Greeting, FYI, we noticed the following commit (built with gcc-9): commit: 61b205f579911a11f0b576f73275eca2aed0d108 ("mm/highmem: Convert memcpy_[to|from]_page() to kmap_local_page()") https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git master in testcase: trinity version: trinity-static-i386-x86_64-f93256fb_2019-08-28 with following parameters: runtime: 300s test-description: Trinity is a linux system call fuzz tester. test-url: http://codemonkey.org.uk/projects/trinity/ on test machine: qemu-system-i386 -enable-kvm -cpu SandyBridge -smp 2 -m 8G caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace): +--------------------------------------------------------------------+------------+------------+ | | bb90d4bc7b | 61b205f579 | +--------------------------------------------------------------------+------------+------------+ | boot_successes | 128 | 147 | | boot_failures | 0 | 22 | | WARNING:at_mm/highmem.c:#__kmap_local_sched_out | 0 | 12 | | EIP:__kmap_local_sched_out | 0 | 12 | | WARNING:at_mm/highmem.c:#__kmap_local_sched_in | 0 | 12 | | EIP:__kmap_local_sched_in | 0 | 12 | | EIP:kunmap_local_indexed | 0 | 2 | | WARNING:possible_circular_locking_dependency_detected | 0 | 6 | | EIP:memcpy | 0 | 3 | | WARNING:at_kernel/rcu/rcutorture.c:#rcu_torture_writer[rcutorture] | 0 | 10 | | EIP:rcu_torture_writer | 0 | 10 | | calltrace:do_softirq_own_stack | 0 | 8 | | EIP:__kmap_local_pfn_prot | 0 | 1 | | EIP:kmap_get_pte | 0 | 1 | +--------------------------------------------------------------------+------------+------------+ If you fix the issue, kindly add following tag Reported-by: kernel test robot [ 230.513199] WARNING: CPU: 0 PID: 1515 at mm/highmem.c:618 __kmap_local_sched_out (kbuild/src/consumer/mm/highmem.c:618 (discriminator 1)) [ 230.516893] Modules linked in: [ 230.517416] CPU: 0 PID: 1515 Comm: cat Not tainted 5.11.0-rc7-00002-g61b205f57991 #1 [ 230.518577] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 230.519838] EIP: __kmap_local_sched_out (kbuild/src/consumer/mm/highmem.c:618 (discriminator 1)) [ 230.520561] Code: d1 8b 55 f0 29 c2 89 c8 c7 02 00 00 00 00 e8 17 e6 ed ff 83 c3 01 83 c7 04 39 9e a4 16 00 00 7f b9 83 c4 04 5b 5e 5f 5d c3 90 <0f> 0b eb e5 8d b4 26 00 00 00 00 8d 74 26 00 90 55 89 e5 57 56 53 All code ======== 0: d1 8b 55 f0 29 c2 rorl -0x3dd60fab(%rbx) 6: 89 c8 mov %ecx,%eax 8: c7 02 00 00 00 00 movl $0x0,(%rdx) e: e8 17 e6 ed ff callq 0xffffffffffede62a 13: 83 c3 01 add $0x1,%ebx 16: 83 c7 04 add $0x4,%edi 19: 39 9e a4 16 00 00 cmp %ebx,0x16a4(%rsi) 1f: 7f b9 jg 0xffffffffffffffda 21: 83 c4 04 add $0x4,%esp 24: 5b pop %rbx 25: 5e pop %rsi 26: 5f pop %rdi 27: 5d pop %rbp 28: c3 retq 29: 90 nop 2a:* 0f 0b ud2 <-- trapping instruction 2c: eb e5 jmp 0x13 2e: 8d b4 26 00 00 00 00 lea 0x0(%rsi,%riz,1),%esi 35: 8d 74 26 00 lea 0x0(%rsi,%riz,1),%esi 39: 90 nop 3a: 55 push %rbp 3b: 89 e5 mov %esp,%ebp 3d: 57 push %rdi 3e: 56 push %rsi 3f: 53 push %rbx Code starting with the faulting instruction =========================================== 0: 0f 0b ud2 2: eb e5 jmp 