From: kernel test robot <oliver.sang@intel.com>
To: "Matthew Wilcox (Oracle)" <willy@infradead.org>
Cc: <oe-lkp@lists.linux.dev>, <lkp@intel.com>, <linux-mm@kvack.org>,
<linux-kernel@vger.kernel.org>,
<linux-trace-kernel@vger.kernel.org>, <ltp@lists.linux.it>,
Andrew Morton <akpm@linux-foundation.org>,
"Matthew Wilcox (Oracle)" <willy@infradead.org>,
David Hildenbrand <david@redhat.com>,
Vlastimil Babka <vbabka@suse.cz>,
Miaohe Lin <linmiaohe@huawei.com>,
"Muchun Song" <muchun.song@linux.dev>,
Oscar Salvador <osalvador@suse.de>, <oliver.sang@intel.com>
Subject: Re: [PATCH 7/9] mm: Free up PG_slab
Date: Sun, 31 Mar 2024 23:11:10 +0800 [thread overview]
Message-ID: <202403312344.c0d273ab-oliver.sang@intel.com> (raw)
In-Reply-To: <20240321142448.1645400-8-willy@infradead.org>
Hello,
kernel test robot noticed "UBSAN:shift-out-of-bounds_in_fs/proc/page.c" on:
commit: 30e5296811312a13938b83956a55839ac1e3aa40 ("[PATCH 7/9] mm: Free up PG_slab")
url: https://github.com/intel-lab-lkp/linux/commits/Matthew-Wilcox-Oracle/mm-Always-initialise-folio-_deferred_list/20240321-222800
base: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git 23956900041d968f9ad0f30db6dede4daccd7aa9
patch link: https://lore.kernel.org/all/20240321142448.1645400-8-willy@infradead.org/
patch subject: [PATCH 7/9] mm: Free up PG_slab
in testcase: ltp
version: ltp-x86_64-14c1f76-1_20240323
with following parameters:
disk: 1HDD
fs: ext4
test: fs-00
compiler: gcc-12
test machine: 4 threads 1 sockets Intel(R) Core(TM) i3-3220 CPU @ 3.30GHz (Ivy Bridge) with 8G memory
(please refer to attached dmesg/kmsg for entire log/backtrace)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@intel.com>
| Closes: https://lore.kernel.org/oe-lkp/202403312344.c0d273ab-oliver.sang@intel.com
kern :warn : [ 528.627387] ------------[ cut here ]------------
kern :err : [ 528.627589] UBSAN: shift-out-of-bounds in fs/proc/page.c:107:18
kern :err : [ 528.627884] shift exponent 4096 is too large for 64-bit type 'long long unsigned int'
kern :warn : [ 528.628200] CPU: 0 PID: 4703 Comm: proc01 Tainted: G S 6.8.0-11774-g30e529681131 #1
kern :warn : [ 528.628446] Hardware name: Hewlett-Packard p6-1451cx/2ADA, BIOS 8.15 02/05/2013
kern :warn : [ 528.628659] Call Trace:
kern :warn : [ 528.628814] <TASK>
kern :warn : [ 528.628960] dump_stack_lvl (lib/dump_stack.c:117 (discriminator 1))
kern :warn : [ 528.629134] __ubsan_handle_shift_out_of_bounds (lib/ubsan.c:218 lib/ubsan.c:454)
kern :warn : [ 528.629360] stable_page_flags.part.0.cold (include/linux/page-flags.h:284 fs/proc/page.c:184)
kern :warn : [ 528.629506] kpageflags_read (fs/proc/page.c:238 fs/proc/page.c:250)
kern :warn : [ 528.629623] vfs_read (fs/read_write.c:474)
kern :warn : [ 528.629737] ? do_sys_openat2 (fs/open.c:1415)
kern :warn : [ 528.629898] ? kmem_cache_free (mm/slub.c:4280 mm/slub.c:4344)
kern :warn : [ 528.630063] ? __pfx_vfs_read (fs/read_write.c:457)
kern :warn : [ 528.630225] ? do_sys_openat2 (fs/open.c:1415)
kern :warn : [ 528.630388] ? __pfx_do_sys_openat2 (fs/open.c:1392)
kern :warn : [ 528.630552] ? __do_sys_newfstatat (fs/stat.c:464)
kern :warn : [ 528.630717] ? __fget_light (include/linux/atomic/atomic-arch-fallback.h:479 include/linux/atomic/atomic-instrumented.h:50 fs/file.c:1145)
kern :warn : [ 528.630888] ksys_read (fs/read_write.c:619)
kern :warn : [ 528.631051] ? __pfx_ksys_read (fs/read_write.c:609)
kern :warn : [ 528.631216] ? kmem_cache_free (mm/slub.c:4280 mm/slub.c:4344)
kern :warn : [ 528.631415] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83)
