Re: [linus:master] [mm, slub] 0af8489b02: kernel_BUG_at_include/linux/mm.h

From: Hyeonggon Yoo
Date: Fri Jan 06 2023 - 12:28:39 EST


On Sat, Dec 31, 2022 at 11:26:25PM +0800, kernel test robot wrote:
>
> Greeting,
>
> FYI, we noticed kernel_BUG_at_include/linux/mm.h due to commit (built with gcc-11):
>
> commit: 0af8489b0216fa1dd83e264bef8063f2632633d7 ("mm, slub: remove percpu slabs with CONFIG_SLUB_TINY")
> https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git master
>
> [test failed on linux-next/master c76083fac3bae1a87ae3d005b5cb1cbc761e31d5]
>
> in testcase: rcutorture
> version:
> with following parameters:
>
> runtime: 300s
> test: default
> torture_type: tasks-tracing
>
> test-description: rcutorture is rcutorture kernel module load/unload test.
> test-url: https://www.kernel.org/doc/Documentation/RCU/torture.txt
>
>
> on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
>
> caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
>
>
> If you fix the issue, kindly add following tag
> | Reported-by: kernel test robot <oliver.sang@xxxxxxxxx>
> | Link: https://lore.kernel.org/oe-lkp/202212312021.bc1efe86-oliver.sang@xxxxxxxxx

Adding list_debug oops on same commit and config,
and to me it seems to be related with the reported issue.

Looks like something is corrupting struct pages that are in pcp list...

[ 9.271595][ T271] list_del corruption. next->prev should be ee3aac04, but was 22000001. (next=ee3aabb1)
[ 9.271943][ T271] ------------[ cut here ]------------
[ 9.272117][ T271] kernel BUG at lib/list_debug.c:62!
[ 9.272296][ T271] invalid opcode: 0000 [#1] SMP DEBUG_PAGEALLOC
[ 9.272498][ T271] CPU: 1 PID: 271 Comm: systemd-udevd Tainted: G S 6.1.0-rc2-00010-g0af8489b0216 #2144 30f8917077604b53250250d749a1d46e4be1d31a
[ 9.272961][ T271] EIP: __list_del_entry_valid.cold+0x7a/0x1c4
[ 9.273162][ T271] Code: 0c 89 5c 24 04 89 44 24 08 c7 04 24 2c 33 32 c4 83 15 a4 6a e5 c5 00 e8 0c 02 f9 ff 83 05 a8 6a e5 c5 01 83 15 ac 6a e5 c5 00 <0f> 0b 83 05 b0 6a e5 c5 01 b8 bc 1f b5 c4 83 15 b4 6a e5 c5 00 e8
[ 9.273783][ T271] EAX: 00000055 EBX: ee3aac04 ECX: f6ff05c0 EDX: 00000001
[ 9.274007][ T271] ESI: f6ff4560 EDI: ee3aac00 EBP: c8dd3be0 ESP: c8dd3bcc
[ 9.274234][ T271] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 EFLAGS: 00010046
[ 9.274476][ T271] CR0: 80050033 CR2: bfa85bf0 CR3: 08a0e000 CR4: 00040690
[ 9.274707][ T271] Call Trace:
[ 9.274816][ T271] __rmqueue_pcplist+0x5d/0x1c0
[ 9.274972][ T271] rmqueue_pcplist.constprop.0+0xc7/0x240
[ 9.275153][ T271] rmqueue.isra.0+0x57f/0xc60
[ 9.275305][ T271] ? zone_watermark_fast+0x118/0x230
[ 9.275479][ T271] get_page_from_freelist+0xe7/0x310
[ 9.275651][ T271] __alloc_pages+0xdd/0x360
[ 9.275799][ T271] alloc_slab_page+0x12d/0x200
[ 9.275952][ T271] allocate_slab+0x6a/0x350
[ 9.276098][ T271] new_slab+0x48/0xc0
[ 9.276228][ T271] __slab_alloc_node.constprop.0+0xf3/0x260
[ 9.276416][ T271] __kmem_cache_alloc_node+0x75/0x490
[ 9.276591][ T271] ? lock_is_held_type+0x80/0xf0
[ 9.276753][ T271] __kmalloc_node+0x7a/0x170
[ 9.276902][ T271] ? kvmalloc_node+0x42/0x1e0
[ 9.277053][ T271] ? seq_read_iter+0x55/0x770
[ 9.277205][ T271] ? kvmalloc_node+0x42/0x1e0
[ 9.277355][ T271] kvmalloc_node+0x42/0x1e0
[ 9.277503][ T271] seq_read_iter+0x359/0x770
[ 9.277653][ T271] proc_reg_read_iter+0xab/0x140
[ 9.277813][ T271] vfs_read+0x294/0x3c0
[ 9.277947][ T271] ksys_read+0x82/0x1c0
[ 9.278077][ T271] __ia32_sys_read+0x1e/0x30
[ 9.278227][ T271] __do_fast_syscall_32+0x72/0xd0
[ 9.278388][ T271] ? __do_fast_syscall_32+0x7c/0xd0
[ 9.278557][ T271] ? lockdep_hardirqs_on_prepare+0x242/0x400
[ 9.278759][ T271] ? syscall_exit_to_user_mode+0x5f/0x90
[ 9.278940][ T271] ? __do_fast_syscall_32+0x7c/0xd0
[ 9.279106][ T271] ? syscall_exit_to_user_mode+0x5f/0x90
[ 9.279285][ T271] ? __do_fast_syscall_32+0x7c/0xd0
[ 9.279453][ T271] ? __do_fast_syscall_32+0x7c/0xd0
[ 9.279621][ T271] ? irqentry_exit_to_user_mode+0x23/0x30
[ 9.279806][ T271] do_fast_syscall_32+0x32/0x70
[ 9.279960][ T271] do_SYSENTER_32+0x15/0x20
[ 9.280107][ T271] entry_SYSENTER_32+0xa2/0xfb
[ 9.280262][ T271] EIP: 0xb7f31549
[ 9.280379][ T271] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d 76 00 58 b8 77 00 00 00 cd 80 90 8d 76
[ 9.280996][ T271] EAX: ffffffda EBX: 00000007 ECX: 004dd3d0 EDX: 00000400
[ 9.281223][ T271] ESI: 004cfa90 EDI: b7e3a960 EBP: bfa86888 ESP: bfa86838