0xffffffffffffffe9 4: 8d b4 26 00 00 00 00 lea 0x0(%rsi,%riz,1),%esi b: 8d 74 26 00 lea 0x0(%rsi,%riz,1),%esi f: 90 nop 10: 55 push %rbp 11: 89 e5 mov %esp,%ebp 13: 57 push %rdi 14: 56 push %rsi 15: 53 push %rbx [ 230.523148] EAX: 00000000 EBX: 00000000 ECX: 00000002 EDX: 00000002 [ 230.524069] ESI: c6333940 EDI: c6334fe8 EBP: c6373c94 ESP: c6373c84 [ 230.524974] DS: 007b ES: 007b FS: 0000 GS: 00e0 SS: 0068 EFLAGS: 00010046 [ 230.525962] CR0: 80050033 CR2: 08075077 CR3: 06315000 CR4: 000406d0 [ 230.526883] Call Trace: [ 230.527323] __schedule (kbuild/src/consumer/kernel/sched/core.c:4098 kbuild/src/consumer/kernel/sched/core.c:4132 kbuild/src/consumer/kernel/sched/core.c:4279 kbuild/src/consumer/kernel/sched/core.c:5078) [ 230.527897] ? preempt_schedule_irq (kbuild/src/consumer/arch/x86/include/asm/irqflags.h:54 kbuild/src/consumer/arch/x86/include/asm/irqflags.h:94 kbuild/src/consumer/kernel/sched/core.c:5339) [ 230.528576] preempt_schedule_irq (kbuild/src/consumer/arch/x86/include/asm/irqflags.h:29 kbuild/src/consumer/arch/x86/include/asm/irqflags.h:79 kbuild/src/consumer/arch/x86/include/asm/irqflags.h:169 kbuild/src/consumer/kernel/sched/core.c:5341) [ 230.529222] irqentry_exit_cond_resched (kbuild/src/consumer/kernel/entry/common.c:387) [ 230.529941] irqentry_exit (kbuild/src/consumer/kernel/entry/common.c:417) [ 230.530528] common_interrupt (kbuild/src/consumer/arch/x86/kernel/irq.c:239) [ 230.531147] asm_common_interrupt (kbuild/src/consumer/arch/x86/include/asm/idtentry.h:620) [ 230.531814] EIP: __kmap_local_pfn_prot (kbuild/src/consumer/mm/highmem.c:529 (discriminator 3)) [ 230.532530] Code: 09 fb 89 1e 8b 81 a4 16 00 00 89 9c 81 a4 16 00 00 b8 01 00 00 00 e8 04 0d f1 ff 8b 55 f0 a1 d0 cb 70 c2 85 c0 74 28 83 c4 08 <89> d0 5b 5e 5f 5d c3 8d b6 00 00 00 00 0f 0b e9 56 ff ff ff 90 0f All code ======== 0: 09 fb or %edi,%ebx 2: 89 1e mov %ebx,(%rsi) 4: 8b 81 a4 16 00 00 mov 0x16a4(%rcx),%eax a: 89 9c 81 a4 16 00 00 mov %ebx,0x16a4(%rcx,%rax,4) 11: b8 01 00 00 00 mov $0x1,%eax 16: e8 04 0d f1 ff callq 0xfffffffffff10d1f 1b: 8b 55 f0 mov -0x10(%rbp),%edx 1e: a1 d0 cb 70 c2 85 c0 movabs 0x2874c085c270cbd0,%eax 25: 74 28 27: 83 c4 08 add $0x8,%esp 2a:* 89 d0 mov %edx,%eax <-- trapping instruction 2c: 5b pop %rbx 2d: 5e pop %rsi 2e: 5f pop %rdi 2f: 5d pop %rbp 30: c3 retq 31: 8d b6 00 00 00 00 lea 0x0(%rsi),%esi 37: 0f 0b ud2 39: e9 56 ff ff ff jmpq 0xffffffffffffff94 3e: 90 nop 3f: 0f .byte 0xf Code starting with the faulting instruction =========================================== 0: 89 d0 mov %edx,%eax 2: 5b pop %rbx 3: 5e pop %rsi 4: 5f pop %rdi 5: 5d pop %rbp 6: c3 retq 7: 8d b6 00 00 00 00 lea 0x0(%rsi),%esi d: 0f 0b ud2 f: e9 56 ff ff ff jmpq 0xffffffffffffff6a 14: 90 nop 15: 0f .byte 0xf [ 230.535108] EAX: 80000000 EBX: 0630c163 ECX: c6333940 EDX: ffffb000 [ 230.536027] ESI: c2de5fec EDI: 00000163 EBP: c6373d74 ESP: c6373d68 [ 230.536931] DS: 007b ES: 007b FS: 0000 GS: 00e0 SS: 0068 EFLAGS: 00000282 [ 230.537909] ? exc_int3 (kbuild/src/consumer/arch/x86/include/asm/ptrace.h:129 