kern :warn : [ 528.631555] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:129)
kern :warn : [ 528.631756] RIP: 0033:0x7f90bf2ba19d
kern :warn : [ 528.631913] Code: 31 c0 e9 c6 fe ff ff 50 48 8d 3d 66 54 0a 00 e8 49 ff 01 00 66 0f 1f 84 00 00 00 00 00 80 3d 41 24 0e 00 00 74 17 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 5b c3 66 2e 0f 1f 84 00 00 00 00 00 48 83 ec
All code
========
0: 31 c0 xor %eax,%eax
2: e9 c6 fe ff ff jmpq 0xfffffffffffffecd
7: 50 push %rax
8: 48 8d 3d 66 54 0a 00 lea 0xa5466(%rip),%rdi # 0xa5475
f: e8 49 ff 01 00 callq 0x1ff5d
14: 66 0f 1f 84 00 00 00 nopw 0x0(%rax,%rax,1)
1b: 00 00
1d: 80 3d 41 24 0e 00 00 cmpb $0x0,0xe2441(%rip) # 0xe2465
24: 74 17 je 0x3d
26: 31 c0 xor %eax,%eax
28: 0f 05 syscall
2a:* 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax <-- trapping instruction
30: 77 5b ja 0x8d
32: c3 retq
33: 66 2e 0f 1f 84 00 00 nopw %cs:0x0(%rax,%rax,1)
3a: 00 00 00
3d: 48 rex.W
3e: 83 .byte 0x83
3f: ec in (%dx),%al
Code starting with the faulting instruction
===========================================
0: 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax
6: 77 5b ja 0x63
8: c3 retq
9: 66 2e 0f 1f 84 00 00 nopw %cs:0x0(%rax,%rax,1)
10: 00 00 00
13: 48 rex.W
14: 83 .byte 0x83
15: ec in (%dx),%al
kern :warn : [ 528.632309] RSP: 002b:00007ffe2eb3c008 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
kern :warn : [ 528.632540] RAX: ffffffffffffffda RBX: 00007ffe2eb3d1b0 RCX: 00007f90bf2ba19d
kern :warn : [ 528.632757] RDX: 0000000000000400 RSI: 000055e284e68c40 RDI: 0000000000000005
kern :warn : [ 528.632960] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000073
kern :warn : [ 528.633156] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
kern :warn : [ 528.633399] R13: 000055e284e68c40 R14: 000055e2a975f8cb R15: 00007ffe2eb3d1b0
kern :warn : [ 528.633645] </TASK>
kern :warn : [ 528.633813] ---[ end trace ]---
The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20240331/202403312344.c0d273ab-oliver.sang@intel.com
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
WARNING: multiple messages have this Message-ID (diff)
From: kernel test robot <oliver.sang@intel.com>
To: "Matthew Wilcox (Oracle)" <willy@infradead.org>
Cc: Miaohe Lin <linmiaohe@huawei.com>,
lkp@intel.com, David Hildenbrand <david@redhat.com>,
Muchun Song <muchun.song@linux.dev>,
linux-kernel@vger.kernel.org,
"Matthew Wilcox \(Oracle\)" <willy@infradead.org>,
linux-mm@kvack.org, oliver.sang@intel.com,
Vlastimil Babka <vbabka@suse.cz>,
oe-lkp@lists.linux.dev, Andrew Morton <akpm@linux-foundation.org>,
Oscar Salvador <osalvador@suse.de>,
ltp@lists.linux.it, linux-trace-kernel@vger.kernel.org
Subject: Re: [LTP] [PATCH 7/9] mm: Free up PG_slab
Date: Sun, 31 Mar 2024 23:11:10 +0800 [thread overview]
Message-ID: <202403312344.c0d273ab-oliver.sang@intel.com> (raw)
In-Reply-To: <20240321142448.1645400-8-willy@infradead.org>
Hello,
kernel test robot noticed "UBSAN:shift-out-of-bounds_in_fs/proc/page.c" on:
commit: 30e5296811312a13938b83956a55839ac1e3aa40 ("[PATCH 7/9] mm: Free up PG_slab")
url: https://github.com/intel-lab-lkp/linux/commits/Matthew-Wilcox-Oracle/mm-Always-initialise-folio-_deferred_list/20240321-222800
base: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git 23956900041d968f9ad0f30db6dede4daccd7aa9
patch link: https://lore.kernel.org/all/20240321142448.1645400-8-willy@infradead.org/
patch subject: [PATCH 7/9] mm: Free up PG_slab
in testcase: ltp
version: ltp-x86_64-14c1f76-1_20240323
with following parameters:
disk: 1HDD
