Greeting, FYI, we noticed the following commit (built with gcc-11): commit: 5a32db2a9fbeba1aebc8a7a18cae9e38873b7994 ("mm: start tracking VMAs with maple tree") https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git master in testcase: igt version: igt-x86_64-7c3ceb08-1_20220518 with following parameters: group: group-13 ucode: 0xc2 on test machine: 20 threads 1 sockets Commet Lake with 16G memory caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace): If you fix the issue, kindly add following tag Reported-by: kernel test robot kern :warn : [ 145.520879] WARNING: CPU: 3 PID: 2749 at mm/slub.c:3643 kmem_cache_free_bulk (mm/slub.c:3643 (discriminator 1)) kern :warn : [ 145.535092] Modules linked in: netconsole intel_rapl_msr intel_rapl_common btrfs blake2b_generic xor raid6_pq x86_pkg_temp_thermal intel_powerclamp zstd_compress coretemp libcrc32c sd_mod t10_pi ipmi_devintf kvm_intel ipmi_msghandler i915 crc64_rocksoft_generic kvm crc64_rocksoft crc64 intel_gtt sg drm_buddy drm_display_helper irqbypass ttm crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel drm_kms_helper sdhci_pci ahci cqhci rapl ppdev intel_wmi_thunderbolt wmi_bmof intel_cstate libahci sdhci syscopyarea parport_pc sysfillrect i2c_designware_platform mei_me intel_uncore sysimgblt serio_raw libata joydev mmc_core mei i2c_designware_core idma64 intel_pch_thermal fb_sys_fops wmi parport video acpi_tad intel_pmc_core acpi_pad drm fuse ip_tables kern :warn : [ 145.602685] CPU: 3 PID: 2749 Comm: gem_userptr_bli Not tainted 5.18.0-11966-g5a32db2a9fbe #1 kern :warn : [ 145.611909] RIP: 0010:kmem_cache_free_bulk (mm/slub.c:3643 (discriminator 1)) kern :warn : [ 145.617773] Code: 84 48 8b 55 08 f0 48 83 2a 01 0f 85 22 ff ff ff 48 8b 55 08 48 89 ef 48 8b 52 08 ff d2 0f 1f 00 b8 00 00 00 80 e9 08 ff ff ff <0f> 0b 48 83 c4 30 5b 5d 41 5c 41 5d 41 5e 41 5f c3 48 8b 0d 1e 6b All code ======== 0: 84 48 8b test %cl,-0x75(%rax) 3: 55 push %rbp 4: 08 f0 or %dh,%al 6: 48 83 2a 01 subq $0x1,(%rdx) a: 0f 85 22 ff ff ff jne 0xffffffffffffff32 10: 48 8b 55 08 mov 0x8(%rbp),%rdx 14: 48 89 ef mov %rbp,%rdi 17: 48 8b 52 08 mov 0x8(%rdx),%rdx 1b: ff d2 callq *%rdx 1d: 0f 1f 00 nopl (%rax) 20: b8 00 00 00 80 mov $0x80000000,%eax 25: e9 08 ff ff ff jmpq 0xffffffffffffff32 2a:* 0f 0b ud2 <-- trapping instruction 2c: 48 83 c4 30 add $0x30,%rsp 30: 5b pop %rbx 31: 5d pop %rbp 32: 41 5c pop %r12 34: 41 5d pop %r13 36: 41 5e pop %r14 38: 41 5f pop %r15 3a: c3 retq 3b: 48 rex.W 3c: 8b .byte 0x8b 3d: 0d .byte 0xd 3e: 1e (bad) 3f: 6b .byte 0x6b Code starting with the faulting instruction =========================================== 0: 0f 0b ud2 2: 48 83 c4 30 add $0x30,%rsp 6: 5b pop %rbx 7: 5d pop %rbp 8: 41 5c pop %r12 a: 41 5d pop %r13 c: 41 5e pop %r14 e: 41 5f pop %r15 10: c3 retq 11: 48 rex.W 12: 8b .byte 0x8b 13: 0d .byte 0xd 14: 1e (bad) 15: 6b .byte 0x6b kern :warn : [ 145.637336] RSP: 0018:ffffc90007d7f160 EFLAGS: 00010246 kern :warn : [ 145.643314] RAX: 0000000000000000 RBX: 0000000000000000 RCX: fffffbfff07c4fe0 kern :warn : [ 145.651213] RDX: ffff88844ac93450 RSI: 0000000000000000 