Greeting, FYI, we noticed the following commit (built with gcc-9): commit: e47110e90584a22e9980510b00d0dfad3a83354e ("mm/vunmap: add cond_resched() in vunmap_pmd_range") https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git master in testcase: rcutorture version: with following parameters: runtime: 300s test: cpuhotplug torture_type: srcu test-description: rcutorture is rcutorture kernel module load/unload test. test-url: https://www.kernel.org/doc/Documentation/RCU/torture.txt on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace): +-------------------------------------------------+------------+------------+ | | f3f99d63a8 | e47110e905 | +-------------------------------------------------+------------+------------+ | WARNING:at_mm/vmalloc.c:#__vunmap | 0 | 12 | | RIP:__vunmap | 0 | 12 | | RIP:kfree | 0 | 12 | | Kernel_panic-not_syncing:Fatal_exception | 0 | 12 | | stack_segment:#[##] | 0 | 11 | | WARNING:at_lib/kobject.c:#kobject_add_internal | 0 | 1 | | RIP:kobject_add_internal | 0 | 1 | +-------------------------------------------------+------------+------------+ If you fix the issue, kindly add following tag Reported-by: kernel test robot [ 198.731223] WARNING: CPU: 0 PID: 1948 at mm/vmalloc.c:2247 __vunmap (kbuild/src/consumer/mm/vmalloc.c:2247 (discriminator 1)) [ 198.731996] Modules linked in: rcutorture torture intel_rapl_msr intel_rapl_common iosf_mbi crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel input_leds bochs_drm serio_raw rtc_cmos qemu_fw_cfg stm_p_basic [ 198.734078] CPU: 0 PID: 1948 Comm: systemd-udevd Not tainted 5.9.0-rc1-00107-ge47110e90584a #1 [ 198.734996] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 198.735873] RIP: 0010:__vunmap (kbuild/src/consumer/mm/vmalloc.c:2247 (discriminator 1)) [ 198.736322] Code: ff e9 61 ff ff ff 31 d2 31 f6 48 c7 c7 ff ff ff ff e8 11 53 ff ff e9 4c ff ff ff 48 89 fe 48 c7 c7 60 ec 6c bb e8 69 22 bf ff <0f> 0b 48 83 c4 40 5b 5d 41 5c 41 5d 41 5e 41 5f c3 4c 89 e6 48 c7 All code ======== 0: ff (bad) 1: e9 61 ff ff ff jmpq 0xffffffffffffff67 6: 31 d2 xor %edx,%edx 8: 31 f6 xor %esi,%esi a: 48 c7 c7 ff ff ff ff mov $0xffffffffffffffff,%rdi 11: e8 11 53 ff ff callq 0xffffffffffff5327 16: e9 4c ff ff ff jmpq 0xffffffffffffff67 1b: 48 89 fe mov %rdi,%rsi 1e: 48 c7 c7 60 ec 6c bb mov $0xffffffffbb6cec60,%rdi 25: e8 69 22 bf ff callq 0xffffffffffbf2293 2a:* 0f 0b ud2 <-- trapping instruction 2c: 48 83 c4 40 add $0x40,%rsp 30: 5b pop %rbx 31: 5d pop %rbp 32: 41 5c pop %r12 34: 41 5d pop %r13 36: 41 5e pop %r14 38: 41 5f pop %r15 3a: c3 retq 3b: 4c 89 e6 mov %r12,%rsi 3e: 48 rex.W 3f: c7 .byte 0xc7 Code starting with the faulting instruction =========================================== 0: 0f 0b ud2 2: 48 83 c4 40 add $0x40,%rsp 6: 5b pop %rbx 7: 5d pop %rbp 8: 41 5c pop %r12 a: 41 5d pop %r13 c: 41 5e pop %r14 e: 41 5f pop %r15 10: c3 retq 11: 4c 89 e6 mov %r12,%rsi 14: 48 rex.W 15: c7 .byte 0xc7 [ 198.738277] RSP: 0018:ffff88838d59fa08 EFLAGS: 00010286 [ 198.738865] RAX: 0000000000000000 RBX: ffffffffc0131f40 RCX: 0000000000000000 [ 198.739618] RDX: 0000000000000027 RSI: 0000000000000004 RDI: ffffed1071ab3f37 [ 198.740411] RBP: ffffffffbc137640 R08: 0000000000000001 R09: ffffed1075d7c2e8 [ 198.741166] R10: ffff8883aebe173b R11: ffffed1075d7c2e7 R12: f8f8f8f8f8f8f8f8 [ 198.741913] R13: 00000000000008f8 R14: 0000000000000017 R15: ffff888362f80000 [ 198.742676] FS: 0000000000000000(0000) GS:ffff8883aea00000(0063) knlGS:00000000f7c71800 [ 