Hello,
kernel test robot noticed "BUG:Bad_page_cache_in_process" on:
commit: 1c29a32ce65f4cd0f1c0f9cab128b1215647be4b ("mm/mmap: use split munmap calls for MAP_FIXED")
https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git master
[test failed on linux-next/master 6906a84c482f098d31486df8dc98cead21cce2d0]
in testcase: trinity
version:
with following parameters:
runtime: 300s
group: group-04
nr_groups: 5
compiler: clang-18
test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
(please refer to attached dmesg/kmsg for entire log/backtrace)
we noticed this issue does not always happen on 1c29a32ce6, but keeps clean
in our tests.
245d2058fb8a2aef 1c29a32ce65f4cd0f1c0f9cab12
---------------- ---------------------------
fail:runs %reproduction fail:runs
| | |
:20 40% 8:20 dmesg.BUG:Bad_page_cache_in_process
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@xxxxxxxxx>
| Closes: https://lore.kernel.org/oe-lkp/202406151149.22b3f2e7-lkp@xxxxxxxxx
[ 50.563540][ T3511] BUG: Bad page cache in process trinity-main pfn:184ba4
[ 50.564103][ T3511] page: refcount:3 mapcount:1 mapping:00000000add575cf index:0x0 pfn:0x184ba4
[ 50.564617][ T3511] aops:shmem_aops ino:41b
[ 50.564870][ T3511] flags: 0x800000000004002d(locked|referenced|uptodate|lru|swapbacked|zone=2)
[ 50.565372][ T3511] raw: 800000000004002d ffffea000612e8c8 ffffea000612e948 ffff8881276339c8
[ 50.565855][ T3511] raw: 0000000000000000 0000000000000000 0000000300000000 0000000000000000
[ 50.566337][ T3511] page dumped because: still mapped when deleted
[ 50.566694][ T3511] page_owner tracks the page as allocated
[ 50.567064][ T3511] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 3511, tgid 3511 (trinity-main), ts 50545206746, free_ts 0
[ 50.568015][ T3511] post_alloc_hook (mm/page_alloc.c:1453)
[ 50.568356][ T3511] get_page_from_freelist (mm/page_alloc.c:? mm/page_alloc.c:3448)
[ 50.568679][ T3511] __alloc_pages_noprof (mm/page_alloc.c:4707)
[ 50.568976][ T3511] __folio_alloc_noprof (mm/page_alloc.c:4738)
[ 50.569264][ T3511] shmem_get_folio_gfp (mm/shmem.c:1785 mm/shmem.c:2189)
[ 50.569556][ T3511] shmem_fault (mm/shmem.c:2389)
[ 50.569811][ T3511] __do_fault (mm/memory.c:4647)
[ 50.570062][ T3511] do_pte_missing (mm/memory.c:5049)
[ 50.570336][ T3511] handle_mm_fault (mm/memory.c:5503)
[ 50.570616][ T3511] __get_user_pages (mm/gup.c:1292)
[ 50.570896][ T3511] __mm_populate (mm/gup.c:2029)
[ 50.571161][ T3511] vm_mmap_pgoff (include/linux/mm.h:?)
[ 50.571426][ T3511] do_syscall_64 (arch/x86/entry/common.c:?)
[ 50.571688][ T3511] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)
[ 50.572026][ T3511] page_owner free stack trace missing
[ 50.572333][ T3511] CPU: 1 PID: 3511 Comm: trinity-main Tainted: G E 6.10.0-rc3-00201-g1c29a32ce65f #1
[ 50.572955][ T3511] Call Trace:
[ 50.573159][ T3511] <TASK>
[ 50.573331][ T3511] dump_stack_lvl (lib/dump_stack.c:116)
[ 50.573597][ T3511] filemap_unaccount_folio (mm/filemap.c:168)
[ 50.573916][ T3511] __filemap_remove_folio (mm/filemap.c:139)
[ 50.574223][ T3511] ? do_raw_spin_lock (arch/x86/include/asm/atomic.h:107)
[ 50.574534][ T3511] filemap_remove_folio (include/linux/spinlock.h:401 mm/filemap.c:265)
[ 50.574832][ T3511] truncate_inode_folio (mm/truncate.c:?)
[ 50.575178][ T3511] shmem_undo_range (mm/shmem.c:1010)
[ 50.575468][ T3511] ? lock_release (kernel/locking/lockdep.c:?)
