Hi Ammar,

We noticed that the branch below was forked from brauner's tree. Looks
this branch no longer exists in brauner's tree but still remains in
yours, so we send this report only for reference. Thanks.


Greeting,

FYI, we noticed kernel_BUG_at_mm/usercopy.c due to commit (built with gcc-11):

commit: b1999797db0738e60ae9730fcdd5ec6dd7604cd0 ("xattr: use rbtree for simple_xattrs")
https://github.com/ammarfaizi2/linux-block brauner/linux/fs.xattr.simple.rework.rbtree

in testcase: boot

on test machine: qemu-system-i386 -enable-kvm -cpu SandyBridge -smp 2 -m 4G

caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):


[   22.832127][    T1] ------------[ cut here ]------------
[   22.832742][    T1] kernel BUG at mm/usercopy.c:101!
[   22.833344][    T1] invalid opcode: 0000 [#1] SMP
[   22.833888][    T1] CPU: 1 PID: 1 Comm: systemd Tainted: G                T  6.1.0-rc1-00001-gb1999797db07 #1
[ 22.835017][ T1] EIP: usercopy_abort (??:?) 
[ 22.835578][ T1] Code: 22 42 0f 45 cf bf 91 0f 1e 42 ff 75 08 89 4d f0 b9 40 a6 1f 42 0f 44 cf 56 52 53 50 ff 75 f0 51 68 bc a5 1f 42 e8 79 35 ff ff <0f> 0b b8 0c cf 71 42 83 c4 24 e8 8d cc 01 00 ba 00 10 00 00 b8 24
All code
========
   0:	22 42 0f             	and    0xf(%rdx),%al
   3:	45 cf                	rex.RB iret 
   5:	bf 91 0f 1e 42       	mov    $0x421e0f91,%edi
   a:	ff 75 08             	pushq  0x8(%rbp)
   d:	89 4d f0             	mov    %ecx,-0x10(%rbp)
  10:	b9 40 a6 1f 42       	mov    $0x421fa640,%ecx
  15:	0f 44 cf             	cmove  %edi,%ecx
  18:	56                   	push   %rsi
  19:	52                   	push   %rdx
  1a:	53                   	push   %rbx
  1b:	50                   	push   %rax
  1c:	ff 75 f0             	pushq  -0x10(%rbp)
  1f:	51                   	push   %rcx
  20:	68 bc a5 1f 42       	pushq  $0x421fa5bc
  25:	e8 79 35 ff ff       	callq  0xffffffffffff35a3
  2a:*	0f 0b                	ud2    		<-- trapping instruction
  2c:	b8 0c cf 71 42       	mov    $0x4271cf0c,%eax
  31:	83 c4 24             	add    $0x24,%esp
  34:	e8 8d cc 01 00       	callq  0x1ccc6
  39:	ba 00 10 00 00       	mov    $0x1000,%edx
  3e:	b8                   	.byte 0xb8
  3f:	24                   	.byte 0x24

