Re: [PATCH v1 2/4] mm: memcg: merge multiple page_counters into a single structure

From: kernel test robot
Date: Fri May 10 2024 - 03:16:09 EST


Hello,

kernel test robot noticed "WARNING:at_mm/page_counter.c:#page_counter_cancel" on:

commit: 214583b2262ef6157ee9834fa23a7da8f2292dd2 ("[PATCH v1 2/4] mm: memcg: merge multiple page_counters into a single structure")
url: https://github.com/intel-lab-lkp/linux/commits/Roman-Gushchin/mm-memcg-convert-enum-res_type-to-mem_counter_type/20240504-042046
base: https://git.kernel.org/cgit/linux/kernel/git/akpm/mm.git mm-everything
patch link: https://lore.kernel.org/all/20240503201835.2969707-3-roman.gushchin@xxxxxxxxx/
patch subject: [PATCH v1 2/4] mm: memcg: merge multiple page_counters into a single structure

in testcase: ltp
version: ltp-x86_64-14c1f76-1_20240504
with following parameters:

disk: 1HDD
fs: xfs
test: syscalls-03

compiler: gcc-13
test machine: 4 threads 1 sockets Intel(R) Core(TM) i3-3220 CPU @ 3.30GHz (Ivy Bridge) with 8G memory

(please refer to attached dmesg/kmsg for entire log/backtrace)

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <yujie.liu@xxxxxxxxx>
| Closes: https://lore.kernel.org/oe-lkp/202405101421.84a43285-lkp@xxxxxxxxx


kern :warn : [ 551.565920] ------------[ cut here ]------------
kern :warn : [ 551.573137] page_counter underflow: -512 nr_pages=512
kern :warn : [ 551.585841] WARNING: CPU: 0 PID: 6724 at mm/page_counter.c:58 page_counter_cancel (mm/page_counter.c:58 (discriminator 1))
kern :warn : [ 551.810031] CPU: 0 PID: 6724 Comm: memfd_create03 Tainted: G S 6.9.0-rc4-00574-g214583b2262e #1
kern :warn : [ 551.820871] Hardware name: Hewlett-Packard HP Pro 3340 MT/17A1, BIOS 8.07 01/24/2013
kern :warn : [ 551.829368] RIP: 0010:page_counter_cancel (mm/page_counter.c:58 (discriminator 1))
kern :warn : [ 551.835103] Code: 3c 02 00 75 4f 49 c7 04 24 00 00 00 00 31 f6 e9 71 ff ff ff 48 89 ea 48 c7 c7 a0 88 f6 83 c6 05 06 21 d6 03 01 e8 84 d9 72 ff <0f> 0b eb ad 48 89 34 24 e8 d7 94 fb ff 48 8b 34 24 e9 67 ff ff ff
All code
========
0: 3c 02 cmp $0x2,%al
2: 00 75 4f add %dh,0x4f(%rbp)
5: 49 c7 04 24 00 00 00 movq $0x0,(%r12)
c: 00
d: 31 f6 xor %esi,%esi
f: e9 71 ff ff ff jmp 0xffffffffffffff85
14: 48 89 ea mov %rbp,%rdx
17: 48 c7 c7 a0 88 f6 83 mov $0xffffffff83f688a0,%rdi
1e: c6 05 06 21 d6 03 01 movb $0x1,0x3d62106(%rip) # 0x3d6212b
25: e8 84 d9 72 ff call 0xffffffffff72d9ae
2a:* 0f 0b ud2 <-- trapping instruction
2c: eb ad jmp 0xffffffffffffffdb
2e: 48 89 34 24 mov %rsi,(%rsp)
32: e8 d7 94 fb ff call 0xfffffffffffb950e
37: 48 8b 34 24 mov (%rsp),%rsi
3b: e9 67 ff ff ff jmp 0xffffffffffffffa7