RDI: ffff88810004e8c0 kern :warn : [ 145.659121] RBP: ffff88844ac93450 R08: ffff88844ac93450 R09: 0000000000000003 kern :warn : [ 145.667051] R10: ffff88844ac93420 R11: ffffffff83e27f03 R12: dffffc0000000000 kern :warn : [ 145.674941] R13: ffff88844ac93400 R14: 0000000000000000 R15: 0000000000000003 kern :warn : [ 145.682807] FS: 00007f1f51b36bc0(0000) GS:ffff8883a1f80000(0000) knlGS:0000000000000000 kern :warn : [ 145.691658] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 kern :warn : [ 145.698162] CR2: 00007f1f540bcfe0 CR3: 0000000458db6005 CR4: 00000000003706e0 kern :warn : [ 145.706056] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 kern :warn : [ 145.713952] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 kern :warn : [ 145.721853] Call Trace: kern :warn : [ 145.725062] kern :warn : [ 145.727921] ? _raw_write_lock_irq (kernel/locking/spinlock.c:153) kern :warn : [ 145.733133] ? mt_destroy_walk (lib/maple_tree.c:5454) kern :warn : [ 145.737988] ? kmem_cache_free (mm/slub.c:1753 mm/slub.c:3507 mm/slub.c:3524) kern :warn : [ 145.742774] mt_destroy_walk (lib/maple_tree.c:158 lib/maple_tree.c:5427) kern :warn : [ 145.747453] ? mas_mab_cp (lib/maple_tree.c:1921) kern :warn : [ 145.751912] ? mas_prev_entry (lib/maple_tree.c:5404) kern :warn : [ 145.756833] ? memcpy (mm/kasan/shadow.c:65 (discriminator 1)) kern :warn : [ 145.760738] mas_wmb_replace (lib/maple_tree.c:5472 lib/maple_tree.c:986 lib/maple_tree.c:2668) kern :warn : [ 145.765389] mas_spanning_rebalance+0x3828/0x8300 kern :warn : [ 145.771461] ? unwind_next_frame (arch/x86/kernel/unwind_orc.c:355 arch/x86/kernel/unwind_orc.c:600) kern :warn : [ 145.776664] ? arch_stack_walk (arch/x86/kernel/stacktrace.c:24) kern :warn : [ 145.781433] ? mas_destroy_rebalance (lib/maple_tree.c:2876) kern :warn : [ 145.786978] ? unwind_next_frame (arch/x86/kernel/unwind_orc.c:596) kern :warn : [ 145.792107] ? is_bpf_text_address (arch/x86/include/asm/preempt.h:85 include/linux/rcupdate.h:73 include/linux/rcupdate.h:727 kernel/bpf/core.c:716) kern :warn : [ 145.797141] ? kernel_text_address (kernel/extable.c:97 kernel/extable.c:94) kern :warn : [ 145.802260] ? __kernel_text_address (kernel/extable.c:79) kern :warn : [ 145.807380] ? unwind_get_return_address (arch/x86/kernel/unwind_orc.c:318 arch/x86/kernel/unwind_orc.c:313) kern :warn : [ 145.812932] ? create_prof_cpu_mask (kernel/stacktrace.c:83) kern :warn : [ 145.818049] ? mas_update_gap+0x202/0x680 kern :warn : [ 145.823427] ? memcpy (mm/kasan/shadow.c:65 (discriminator 1)) kern :warn : [ 145.827331] ? memcpy (mm/kasan/shadow.c:65 (discriminator 1)) kern :warn : [ 145.831234] ? mas_store_b_node (lib/maple_tree.c:2107) kern :warn : [ 145.836269] mas_wr_spanning_store+0x50e/0xe80 kern :warn : [ 145.842081] ? orc_find+0x1ed/0x300 kern :warn : [ 145.846951] ? mas_commit_b_node+0xcc0/0xcc0 kern :warn : [ 145.852589] ? unwind_next_frame (arch/x86/kernel/unwind_orc.c:596) kern :warn : [ 145.857674] ? drm_ioctl (drivers/gpu/drm/drm_ioctl.c:885) drm kern :warn : [ 145.862580] ? drm_ioctl (drivers/gpu/drm/drm_ioctl.c:885) drm kern :warn : [ 145.867476] ? arch_stack_walk (arch/x86/kernel/stacktrace.c:24) kern :warn : [ 145.872243] ? is_bpf_text_address (arch/x86/include/asm/preempt.h:85 include/linux/rcupdate.h:73 include/linux/rcupdate.h:727 kernel/bpf/core.c:716) kern :warn : [ 145.877240] ? kernel_text_address (kernel/extable.c:97 kernel/extable.c:94) kern :warn : [ 145.882356] ? __radix_tree_delete (arch/x86/include/asm/bitops.h:68 include/asm-generic/bitops/instrumented-non-atomic.h:28 lib/radix-tree.c:101 lib/radix-tree.c:943 lib/radix-tree.c:1372) kern :warn : [ 145.887556] ? mas_wr_store_entry+0x36e/0x1540 kern :warn : [ 145.893365] ? kasan_unpoison (mm/kasan/shadow.c:108 mm/kasan/shadow.c:142) kern :warn : [ 145.897953] mas_store_prealloc (lib/maple_tree.c:248 lib/maple_tree.c:5570) kern :warn : [ 145.902806] ? mas_destroy (lib/maple_tree.c:5564) kern :warn : [ 145.907281] __do_munmap (mm/mmap.c:2913 mm/mmap.c:3105) kern :warn : [ 145.911701] ? drm_ioctl (drivers/gpu/drm/drm_ioctl.c:886) drm kern :warn : [ 145.916567] ? split_vma (mm/mmap.c:3027) kern :warn : [ 145.920982] ? security_mmap_file (security/security.c:1592) kern :warn : [ 145.925983] __vm_munmap (mm/mmap.c:3140) kern :warn : [ 145.930234] ? __do_munmap (mm/mmap.c:3132) kern :warn : [ 145.934887] __x64_sys_munmap (mm/mmap.c:3162) kern :warn : [ 145.939478] do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80) kern :warn : [ 145.943781] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:115) kern :warn : [ 145.949567] RIP: 0033:0x7f1f53d9fbf7 kern :warn : [ 145.953873] Code: 38 eb 85 48 8b 15 99 52 0c 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb 85 66 2e 0f 1f 84 00 00 00 00 00 90 b8 0b 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 69 52 0c 00 f7 d8 64 89 01 48 All code ======== 0: 38 eb cmp %ch,%bl 2: 85 48 8b test %ecx,-0x75(%rax) 5: 15 99 52 0c 00 adc $0xc5299,%eax a: f7 d8 neg %eax c: 64 89 02 mov %eax,%fs:(%rdx) f: 48 c7 c0 ff ff ff ff mov $0xffffffffffffffff,%rax 16: eb 85 jmp 0xffffffffffffff9d 18: 66 2e 0f 1f 84 00 00 nopw %cs:0x0(%rax,%rax,1) 1f: 00 00 00 22: 90 nop 23: b8 0b 00 00 00 mov $0xb,%eax 28: 0f 05 syscall 2a:* 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax <-- trapping instruction 30: 73 01 jae 0x33 32: c3 retq 33: 48 8b 0d 69 52 0c 00 mov 0xc5269(%rip),%rcx # 0xc52a3 3a: f7 d8 neg %eax 3c: 64 89 01 mov %eax,%fs:(%rcx) 3f: 48 rex.W Code starting with the faulting instruction =========================================== 0: 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax 6: 73 01 jae 0x9 8: c3 retq 9: 48 8b 0d 69 52 0c 00 mov 0xc5269(%rip),%rcx # 0xc5279 10: f7 d8 neg %eax 12: 64 89 01 mov %eax,%fs:(%rcx) 15: 48 rex.W To reproduce: git clone https://github.com/intel/lkp-tests.git cd lkp-tests sudo bin/lkp install job.yaml # job file is attached in this email bin/lkp split-job --compatible job.yaml # generate the yaml file for lkp run sudo bin/lkp run generated-yaml-file # if come across any failure that blocks the test, # please remove ~/.lkp and /lkp dir to run from a clean state. -- 0-DAY CI Kernel Test Service https://01.org/lkp