[ 50.575747][ T3511] ? mark_lock (arch/x86/include/asm/bitops.h:227 arch/x86/include/asm/bitops.h:239 include/asm-generic/bitops/instrumented-non-atomic.h:142 kernel/locking/lockdep.c:228 kernel/locking/lockdep.c:4656)
[ 50.576031][ T3511] shmem_evict_inode (mm/shmem.c:1123 mm/shmem.c:1250)
[ 50.576319][ T3511] ? evict (fs/inode.c:666)
[ 50.576576][ T3511] ? do_raw_spin_unlock (arch/x86/include/asm/atomic.h:23)
[ 50.576895][ T3511] evict (fs/inode.c:?)
[ 50.577219][ T3511] __dentry_kill (fs/dcache.c:?)
[ 50.577598][ T3511] ? rcu_read_unlock (include/linux/rcupdate.h:339 include/linux/rcupdate.h:812)
[ 50.577989][ T3511] ? dput (include/linux/rcupdate.h:329 include/linux/rcupdate.h:781 fs/dcache.c:838)
[ 50.578311][ T3511] ? dput (include/linux/rcupdate.h:329 include/linux/rcupdate.h:781 fs/dcache.c:838)
[ 50.578635][ T3511] dput (fs/dcache.c:846)
[ 50.578952][ T3511] __fput (fs/file_table.c:431)
[ 50.579298][ T3511] task_work_run (kernel/task_work.c:181)
[ 50.579687][ T3511] resume_user_mode_work (include/linux/resume_user_mode.h:?)
[ 50.580111][ T3511] syscall_exit_to_user_mode (kernel/entry/common.c:124 include/linux/entry-common.h:328 kernel/entry/common.c:207 kernel/entry/common.c:218)
[ 50.580532][ T3511] do_syscall_64 (arch/x86/entry/common.c:102)
[ 50.580915][ T3511] ? exc_page_fault (arch/x86/mm/fault.c:1543)
[ 50.581311][ T3511] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)
[ 50.581837][ T3511] RIP: 0033:0x46356a
[ 50.582185][ T3511] Code: 89 f5 41 54 49 89 fc 55 53 74 35 49 63 e8 48 63 da 4d 89 f9 49 89 e8 4d 63 d6 48 89 da 4c 89 ee 4c 89 e7 b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 4e 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 00
All code
========
0: 89 f5 mov %esi,%ebp
2: 41 54 push %r12
4: 49 89 fc mov %rdi,%r12
7: 55 push %rbp
8: 53 push %rbx
9: 74 35 je 0x40
b: 49 63 e8 movslq %r8d,%rbp
e: 48 63 da movslq %edx,%rbx
11: 4d 89 f9 mov %r15,%r9
14: 49 89 e8 mov %rbp,%r8
17: 4d 63 d6 movslq %r14d,%r10
1a: 48 89 da mov %rbx,%rdx
1d: 4c 89 ee mov %r13,%rsi
20: 4c 89 e7 mov %r12,%rdi
23: b8 09 00 00 00 mov $0x9,%eax
28: 0f 05 syscall
2a:* 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax <-- trapping instruction
30: 77 4e ja 0x80
32: 5b pop %rbx
33: 5d pop %rbp
34: 41 5c pop %r12
36: 41 5d pop %r13
38: 41 5e pop %r14
3a: 41 5f pop %r15
3c: c3 ret
3d: 0f 1f 00 nopl (%rax)
Code starting with the faulting instruction
===========================================
0: 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax
6: 77 4e ja 0x56
8: 5b pop %rbx
9: 5d pop %rbp
a: 41 5c pop %r12
c: 41 5d pop %r13
e: 41 5e pop %r14
10: 41 5f pop %r15
12: c3 ret
13: 0f 1f 00 nopl (%rax)
[ 50.583785][ T3511] RSP: 002b:00007fff5f8e6528 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[ 50.584258][ T3511] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 000000000046356a
[ 50.584715][ T3511] RDX: 0000000000000001 RSI: 0000000000001000 RDI: 0000000000000000
[ 50.585158][ T3511] RBP: 00000000000000c2 R08: 00000000000000c2 R09: 0000000000000000
[ 50.585601][ T3511] R10: 000000000004e872 R11: 0000000000000246 R12: 0000000000000000
[ 50.586046][ T3511] R13: 0000000000001000 R14: 000000000004e872 R15: 0000000000000000
[ 50.586508][ T3511] </TASK>
[ 50.586684][ T3511] Disabling lock debugging due to kernel taint
[ 50.710726][ T3511] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[ 50.712269][ T3511] trinity-main uses obsolete (PF_INET,SOCK_PACKET)
[ 50.839027][ T3511] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20240615/202406151149.22b3f2e7-lkp@xxxxxxxxx
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