Code starting with the faulting instruction
===========================================
0: 0f 0b ud2
2: eb ad jmp 0xffffffffffffffb1
4: 48 89 34 24 mov %rsi,(%rsp)
8: e8 d7 94 fb ff call 0xfffffffffffb94e4
d: 48 8b 34 24 mov (%rsp),%rsi
11: e9 67 ff ff ff jmp 0xffffffffffffff7d
kern :warn : [ 551.854617] RSP: 0018:ffffc9000817fb58 EFLAGS: 00010286
kern :warn : [ 551.860610] RAX: 0000000000000000 RBX: ffff8881001c4100 RCX: ffffffff8239a90e
kern :warn : [ 551.868499] RDX: 1ffff11030706a6c RSI: 0000000000000008 RDI: ffff888183835360
kern :warn : [ 551.876394] RBP: 0000000000000200 R08: 0000000000000001 R09: fffff5200102ff23
kern :warn : [ 551.884295] R10: ffffc9000817f91f R11: 205d363233542020 R12: ffff8881001c4100
kern :warn : [ 551.892184] R13: 0000000000000000 R14: 0000000000000000 R15: ffffffff869a1de8
kern :warn : [ 551.900067] FS: 00007f45c0bc1740(0000) GS:ffff888183800000(0000) knlGS:0000000000000000
kern :warn : [ 551.908910] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
kern :warn : [ 551.915420] CR2: 00007f45c0c73900 CR3: 0000000206448002 CR4: 00000000001706f0
kern :warn : [ 551.923304] Call Trace:
kern :warn : [ 551.926508] <TASK>
kern :warn : [ 551.929366] ? __warn (kernel/panic.c:694)
kern :warn : [ 551.933354] ? page_counter_cancel (mm/page_counter.c:58 (discriminator 1))
kern :warn : [ 551.938467] ? report_bug (lib/bug.c:180 lib/bug.c:219)
kern :warn : [ 551.942892] ? handle_bug (arch/x86/kernel/traps.c:239 (discriminator 1))
kern :warn : [ 551.947142] ? exc_invalid_op (arch/x86/kernel/traps.c:260 (discriminator 1))
kern :warn : [ 551.951741] ? asm_exc_invalid_op (arch/x86/include/asm/idtentry.h:621)
kern :warn : [ 551.956684] ? llist_add_batch (lib/llist.c:33 (discriminator 14))
kern :warn : [ 551.961451] ? page_counter_cancel (mm/page_counter.c:58 (discriminator 1))
kern :warn : [ 551.966564] ? page_counter_cancel (mm/page_counter.c:58 (discriminator 1))
kern :warn : [ 551.971674] page_counter_uncharge (mm/page_counter.c:168 (discriminator 3))
kern :warn : [ 551.976706] hugetlb_cgroup_uncharge_counter (mm/hugetlb_cgroup.c:392)
kern :warn : [ 551.982684] hugetlb_vm_op_close (mm/hugetlb.c:5222)
kern :warn : [ 551.987713] remove_vma (mm/mmap.c:142)
kern :warn : [ 551.991870] do_vmi_align_munmap (mm/mmap.c:2336 mm/mmap.c:2685)
kern :warn : [ 551.996897] ? __pfx_do_vmi_align_munmap (mm/mmap.c:2561)
kern :warn : [ 552.002446] do_vmi_munmap (mm/mmap.c:2757)
kern :warn : [ 552.006948] __vm_munmap (mm/mmap.c:3036)
kern :warn : [ 552.011288] ? __pfx___vm_munmap (mm/mmap.c:3027)
kern :warn : [ 552.016138] ? __pfx_ksys_write (fs/read_write.c:633)
kern :warn : [ 552.020914] __x64_sys_munmap (mm/mmap.c:3050)
kern :warn : [ 552.025509] do_syscall_64 (arch/x86/entry/common.c:52 (discriminator 1) arch/x86/entry/common.c:83 (discriminator 1))
kern :warn : [ 552.029924] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)
kern :warn : [ 552.035733] RIP: 0033:0x7f45c0cc58f7
kern :warn : [ 552.040067] Code: 00 00 00 48 8b 15 09 05 0d 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 0b 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d d9 04 0d 00 f7 d8 64 89 01 48
All code
========
0: 00 00 add %al,(%rax)
2: 00 48 8b add %cl,-0x75(%rax)
5: 15 09 05 0d 00 adc $0xd0509,%eax
a: f7 d8 neg %eax
c: 64 89 02 mov %eax,%fs:(%rdx)
f: 48 c7 c0 ff ff ff ff mov $0xffffffffffffffff,%rax
16: c3 ret
17: 66 2e 0f 1f 84 00 00 cs nopw 0x0(%rax,%rax,1)
1e: 00 00 00
21: 66 90 xchg %ax,%ax
23: b8 0b 00 00 00 mov $0xb,%eax
28: 0f 05 syscall
2a:* 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax <-- trapping instruction
30: 73 01 jae 0x33
32: c3 ret
33: 48 8b 0d d9 04 0d 00 mov 0xd04d9(%rip),%rcx # 0xd0513
3a: f7 d8 neg %eax
3c: 64 89 01 mov %eax,%fs:(%rcx)
3f: 48 rex.W

Code starting with the faulting instruction
===========================================
0: 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax
6: 73 01 jae 0x9
8: c3 ret
9: 48 8b 0d d9 04 0d 00 mov 0xd04d9(%rip),%rcx # 0xd04e9
10: f7 d8 neg %eax
12: 64 89 01 mov %eax,%fs:(%rcx)
15: 48 rex.W


The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20240510/202405101421.84a43285-lkp@xxxxxxxxx

--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki