From: David Howells <dhowells@redhat.com>
To: "Liam R. Howlett" <Liam.Howlett@oracle.com>
Cc: dhowells@redhat.com, maple-tree@lists.infradead.org, linux-mm@kvack.org
Subject: kernel BUG at lib/maple_tree.c:1237!
Date: Tue, 19 Mar 2024 18:08:48 +0000 [thread overview]
Message-ID: <932184.1710871728@warthog.procyon.org.uk> (raw)
Hi Liam,
I managed to trigger a bug in the maple-tree. I don't know that it's
definitely your bug as I had a process stuck in the D state, but I don't
believe it was doing anything that modified maple trees at the time, just
waiting for PG_writeback on a folio. Anyway, I was running the generic/130
xfstest and pressed ctrl-C and got a bunch of oopses (see attached).
Unfortunately, I can't do anything to try and get more information as anything
that tries to clone() gets another oops.
The RIP is mas_alloc_nodes+0x55/0x16e:
mas_set_alloc_req(mas, 0);
if (mas->mas_flags & MA_STATE_PREALLOC) {
if (allocated)
return;
BUG_ON(!allocated); <------- 1237
WARN_ON(!allocated);
}
The base kernel is at commit bf3a69c6861f plus some of my patches, none of
which alter the maple-tree code or MM code.
David
---
kernel BUG at lib/maple_tree.c:1237!
invalid opcode: 0000 [#1] SMP PTI
CPU: 3 PID: 6242 Comm: rm Not tainted 6.8.0-build3+ #1653
Hardware name: ASUS All Series/H97-PLUS, BIOS 2306 10/09/2014
RIP: 0010:mas_alloc_nodes+0x55/0x16e
Code: ff 41 89 c5 45 85 ed 0f 84 23 01 00 00 31 f6 48 89 df e8 94 c5 ff ff 44 8a 63 3e 41 83 e4 04 74 0b 48 85 ed 0f 85 06 01 00 00 <0f> 0b 48 85 ed 74 0a 48 8b 43 30 80 78 08 1e 75 3a 8b 74 24 0c 48
RSP: 0018:ffff888141683978 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffff888141683be8 RCX: 0000000000000001
RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffff888141683be8
RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000071
R10: 0000000000000032 R11: 0000000000000000 R12: 0000000000000004
R13: 0000000000000001 R14: 0000000000000002 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff88840fb80000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055ae9ee6ace8 CR3: 000000011b0f2002 CR4: 00000000001706f0
Call Trace:
<TASK>
? __die_body+0x1a/0x5b
? die+0x30/0x49
? do_trap+0x7a/0xfd
? mas_alloc_nodes+0x55/0x16e
? mas_alloc_nodes+0x55/0x16e
? do_error_trap+0x6e/0x98
? mas_alloc_nodes+0x55/0x16e
? exc_invalid_op+0x49/0x5d
? mas_alloc_nodes+0x55/0x16e
? asm_exc_invalid_op+0x16/0x20
? mas_alloc_nodes+0x55/0x16e
? mas_alloc_nodes+0x42/0x16e
mas_wr_node_store+0xa1/0x27b
? folios_put_refs+0x158/0x180
? mas_wr_slot_store+0xf5/0x102
? mas_wr_modify+0xac/0xc3
? kmem_cache_debug_flags+0xc/0x1d
? kmem_cache_alloc+0x199/0x1c4
? mas_wr_node_walk+0xce/0xe5
mas_wr_modify+0x9e/0xc3
mas_store_prealloc+0x55/0x80
mmap_region+0x46d/0x607
do_mmap+0x3cf/0x432
vm_mmap_pgoff+0xcd/0x11e
elf_load+0x90/0x21e
load_elf_binary+0x449/0x99d
search_binary_handler+0xb3/0x204
exec_binprm+0x4a/0x132
bprm_execve.part.0+0xe4/0x16b
do_execveat_common.isra.0+0x193/0x1bc
do_execve+0x1f/0x25
__x64_sys_execve+0x26/0x2f
do_syscall_64+0x86/0xe5
entry_SYSCALL_64_after_hwframe+0x6c/0x74
RIP: 0033:0x7efea097f52b
Code: Unable to access opcode bytes at 0x7efea097f501.
