/irqflags.h:151 kernel/printk/printk.c:345)
> [ 5.234028][ T44] hardirqs last disabled at (484): __up_console_sem (kernel/printk/printk.c:343 (discriminator 3))
> [ 5.235062][ T44] softirqs last enabled at (504): handle_softirqs (kernel/softirq.c:469 (discriminator 2) kernel/softirq.c:650 (discriminator 2))
> [ 5.236041][ T44] softirqs last disabled at (493): __do_softirq (kernel/softirq.c:657)
> [ 5.236959][ T44] ---[ end trace 0000000000000000 ]---
>
>
> The kernel config and materials to reproduce are available at:
> https://download.01.org/0day-ci/archive/20251210/202512102246.ee3d6d07-lkp@intel.com
>
>
>
> --
> 0-DAY CI Kernel Test Service
> https://github.com/intel/lkp-tests/wiki
>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [linux-next:master] [mm/hugetlb] 0e1ad0324a: WARNING:at_mm/mmu_gather.c:#tlb_finish_mmu
2025-12-10 15:02 ` Lorenzo Stoakes
@ 2025-12-11 0:55 ` David Hildenbrand (Red Hat)
0 siblings, 0 replies; 3+ messages in thread
From: David Hildenbrand (Red Hat) @ 2025-12-11 0:55 UTC (permalink / raw)
To: Lorenzo Stoakes, kernel test robot
Cc: oe-lkp, lkp, Andrew Morton, suschako, Laurence Oberman,
aneesh.kumar, Arnd Bergmann, Jann Horn, Liam Howlett, Liu Shixin,
Muchun Song, Nadav Amit, Nicholas Piggin, Oscar Salvador,
Peter Zijlstra, Prakash Sangappa, Rik van Riel, Vlastimil Babka,
Will Deacon, Lance Yang, linux-arch, linux-mm
On 12/10/25 16:02, Lorenzo Stoakes wrote:
> On Wed, Dec 10, 2025 at 10:55:40PM +0800, kernel test robot wrote:
>>
>>
>> Hello,
>>
>> kernel test robot noticed "WARNING:at_mm/mmu_gather.c:#tlb_finish_mmu" on:
>>
>> commit: 0e1ad0324aabb5aef3ef409de9a395cda7ee6098 ("mm/hugetlb: fix excessive IPI broadcasts when unsharing PMD tables using mmu_gather")
>> https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git master
>
> This is the:
>
> VM_WARN_ON_ONCE(tlb->fully_unshared_tables);
>
> test case, so is likely the issue that Nadav raised where this isn't being
> initialised properly so is just spuriously firing off.
>
Yes, I assume so. Surprised that this series is in -next already, so I
didn't send a fixup out yet.
Let me try doing that later today.
--
Cheers
David
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2025-12-11 0:55 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-12-10 14:55 [linux-next:master] [mm/hugetlb] 0e1ad0324a: WARNING:at_mm/mmu_gather.c:#tlb_finish_mmu kernel test robot
2025-12-10 15:02 ` Lorenzo Stoakes
2025-12-11 0:55 ` David Hildenbrand (Red Hat)
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).