198.743553] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 198.744173] CR2: 00000000566ea328 CR3: 00000003914b2000 CR4: 00000000000406b0 [ 198.744933] Call Trace: [ 198.745229] free_module (kbuild/src/consumer/kernel/module.c:2251) [ 198.745629] do_init_module (kbuild/src/consumer/kernel/module.c:3705) [ 198.746054] ? rcu_read_lock_bh_held (kbuild/src/consumer/kernel/rcu/update.c:131) [ 198.746576] load_module (kbuild/src/consumer/kernel/module.c:3968) [ 198.747016] ? post_relocation (kbuild/src/consumer/kernel/module.c:3822) [ 198.747510] ? kernel_read_file (kbuild/src/consumer/arch/x86/include/asm/atomic.h:95 kbuild/src/consumer/include/asm-generic/atomic-instrumented.h:241 kbuild/src/consumer/include/linux/fs.h:2829 kbuild/src/consumer/include/linux/fs.h:2826 kbuild/src/consumer/fs/exec.c:1017 kbuild/src/consumer/fs/exec.c:952) [ 198.747982] ? __do_sys_finit_module (kbuild/src/consumer/kernel/module.c:4058) [ 198.748477] __do_sys_finit_module (kbuild/src/consumer/kernel/module.c:4058) [ 198.748960] ? __ia32_sys_init_module (kbuild/src/consumer/kernel/module.c:4035) [ 198.749475] ? lockdep_hardirqs_on_prepare (kbuild/src/consumer/kernel/locking/lockdep.c:3637 kbuild/src/consumer/kernel/locking/lockdep.c:3697 kbuild/src/consumer/kernel/locking/lockdep.c:3649) [ 198.750054] ? syscall_enter_from_user_mode (kbuild/src/consumer/arch/x86/include/asm/paravirt.h:780 kbuild/src/consumer/kernel/entry/common.c:78) [ 198.750625] ? trace_hardirqs_on (kbuild/src/consumer/kernel/trace/trace_preemptirq.c:50 (discriminator 22)) [ 198.751083] ? lockdep_hardirqs_on (kbuild/src/consumer/kernel/locking/lockdep.c:3747 (discriminator 1)) [ 198.751551] __do_fast_syscall_32 (kbuild/src/consumer/arch/x86/entry/common.c:84 kbuild/src/consumer/arch/x86/entry/common.c:126) [ 198.752008] do_fast_syscall_32 (kbuild/src/consumer/arch/x86/entry/common.c:149) [ 198.752445] entry_SYSENTER_compat_after_hwframe (kbuild/src/consumer/arch/x86/entry/entry_64_compat.S:141) [ 198.753029] RIP: 0023:0xf7fa8549 [ 198.753422] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 All code ======== 0: 03 74 c0 01 add 0x1(%rax,%rax,8),%esi 4: 10 05 03 74 b8 01 adc %al,0x1b87403(%rip) # 0x1b8740d a: 10 06 adc %al,(%rsi) c: 03 74 b4 01 add 0x1(%rsp,%rsi,4),%esi 10: 10 07 adc %al,(%rdi) 12: 03 74 b0 01 add 0x1(%rax,%rsi,4),%esi 16: 10 08 adc %cl,(%rax) 18: 03 74 d8 01 add 0x1(%rax,%rbx,8),%esi 1c: 00 00 add %al,(%rax) 1e: 00 00 add %al,(%rax) 20: 00 51 52 add %dl,0x52(%rcx) 23: 55 push %rbp 24: 89 e5 mov %esp,%ebp 26: 0f 34 sysenter 28: cd 80 int $0x80 2a:* 5d pop %rbp <-- trapping instruction 2b: 5a pop %rdx 2c: 59 pop %rcx 2d: c3 retq 2e: 90 nop 2f: 90 nop 30: 90 nop 31: 90 nop 32: 8d b4 26 00 00 00 00 lea 0x0(%rsi,%riz,1),%esi 39: 8d b4 26 00 00 00 00 lea 0x0(%rsi,%riz,1),%esi Code starting with the faulting instruction =========================================== 0: 5d pop %rbp 1: 5a pop %rdx 2: 59 pop %rcx 3: c3 retq 4: 90 nop 5: 90 nop 6: 90 nop 7: 90 nop 8: 8d b4 26 00 00 00 00 lea 0x0(%rsi,%riz,1),%esi f: 8d b4 26 00 00 00 00 lea 0x0(%rsi,%riz,1),%esi To reproduce: # build kernel cd linux cp config-5.9.0-rc1-00107-ge47110e90584a .config make HOSTCC=gcc-9 CC=gcc-9 ARCH=x86_64 olddefconfig prepare modules_prepare bzImage git clone https://github.com/intel/lkp-tests.git cd lkp-tests bin/lkp qemu -k job-script # job-script is attached in this email --- 0DAY/LKP+ Test Infrastructure Open Source Technology Center https://lists.01.org/hyperkitty/list/lkp@lists.01.org Intel Corporation Thanks, Oliver Sang