RSP: 002b:00007ffc44619958 EFLAGS: 00000246 ORIG_RAX: 000000000000003b
RAX: ffffffffffffffda RBX: 000055ae9f1183a0 RCX: 00007efea097f52b
RDX: 000055ae9f111080 RSI: 000055ae9ee6ace0 RDI: 000055ae9f1183a0
RBP: 00007ffc44619a50 R08: 0000000000000001 R09: 0000000000000004
R10: 000055ae9f11a730 R11: 0000000000000246 R12: 00000000ffffffff
R13: 000055ae9f1183a0 R14: 000055ae9ee6ace0 R15: 000055ae9f111080
</TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:mas_alloc_nodes+0x55/0x16e
Code: ff 41 89 c5 45 85 ed 0f 84 23 01 00 00 31 f6 48 89 df e8 94 c5 ff ff 44 8a 63 3e 41 83 e4 04 74 0b 48 85 ed 0f 85 06 01 00 00 <0f> 0b 48 85 ed 74 0a 48 8b 43 30 80 78 08 1e 75 3a 8b 74 24 0c 48
RSP: 0018:ffff888141683978 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffff888141683be8 RCX: 0000000000000001
RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffff888141683be8
RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000071
R10: 0000000000000032 R11: 0000000000000000 R12: 0000000000000004
R13: 0000000000000001 R14: 0000000000000002 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff88840fb80000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007efea097f501 CR3: 000000011b0f2002 CR4: 00000000001706f0
stack segment: 0000 [#2] SMP PTI
CPU: 3 PID: 5912 Comm: (udev-worker) Tainted: G D 6.8.0-build3+ #1653
Hardware name: ASUS All Series/H97-PLUS, BIOS 2306 10/09/2014
RIP: 0010:kmem_cache_alloc+0xd7/0x1c4
Code: 28 74 05 48 85 ed 75 19 45 89 e9 4c 89 f1 83 ca ff 44 89 e6 48 89 df e8 04 ed ff ff 48 89 c5 eb 22 8b 43 28 48 89 ee 48 8b 3b <4c> 8b 7c 05 00 4c 89 fa e8 bf b9 ff ff 84 c0 74 af 8b 43 28 41 0f
RSP: 0018:ffff88810544bb60 EFLAGS: 00010286
RAX: 0000000000000080 RBX: ffff888100045b00 RCX: 00000000000091a7
RDX: 0000000000000001 RSI: ff88810ace190000 RDI: 0000000000032d90
RBP: ff88810ace190000 R08: ffff88840fbb2d90 R09: 0000000000000001
R10: 00000000ffffffff R11: 0000000000000000 R12: 0000000000002800
R13: 0000000000000100 R14: ffffffff81eaf5c3 R15: 0000000000000001
FS: 00007f993aecc980(0000) GS:ffff88840fb80000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000564286eb0320 CR3: 00000001416dc004 CR4: 00000000001706f0
Call Trace:
<TASK>
? __die_body+0x1a/0x5b
? die+0x30/0x49
? do_trap+0x7a/0xfd
? do_error_trap+0x6e/0x98
? exc_stack_segment+0x35/0x45
? asm_exc_stack_segment+0x22/0x30
? mas_alloc_nodes+0x76/0x16e
? kmem_cache_alloc+0xd7/0x1c4
mas_alloc_nodes+0x76/0x16e
? cgroup_rstat_updated+0x49/0xa5
mas_wr_node_store+0xa1/0x27b
? __slab_free+0x8c/0x233
? drain_obj_stock+0xa8/0xc9
? calculate_sigpending+0x2e/0x34
? __memcg_slab_free_hook+0x9b/0xb3
? __dequeue_signal+0xac/0xbc
? kmem_cache_free+0x114/0x154
? mas_wr_node_walk+0xce/0xe5
mas_wr_modify+0x9e/0xc3
mas_store_gfp+0x5a/0xb4
do_vmi_align_munmap.isra.0+0x1c8/0x354
__vm_munmap+0x92/0xcf
__x64_sys_munmap+0x17/0x1e
do_syscall_64+0x86/0xe5
entry_SYSCALL_64_after_hwframe+0x6c/0x74
RIP: 0033:0x7f993b8b40fb
Code: 73 01 c3 48 8b 0d 35 5d 0c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 0b 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 05 5d 0c 00 f7 d8 64 89 01 48
RSP: 002b:00007ffec5ec8648 EFLAGS: 00000206 ORIG_RAX: 000000000000000b