fs: ext4
test: fs-00
compiler: gcc-12
test machine: 4 threads 1 sockets Intel(R) Core(TM) i3-3220 CPU @ 3.30GHz (Ivy Bridge) with 8G memory
(please refer to attached dmesg/kmsg for entire log/backtrace)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@intel.com>
| Closes: https://lore.kernel.org/oe-lkp/202403312344.c0d273ab-oliver.sang@intel.com
kern :warn : [ 528.627387] ------------[ cut here ]------------
kern :err : [ 528.627589] UBSAN: shift-out-of-bounds in fs/proc/page.c:107:18
kern :err : [ 528.627884] shift exponent 4096 is too large for 64-bit type 'long long unsigned int'
kern :warn : [ 528.628200] CPU: 0 PID: 4703 Comm: proc01 Tainted: G S 6.8.0-11774-g30e529681131 #1
kern :warn : [ 528.628446] Hardware name: Hewlett-Packard p6-1451cx/2ADA, BIOS 8.15 02/05/2013
kern :warn : [ 528.628659] Call Trace:
kern :warn : [ 528.628814] <TASK>
kern :warn : [ 528.628960] dump_stack_lvl (lib/dump_stack.c:117 (discriminator 1))
kern :warn : [ 528.629134] __ubsan_handle_shift_out_of_bounds (lib/ubsan.c:218 lib/ubsan.c:454)
kern :warn : [ 528.629360] stable_page_flags.part.0.cold (include/linux/page-flags.h:284 fs/proc/page.c:184)
kern :warn : [ 528.629506] kpageflags_read (fs/proc/page.c:238 fs/proc/page.c:250)
kern :warn : [ 528.629623] vfs_read (fs/read_write.c:474)
kern :warn : [ 528.629737] ? do_sys_openat2 (fs/open.c:1415)
kern :warn : [ 528.629898] ? kmem_cache_free (mm/slub.c:4280 mm/slub.c:4344)
kern :warn : [ 528.630063] ? __pfx_vfs_read (fs/read_write.c:457)
kern :warn : [ 528.630225] ? do_sys_openat2 (fs/open.c:1415)
kern :warn : [ 528.630388] ? __pfx_do_sys_openat2 (fs/open.c:1392)
kern :warn : [ 528.630552] ? __do_sys_newfstatat (fs/stat.c:464)
kern :warn : [ 528.630717] ? __fget_light (include/linux/atomic/atomic-arch-fallback.h:479 include/linux/atomic/atomic-instrumented.h:50 fs/file.c:1145)
kern :warn : [ 528.630888] ksys_read (fs/read_write.c:619)
kern :warn : [ 528.631051] ? __pfx_ksys_read (fs/read_write.c:609)
kern :warn : [ 528.631216] ? kmem_cache_free (mm/slub.c:4280 mm/slub.c:4344)
kern :warn : [ 528.631415] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83)
kern :warn : [ 528.631555] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:129)
kern :warn : [ 528.631756] RIP: 0033:0x7f90bf2ba19d
kern :warn : [ 528.631913] Code: 31 c0 e9 c6 fe ff ff 50 48 8d 3d 66 54 0a 00 e8 49 ff 01 00 66 0f 1f 84 00 00 00 00 00 80 3d 41 24 0e 00 00 74 17 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 5b c3 66 2e 0f 1f 84 00 00 00 00 00 48 83 ec
All code
========
0: 31 c0 xor %eax,%eax
2: e9 c6 fe ff ff jmpq 0xfffffffffffffecd
7: 50 push %rax
8: 48 8d 3d 66 54 0a 00 lea 0xa5466(%rip),%rdi # 0xa5475
f: e8 49 ff 01 00 callq 0x1ff5d
14: 66 0f 1f 84 00 00 00 nopw 0x0(%rax,%rax,1)
1b: 00 00
1d: 80 3d 41 24 0e 00 00 cmpb $0x0,0xe2441(%rip) # 0xe2465
24: 74 17 je 0x3d
26: 31 c0 xor %eax,%eax
28: 0f 05 syscall
2a:* 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax <-- trapping instruction
30: 77 5b ja 0x8d
32: c3 retq
33: 66 2e 0f 1f 84 00 00 nopw %cs:0x0(%rax,%rax,1)
3a: 00 00 00
3d: 48 rex.W
3e: 83 .byte 0x83
3f: ec in (%dx),%al
Code starting with the faulting instruction
===========================================
0: 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax
6: 77 5b ja 0x63
8: c3 retq
9: 66 2e 0f 1f 84 00 00 nopw %cs:0x0(%rax,%rax,1)
10: 00 00 00
13: 48 rex.W
14: 83 .byte 0x83
15: ec in (%dx),%al
kern :warn : [ 528.632309] RSP: 002b:00007ffe2eb3c008 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