kbuild/src/consumer/arch/x86/kernel/traps.c:655) [ 230.538473] ? exc_int3 (kbuild/src/consumer/arch/x86/include/asm/ptrace.h:129 kbuild/src/consumer/arch/x86/kernel/traps.c:655) [ 230.539038] ? __kmap_local_pfn_prot (kbuild/src/consumer/mm/highmem.c:529 (discriminator 3)) [ 230.539730] __kmap_local_page_prot (kbuild/src/consumer/mm/highmem.c:550) [ 230.540399] _copy_to_iter (kbuild/src/consumer/include/linux/highmem.h:293 kbuild/src/consumer/lib/iov_iter.c:561 kbuild/src/consumer/lib/iov_iter.c:618) [ 230.541000] ? slow_virt_to_phys (kbuild/src/consumer/arch/x86/mm/pat/set_memory.c:696) [ 230.541643] seq_read_iter (kbuild/src/consumer/include/linux/uio.h:137 kbuild/src/consumer/fs/seq_file.c:278) [ 230.542244] proc_reg_read_iter (kbuild/src/consumer/fs/proc/inode.c:310) [ 230.542887] generic_file_splice_read (kbuild/src/consumer/include/linux/fs.h:1895 kbuild/src/consumer/fs/splice.c:311) [ 230.543598] ? add_to_pipe (kbuild/src/consumer/fs/splice.c:301) [ 230.544176] do_splice_to (kbuild/src/consumer/fs/splice.c:788) [ 230.544742] splice_direct_to_actor (kbuild/src/consumer/fs/splice.c:867) [ 230.545436] ? pipe_to_sendpage (kbuild/src/consumer/fs/splice.c:930) [ 230.546069] do_splice_direct (kbuild/src/consumer/fs/splice.c:977) [ 230.546689] do_sendfile (kbuild/src/consumer/fs/read_write.c:1257) [ 230.547265] __ia32_sys_sendfile64 (kbuild/src/consumer/fs/read_write.c:1318 kbuild/src/consumer/fs/read_write.c:1304 kbuild/src/consumer/fs/read_write.c:1304) [ 230.547930] do_int80_syscall_32 (kbuild/src/consumer/arch/x86/entry/common.c:77 kbuild/src/consumer/arch/x86/entry/common.c:94) [ 230.548579] entry_INT80_32 (kbuild/src/consumer/arch/x86/entry/entry_32.S:1064) [ 230.549188] EIP: 0xb7eca5ed [ 230.549668] Code: 8b 7c 24 0c 50 e8 06 00 00 00 89 da 5b 5b 5f c3 8b 04 24 05 77 ec 04 00 8b 00 85 c0 74 06 50 8b 44 24 08 c3 8b 44 24 04 cd 80 55 50 8b 6c 24 0c 8b 45 00 8b 6d 04 50 8b 44 24 04 e8 b9 ff ff All code ======== 0: 8b 7c 24 0c mov 0xc(%rsp),%edi 4: 50 push %rax 5: e8 06 00 00 00 callq 0x10 a: 89 da mov %ebx,%edx c: 5b pop %rbx d: 5b pop %rbx e: 5f pop %rdi f: c3 retq 10: 8b 04 24 mov (%rsp),%eax 13: 05 77 ec 04 00 add $0x4ec77,%eax 18: 8b 00 mov (%rax),%eax 1a: 85 c0 test %eax,%eax 1c: 74 06 je 0x24 1e: 50 push %rax 1f: 8b 44 24 08 mov 0x8(%rsp),%eax 23: c3 retq 24: 8b 44 24 04 mov 0x4(%rsp),%eax 28: cd 80 int $0x80 2a:* c3 retq <-- trapping instruction 2b: 55 push %rbp 2c: 50 push %rax 2d: 8b 6c 24 0c mov 0xc(%rsp),%ebp 31: 8b 45 00 mov 0x0(%rbp),%eax 34: 8b 6d 04 mov 0x4(%rbp),%ebp 37: 50 push %rax 38: 8b 44 24 04 mov 0x4(%rsp),%eax 3c: e8 .byte 0xe8 3d: b9 .byte 0xb9 3e: ff (bad) To reproduce: # build kernel cd linux cp config-5.11.0-rc7-00002-g61b205f57991 .config make HOSTCC=gcc-9 CC=gcc-9 ARCH=i386 olddefconfig prepare modules_prepare bzImage git clone https://github.com/intel/lkp-tests.git cd lkp-tests bin/lkp qemu -k job-script # job-script is attached in this email --- 0DAY/LKP+ Test Infrastructure Open Source Technology Center https://lists.01.org/hyperkitty/list/lkp@lists.01.org Intel Corporation Thanks, Oliver Sang