RAX: ffffffffffffffda RBX: 0000564286e9d840 RCX: 00007f993b8b40fb
RDX: 00000000ffffffff RSI: 0000000000c2dbec RDI: 00007f9939e00000
RBP: 00007ffec5ec8660 R08: 0000000000000010 R09: 0000000000000000
R10: 00007ffec5ec85d0 R11: 0000000000000206 R12: 0000564286e230d8
R13: 00007ffec5ec8710 R14: 0000564286e43a90 R15: 0000000000000000
</TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:mas_alloc_nodes+0x55/0x16e
Code: ff 41 89 c5 45 85 ed 0f 84 23 01 00 00 31 f6 48 89 df e8 94 c5 ff ff 44 8a
63 3e 41 83 e4 04 74 0b 48 85 ed 0f 85 06 01 00 00 <0f> 0b 48 85 ed 74 0a 48 8b 43 30 80 78 08 1e 75 3a 8b 74 24 0c 48
RSP: 0018:ffff888141683978 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffff888141683be8 RCX: 0000000000000001
RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffff888141683be8
RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000071
R10: 0000000000000032 R11: 0000000000000000 R12: 0000000000000004
R13: 0000000000000001 R14: 0000000000000002 R15: 0000000000000000
FS: 00007f993aecc980(0000) GS:ffff88840fb80000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000564286eb0320 CR3: 00000001416dc004 CR4: 00000000001706f0
stack segment: 0000 [#3] SMP PTI
CPU: 3 PID: 6246 Comm: (sd-rmrf) Tainted: G D 6.8.0-build3+ #1653
Hardware name: ASUS All Series/H97-PLUS, BIOS 2306 10/09/2014
RIP: 0010:kmem_cache_alloc+0xd7/0x1c4
Code: 28 74 05 48 85 ed 75 19 45 89 e9 4c 89 f1 83 ca ff 44 89 e6 48 89 df e8 04 ed ff ff 48 89 c5 eb 22 8b 43 28 48 89 ee 48 8b 3b <4c> 8b 7c 05 00 4c 89 fa e8 bf b9 ff ff 84 c0 74 af 8b 43 28 41 0f
RSP: 0018:ffff8881048dfc60 EFLAGS: 00010286
RAX: 0000000000000080 RBX: ffff888100045b00 RCX: 00000000000091a7
RDX: 0000000000000001 RSI: ff88810ace190000 RDI: 0000000000032d90
RBP: ff88810ace190000 R08: ffff88840fbb2d90 R09: 0000000000000040
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000cc0
R13: 0000000000000100 R14: ffffffff81eaf5c3 R15: 0000000000000000
FS: 00007fd912b3f980(0000) GS:ffff88840fb80000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fd912f2f6a0 CR3: 0000000141694003 CR4: 00000000001706f0
Call Trace:
<TASK>
? __die_body+0x1a/0x5b
? die+0x30/0x49
? do_trap+0x7a/0xfd
? do_error_trap+0x6e/0x98
? exc_stack_segment+0x35/0x45
? asm_exc_stack_segment+0x22/0x30
? mas_alloc_nodes+0x76/0x16e
? kmem_cache_alloc+0xd7/0x1c4
mas_alloc_nodes+0x76/0x16e
mas_preallocate+0x123/0x18a
mmap_region+0x44d/0x607
do_mmap+0x3cf/0x432
vm_mmap_pgoff+0xcd/0x11e
ksys_mmap_pgoff+0x15b/0x189
do_syscall_64+0x86/0xe5
entry_SYSCALL_64_after_hwframe+0x6c/0x74
RIP: 0033:0x7fd912f2f6cc
Code: 1e fa 41 f7 c1 ff 0f 00 00 75 33 55 48 89 e5 41 54 41 89 cc 53 48 89 fb 48 85 ff 74 41 45 89 e2 48 89 df b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 7c 5b 41 5c 5d c3 0f 1f 80 00 00 00 00 48 8b
RSP: 002b:00007ffc88b77340 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fd912f2f6cc
RDX: 0000000000000003 RSI: 0000000000001000 RDI: 0000000000000000
RBP: 00007ffc88b77350 R08: 00000000ffffffff R09: 0000000000000000
R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000022
R13: 0000000000000009 R14: 000000000000000a R15: 0000000000000018
</TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:mas_alloc_nodes+0x55/0x16e