Code starting with the faulting instruction
===========================================
   0:	0f 0b                	ud2    
   2:	b8 0c cf 71 42       	mov    $0x4271cf0c,%eax
   7:	83 c4 24             	add    $0x24,%esp
   a:	e8 8d cc 01 00       	callq  0x1cc9c
   f:	ba 00 10 00 00       	mov    $0x1000,%edx
  14:	b8                   	.byte 0xb8
  15:	24                   	.byte 0x24
[   22.837790][    T1] EAX: 0000006d EBX: 421fa633 ECX: 00000a2e EDX: 00000000
[   22.838571][    T1] ESI: 421fa634 EDI: 421e0f91 EBP: 402a9d8c ESP: 402a9d58
[   22.839351][    T1] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 EFLAGS: 00210212
[   22.844351][    T1] CR0: 80050033 CR2: 00637200 CR3: 0023a0a0 CR4: 000406b0
[   22.845389][    T1] Call Trace:
[ 22.845876][ T1] ? __check_heap_object (??:?) 
[ 22.846649][ T1] ? check_heap_object (usercopy.c:?) 
[ 22.847437][ T1] ? __vfs_getxattr (??:?) 
[ 22.848138][ T1] ? __check_object_size (percpu-stats.c:?) 
[ 22.848829][ T1] ? vfs_getxattr (??:?) 
[ 22.849438][ T1] ? __check_object_size (??:?) 
[ 22.850106][ T1] ? do_getxattr (??:?) 
[ 22.850696][ T1] ? getxattr (xattr.c:?) 
[ 22.851240][ T1] ? terminate_walk (namei.c:?) 
[ 22.851870][ T1] ? __slab_free (slub.c:?) 
[ 22.852489][ T1] ? putname (??:?) 
[ 22.853025][ T1] ? kmem_cache_free (??:?) 
[ 22.853691][ T1] ? putname (??:?) 
[ 22.854246][ T1] ? putname (??:?) 
[ 22.854767][ T1] ? putname (??:?) 
[ 22.855304][ T1] ? user_path_at_empty (??:?) 
[ 22.855999][ T1] ? path_getxattr (xattr.c:?) 
[ 22.856552][ T1] ? __ia32_sys_getxattr (??:?) 
[ 22.857123][ T1] ? do_int80_syscall_32 (??:?) 
[ 22.857690][ T1] ? entry_INT80_32 (entry_32.o:?) 
[   22.858241][    T1] Modules linked in:
[   22.858761][    T1] ---[ end trace 0000000000000000 ]---
[ 22.859371][ T1] EIP: usercopy_abort (??:?) 
[ 22.859915][ T1] Code: 22 42 0f 45 cf bf 91 0f 1e 42 ff 75 08 89 4d f0 b9 40 a6 1f 42 0f 44 cf 56 52 53 50 ff 75 f0 51 68 bc a5 1f 42 e8 79 35 ff ff <0f> 0b b8 0c cf 71 42 83 c4 24 e8 8d cc 01 00 ba 00 10 00 00 b8 24
All code
========
   0:	22 42 0f             	and    0xf(%rdx),%al
   3:	45 cf                	rex.RB iret 
   5:	bf 91 0f 1e 42       	mov    $0x421e0f91,%edi
   a:	ff 75 08             	pushq  0x8(%rbp)
   d:	89 4d f0             	mov    %ecx,-0x10(%rbp)
  10:	b9 40 a6 1f 42       	mov    $0x421fa640,%ecx
  15:	0f 44 cf             	cmove  %edi,%ecx
  18:	56                   	push   %rsi
  19:	52                   	push   %rdx
  1a:	53                   	push   %rbx
  1b:	50                   	push   %rax
  1c:	ff 75 f0             	pushq  -0x10(%rbp)
  1f:	51                   	push   %rcx
  20:	68 bc a5 1f 42       	pushq  $0x421fa5bc
  25:	e8 79 35 ff ff       	callq  0xffffffffffff35a3
  2a:*	0f 0b                	ud2    		<-- trapping instruction
  2c:	b8 0c cf 71 42       	mov    $0x4271cf0c,%eax
  31:	83 c4 24             	add    $0x24,%esp
  34:	e8 8d cc 01 00       	callq  0x1ccc6
  39:	ba 00 10 00 00       	mov    $0x1000,%edx
  3e:	b8                   	.byte 0xb8
  3f:	24                   	.byte 0x24

Code starting with the faulting instruction
===========================================
   0:	0f 0b                	ud2    
   2:	b8 0c cf 71 42       	mov    $0x4271cf0c,%eax
   7:	83 c4 24             	add    $0x24,%esp
   a:	e8 8d cc 01 00       	callq  0x1cc9c
   f:	ba 00 10 00 00       	mov    $0x1000,%edx
  14:	b8                   	.byte 0xb8
  15:	24                   	.byte 0x24


If you fix the issue, kindly add following tag
| Reported-by: kernel test robot <yujie.liu@intel.com>
| Link: https://lore.kernel.org/oe-lkp/202211122034.a840fe71-yujie.liu@intel.com


To reproduce:

        # build kernel
	cd linux
	cp config-6.1.0-rc1-00001-gb1999797db07 .config
	make HOSTCC=gcc-11 CC=gcc-11 ARCH=i386 olddefconfig prepare modules_prepare bzImage modules
	make HOSTCC=gcc-11 CC=gcc-11 ARCH=i386 INSTALL_MOD_PATH=<mod-install-dir> modules_install
	cd <mod-install-dir>
	find lib/ | cpio -o -H newc --quiet | gzip > modules.cgz


        git clone https://github.com/intel/lkp-tests.git
        cd lkp-tests
        bin/lkp qemu -k <bzImage> -m modules.cgz job-script # job-script is attached in this email

        # if come across any failure that blocks the test,
        # please remove ~/.lkp and /lkp dir to run from a clean state.


-- 
0-DAY CI Kernel Test Service
https://01.org/lkp