Greeting, FYI, we noticed the following commit (built with gcc-9): commit: 196bdb1966d10c48b5a747318d1d19d9f8d809f6 ("[PATCH v2 3/5] fs: split off do_getxattr from getxattr") url: https://github.com/0day-ci/linux/commits/Stefan-Roesch/io_uring-add-xattr-support/20211201-135318 patch link: https://lore.kernel.org/io-uring/20211201055144.3141001-4-shr@fb.com in testcase: trinity version: trinity-static-i386-x86_64-f93256fb_2019-08-28 with following parameters: runtime: 300s test-description: Trinity is a linux system call fuzz tester. test-url: http://codemonkey.org.uk/projects/trinity/ on test machine: qemu-system-i386 -enable-kvm -cpu SandyBridge -smp 2 -m 4G caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace): If you fix the issue, kindly add following tag Reported-by: kernel test robot [ 202.127315][ T750] WARNING: CPU: 1 PID: 750 at mm/util.c:597 kvmalloc_node (mm/util.c:597 (discriminator 1)) [ 202.128248][ T750] Modules linked in: [ 202.128673][ T750] CPU: 1 PID: 750 Comm: trinity-c1 Not tainted 5.16.0-rc3-00093-g196bdb1966d1 #1 [ 202.129745][ T750] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 202.132511][ T750] EIP: kvmalloc_node (mm/util.c:597 (discriminator 1)) [ 202.133075][ T750] Code: c7 83 c4 0c 8d 65 f4 5b 89 f8 5e 5f 5d c3 8d 74 26 00 89 da 89 f0 e8 7f 57 05 00 89 c7 8d 65 f4 89 f8 5b 5e 5f 5d c3 8d 76 00 <0f> 0b 6a 00 b8 48 6d df c2 31 c9 ba 01 00 00 00 e8 fb 18 f4 ff 58 All code ======== 0: c7 83 c4 0c 8d 65 f4 movl $0xf8895bf4,0x658d0cc4(%rbx) 7: 5b 89 f8 a: 5e pop %rsi b: 5f pop %rdi c: 5d pop %rbp d: c3 retq e: 8d 74 26 00 lea 0x0(%rsi,%riz,1),%esi 12: 89 da mov %ebx,%edx 14: 89 f0 mov %esi,%eax 16: e8 7f 57 05 00 callq 0x5579a 1b: 89 c7 mov %eax,%edi 1d: 8d 65 f4 lea -0xc(%rbp),%esp 20: 89 f8 mov %edi,%eax 22: 5b pop %rbx 23: 5e pop %rsi 24: 5f pop %rdi 25: 5d pop %rbp 26: c3 retq 27: 8d 76 00 lea 0x0(%rsi),%esi 2a:* 0f 0b ud2 <-- trapping instruction 2c: 6a 00 pushq $0x0 2e: b8 48 6d df c2 mov $0xc2df6d48,%eax 33: 31 c9 xor %ecx,%ecx 35: ba 01 00 00 00 mov $0x1,%edx 3a: e8 fb 18 f4 ff callq 0xfffffffffff4193a 3f: 58 pop %rax Code starting with the faulting instruction =========================================== 0: 0f 0b ud2 2: 6a 00 pushq $0x0 4: b8 48 6d df c2 mov $0xc2df6d48,%eax 9: 31 c9 xor %ecx,%ecx b: ba 01 00 00 00 mov $0x1,%edx 10: e8 fb 18 f4 ff callq 0xfffffffffff41910 15: 58 pop %rax [ 202.135919][ T750] EAX: 00000000 EBX: 00000dc0 ECX: 00000000 EDX: 00000000 [ 202.136621][ T750] ESI: fffffffe EDI: 00000000 EBP: f4103de0 ESP: f4103dd0 [ 202.137271][ T750] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 EFLAGS: 00010282 [ 202.137823][ T750] CR0: 80050033 CR2: b7532000 CR3: 05901000 CR4: 00040690 [ 202.138363][ T750] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000 [ 202.138943][ T750] DR6: fffe0ff0 DR7: 00000400 [ 202.139414][ T750] Call Trace: [ 202.139769][ T750] do_getxattr (include/linux/slab.h:741 include/linux/slab.h:749 fs/xattr.c:679) [ 202.140257][ T750] getxattr (fs/xattr.c:715) [ 202.140975][ T750] ? check_preemption_disabled (lib/smp_processor_id.c:16) [ 202.141838][ T750] ? free_unref_page (mm/page_alloc.c:3409 (discriminator 1)) [ 202.142409][ T750] ? __this_cpu_preempt_check (lib/smp_processor_id.c:67) [ 