Code: ff 41 89 c5 45 85 ed 0f 84 23 01 00 00 31 f6 48 89 df e8 94 c5 ff ff 44 8a 63 3e 41 83 e4 04 74 0b 48 85 ed 0f 85 06 01 00 00 <0f> 0b 48 85 ed 74 0a 48 8b 43 30 80 78 08 1e 75 3a 8b 74 24 0c 48
RSP: 0018:ffff888141683978 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffff888141683be8 RCX: 0000000000000001
RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffff888141683be8
RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000071
R10: 0000000000000032 R11: 0000000000000000 R12: 0000000000000004
R13: 0000000000000001 R14: 0000000000000002 R15: 0000000000000000
FS: 00007fd912b3f980(0000) GS:ffff88840fb80000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fd912f2f6a0 CR3: 0000000141694003 CR4: 00000000001706f0
Call Trace:
<TASK>
? __die_body+0x1a/0x5b
? die+0x30/0x49
? do_trap+0x7a/0xfd
? do_error_trap+0x6e/0x98
? exc_stack_segment+0x35/0x45
? asm_exc_stack_segment+0x22/0x30
? mas_dup_build.constprop.0+0x64/0x210
? kmem_cache_alloc+0xd7/0x1c4
? kmem_cache_alloc+0x5d/0x1c4
mas_dup_build.constprop.0+0x64/0x210
? pcpu_chunk_relocate+0x13/0x37
__mt_dup+0x70/0xb9
dup_mmap+0x164/0x4f7
copy_process+0x7e1/0x1261
kernel_clone+0xa1/0x204
? vfs_read+0x133/0x190
__do_sys_clone+0x65/0x8b
do_syscall_64+0x86/0xe5
entry_SYSCALL_64_after_hwframe+0x6c/0x74
RIP: 0033:0x7f4924f108e7
Code: c3 66 90 f3 0f 1e fa 64 48 8b 04 25 10 00 00 00 45 31 c0 31 d2 31 f6 bf 11
00 20 01 4c 8d 90 d0 02 00 00 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 39 89 c2 85 c0 75 2c 64 48 8b 04 25 10 00 00
RSP: 002b:00007ffe84193978 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f4924f108e7
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
RBP: 00007ffe84193a80 R08: 0000000000000000 R09: 0000000000000000
R10: 00007f4924c9df50 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000000
</TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:mas_alloc_nodes+0x55/0x16e
Code: ff 41 89 c5 45 85 ed 0f 84 23 01 00 00 31 f6 48 89 df e8 94 c5 ff ff 44 8a 63 3e 41 83 e4 04 74 0b 48 85 ed 0f 85 06 01 00 00 <0f> 0b 48 85 ed 74 0a 48 8b 43 30 80 78 08 1e 75 3a 8b 74 24 0c 48
RSP: 0018:ffff888141683978 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffff888141683be8 RCX: 0000000000000001
RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffff888141683be8
RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000071
R10: 0000000000000032 R11: 0000000000000000 R12: 0000000000000004
R13: 0000000000000001 R14: 0000000000000002 R15: 0000000000000000
FS: 00007f4924c9dc80(0000) GS:ffff88840fb80000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fa08addde1c CR3: 000000011d5ae002 CR4: 00000000001706f0
next reply other threads:[~2024-03-19 18:09 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-19 18:08 David Howells [this message]
2024-03-19 19:56 ` kernel BUG at lib/maple_tree.c:1237! Liam R. Howlett
2024-03-19 19:59 ` And here's a GPF for you David Howells
2024-03-21 15:09 ` kernel BUG at lib/maple_tree.c:1237! David Howells
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=932184.1710871728@warthog.procyon.org.uk \
--to=dhowells@redhat.com \
--cc=Liam.Howlett@oracle.com \
--cc=linux-mm@kvack.org \
--cc=maple-tree@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.