kern :warn : [ 528.632540] RAX: ffffffffffffffda RBX: 00007ffe2eb3d1b0 RCX: 00007f90bf2ba19d
kern :warn : [ 528.632757] RDX: 0000000000000400 RSI: 000055e284e68c40 RDI: 0000000000000005
kern :warn : [ 528.632960] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000073
kern :warn : [ 528.633156] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
kern :warn : [ 528.633399] R13: 000055e284e68c40 R14: 000055e2a975f8cb R15: 00007ffe2eb3d1b0
kern :warn : [ 528.633645] </TASK>
kern :warn : [ 528.633813] ---[ end trace ]---
The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20240331/202403312344.c0d273ab-oliver.sang@intel.com
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
--
Mailing list info: https://lists.linux.it/listinfo/ltp
next prev parent reply other threads:[~2024-03-31 15:11 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-21 14:24 [PATCH 0/9] Various significant MM patches Matthew Wilcox (Oracle)
2024-03-21 14:24 ` [PATCH 1/9] mm: Always initialise folio->_deferred_list Matthew Wilcox (Oracle)
2024-03-22 8:23 ` Miaohe Lin
2024-03-22 13:00 ` Matthew Wilcox
2024-04-01 3:14 ` Miaohe Lin
2024-03-22 9:30 ` Vlastimil Babka
2024-03-22 12:49 ` David Hildenbrand
2024-03-21 14:24 ` [PATCH 2/9] mm: Create FOLIO_FLAG_FALSE and FOLIO_TYPE_OPS macros Matthew Wilcox (Oracle)
2024-03-22 9:33 ` Vlastimil Babka
2024-03-21 14:24 ` [PATCH 3/9] mm: Remove folio_prep_large_rmappable() Matthew Wilcox (Oracle)
2024-03-22 9:37 ` Vlastimil Babka
2024-03-22 12:51 ` David Hildenbrand
2024-03-21 14:24 ` [PATCH 4/9] mm: Support page_mapcount() on page_has_type() pages Matthew Wilcox (Oracle)
2024-03-22 9:43 ` Vlastimil Babka
2024-03-22 12:43 ` Matthew Wilcox
2024-03-22 15:04 ` David Hildenbrand
2024-03-21 14:24 ` [PATCH 5/9] mm: Turn folio_test_hugetlb into a PageType Matthew Wilcox (Oracle)
2024-03-22 10:19 ` Vlastimil Babka
2024-03-22 15:06 ` David Hildenbrand
2024-03-23 3:24 ` Matthew Wilcox
2024-03-25 7:57 ` Vlastimil Babka
2024-03-25 18:48 ` Andrew Morton
2024-03-25 20:41 ` Matthew Wilcox
2024-03-25 20:47 ` Vlastimil Babka
2024-03-25 15:14 ` Matthew Wilcox
2024-03-25 15:18 ` Matthew Wilcox
2024-03-25 15:33 ` Matthew Wilcox
2024-03-21 14:24 ` [PATCH 6/9] mm: Remove a call to compound_head() from is_page_hwpoison() Matthew Wilcox (Oracle)
2024-03-22 10:28 ` Vlastimil Babka
2024-03-21 14:24 ` [PATCH 7/9] mm: Free up PG_slab Matthew Wilcox (Oracle)
2024-03-22 9:20 ` Miaohe Lin
2024-03-22 10:41 ` Vlastimil Babka
2024-04-01 3:38 ` Miaohe Lin
2024-03-22 15:09 ` David Hildenbrand
2024-03-25 15:19 ` Matthew Wilcox
2024-03-31 15:11 ` kernel test robot [this message]
2024-03-31 15:11 ` [LTP] " kernel test robot
2024-04-02 5:26 ` Matthew Wilcox
2024-04-02 5:26 ` [LTP] " Matthew Wilcox
2024-03-21 14:24 ` [PATCH 8/9] mm: Improve dumping of mapcount and page_type Matthew Wilcox (Oracle)
2024-03-22 11:05 ` Vlastimil Babka
2024-03-22 15:10 ` David Hildenbrand
2024-03-21 14:24 ` [PATCH 9/9] hugetlb: Remove mention of destructors Matthew Wilcox (Oracle)
2024-03-22 11:08 ` Vlastimil Babka
2024-03-22 15:13 ` David Hildenbrand
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202403312344.c0d273ab-oliver.sang@intel.com \
--to=oliver.sang@intel.com \
--cc=akpm@linux-foundation.org \
--cc=david@redhat.com \
--cc=linmiaohe@huawei.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-trace-kernel@vger.kernel.org \
--cc=lkp@intel.com \
--cc=ltp@lists.linux.it \
--cc=muchun.song@linux.dev \
--cc=oe-lkp@lists.linux.dev \
--cc=osalvador@suse.de \
--cc=vbabka@suse.cz \
--cc=willy@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.