202.142988][ T750] ? lockdep_hardirqs_on (kernel/locking/lockdep.c:4356) [ 202.143549][ T750] ? free_unref_page (mm/page_alloc.c:3409 (discriminator 1)) [ 202.144130][ T750] ? free_unref_page (mm/page_alloc.c:3409 (discriminator 3)) [ 202.144682][ T750] ? __free_pages (mm/page_alloc.c:5458) [ 202.145195][ T750] ? slob_free_pages (mm/slob.c:220) [ 202.145756][ T750] ? __kmem_cache_free (mm/slob.c:656) [ 202.146299][ T750] ? kmem_cache_free (mm/slob.c:678) [ 202.147340][ T750] ? putname (fs/namei.c:271) [ 202.147932][ T750] ? user_path_at_empty (fs/namei.c:2811) [ 202.149489][ T750] path_getxattr (fs/xattr.c:728) [ 202.150497][ T750] __ia32_sys_lgetxattr (fs/xattr.c:743) [ 202.151682][ T750] __do_fast_syscall_32 (arch/x86/entry/common.c:112 arch/x86/entry/common.c:178) [ 202.152771][ T750] ? __do_fast_syscall_32 (arch/x86/entry/common.c:183) [ 202.154069][ T750] ? __do_fast_syscall_32 (arch/x86/entry/common.c:183) [ 202.155250][ T750] ? irqentry_exit_to_user_mode (kernel/entry/common.c:316) [ 202.156934][ T750] ? irqentry_exit (kernel/entry/common.c:441) [ 202.158066][ T750] do_fast_syscall_32 (arch/x86/entry/common.c:203) [ 202.159216][ T750] do_SYSENTER_32 (arch/x86/entry/common.c:247) [ 202.159761][ T750] entry_SYSENTER_32 (arch/x86/entry/entry_32.S:872) [ 202.160133][ T750] EIP: 0xb7fd7549 [ 202.160647][ T750] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d 76 00 58 b8 77 00 00 00 cd 80 90 8d 76 All code ======== 0: 03 74 c0 01 add 0x1(%rax,%rax,8),%esi 4: 10 05 03 74 b8 01 adc %al,0x1b87403(%rip) # 0x1b8740d a: 10 06 adc %al,(%rsi) c: 03 74 b4 01 add 0x1(%rsp,%rsi,4),%esi 10: 10 07 adc %al,(%rdi) 12: 03 74 b0 01 add 0x1(%rax,%rsi,4),%esi 16: 10 08 adc %cl,(%rax) 18: 03 74 d8 01 add 0x1(%rax,%rbx,8),%esi 1c: 00 00 add %al,(%rax) 1e: 00 00 add %al,(%rax) 20: 00 51 52 add %dl,0x52(%rcx) 23: 55 push %rbp 24: 89 e5 mov %esp,%ebp 26: 0f 34 sysenter 28: cd 80 int $0x80 2a:* 5d pop %rbp <-- trapping instruction 2b: 5a pop %rdx 2c: 59 pop %rcx 2d: c3 retq 2e: 90 nop 2f: 90 nop 30: 90 nop 31: 90 nop 32: 8d 76 00 lea 0x0(%rsi),%esi 35: 58 pop %rax 36: b8 77 00 00 00 mov $0x77,%eax 3b: cd 80 int $0x80 3d: 90 nop 3e: 8d .byte 0x8d 3f: 76 .byte 0x76 Code starting with the faulting instruction =========================================== 0: 5d pop %rbp 1: 5a pop %rdx 2: 59 pop %rcx 3: c3 retq 4: 90 nop 5: 90 nop 6: 90 nop 7: 90 nop 8: 8d 76 00 lea 0x0(%rsi),%esi b: 58 pop %rax c: b8 77 00 00 00 mov $0x77,%eax 11: cd 80 int $0x80 13: 90 nop 14: 8d .byte 0x8d 15: 76 .byte 0x76 To reproduce: # build kernel cd linux cp config-5.16.0-rc3-00093-g196bdb1966d1 .config make HOSTCC=gcc-9 CC=gcc-9 ARCH=i386 olddefconfig prepare modules_prepare bzImage modules make HOSTCC=gcc-9 CC=gcc-9 ARCH=i386 INSTALL_MOD_PATH= modules_install cd find lib/ | cpio -o -H newc --quiet | gzip > modules.cgz git clone https://github.com/intel/lkp-tests.git cd lkp-tests bin/lkp qemu -k -m modules.cgz job-script # job-script is attached in this email # if come across any failure that blocks the test, # please remove ~/.lkp and /lkp dir to run from a clean state. --- 0DAY/LKP+ Test Infrastructure Open Source Technology Center https://lists.01.org/hyperkitty/list/lkp@lists.01.org Intel Corporation Thanks, Oliver Sang