Hello, kernel test robot noticed "BUG:Bad_rss-counter_state_mm:#type:MM_FILEPAGES_val" on: commit: e56e7042dca07a9de8c957c1d67f246b8f8183ee ("[PATCH 23/34] maple_tree: Try harder to keep active node after mas_next()") url: https://github.com/intel-lab-lkp/linux/commits/Liam-R-Howlett/maple_tree-Fix-static-analyser-cppcheck-issue/20230425-233958 base: https://git.kernel.org/cgit/linux/kernel/git/akpm/mm.git mm-everything patch link: https://lore.kernel.org/all/20230425140955.3834476-24-Liam.Howlett@oracle.com/ patch subject: [PATCH 23/34] maple_tree: Try harder to keep active node after mas_next() in testcase: trinity version: with following parameters: runtime: 300s test-description: Trinity is a linux system call fuzz tester. test-url: http://codemonkey.org.uk/projects/trinity/ compiler: gcc-11 test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G (please refer to attached dmesg/kmsg for entire log/backtrace) If you fix the issue, kindly add following tag | Reported-by: kernel test robot | Link: https://lore.kernel.org/oe-lkp/202305041024.5bf914bf-yujie.liu@intel.com [ 25.976555][ T2770] BUG: Bad rss-counter state mm:00000000f0004b17 type:MM_FILEPAGES val:2467 [ 25.979876][ T2770] BUG: Bad rss-counter state mm:00000000f0004b17 type:MM_ANONPAGES val:815 [ 25.981154][ T2770] BUG: non-zero pgtables_bytes on freeing mm: 53248 [ 26.897355][ T3061] Zero length message leads to an empty skb [ 26.935222][ T26] audit: type=1326 audit(1682538244.461:4): auid=4294967295 uid=65534 gid=65534 ses=4294967295 pid=3061 comm="trinity-c2" exe="/bin/trinity" sig=9 arch=c000003e syscall=8 compat=0 ip=0x454ba7 code=0x0 [ 26.939639][ T1430] [main] 10391 iterations. [F:7791 S:2536 HI:1723] [ 26.939649][ T1430] [ 27.950645][ T26] audit: type=1326 audit(1682538245.477:5): auid=4294967295 uid=65534 gid=65534 ses=4294967295 pid=2950 comm="trinity-c0" exe="/bin/trinity" sig=9 arch=c000003e syscall=8 compat=0 ip=0x454ba7 code=0x0 [ 30.095254][ T26] audit: type=1326 audit(1682538247.625:6): auid=4294967295 uid=65534 gid=65534 ses=4294967295 pid=3070 comm="trinity-c5" exe="/bin/trinity" sig=9 arch=c000003e syscall=8 compat=0 ip=0x454ba7 code=0x0 [ 30.269599][ T3095] scsi_nl_rcv_msg: discarding partial skb [ 31.025282][ T26] audit: type=1326 audit(1682538248.553:7): auid=4294967295 uid=65534 gid=65534 ses=4294967295 pid=3099 comm="trinity-c0" exe="/bin/trinity" sig=9 arch=c000003e syscall=8 compat=0 ip=0x454ba7 code=0x0 [ 32.299465][ T1430] [main] 20608 iterations. [F:15638 S:4833 HI:1813] [ 32.299476][ T1430] [ 33.365345][ T3089] can: request_module (can-proto-3) failed. [ 34.241128][ T3280] futex_wake_op: trinity-c7 tries to shift op by -1; fix this program [ 41.300839][ T1430] [main] 31062 iterations. [F:23567 S:7302 HI:2941] [ 41.300851][ T1430] [ 41.395010][ T3261] futex_wake_op: trinity-c4 tries to shift op by 1917; fix this program [ 51.944041][ T3471] BUG: Bad rss-counter state mm:00000000dcb60c0e type:MM_FILEPAGES val:2467 [ 51.945501][ T3471] BUG: Bad rss-counter state mm:00000000dcb60c0e type:MM_ANONPAGES val:860 [ 51.946758][ T3471] BUG: non-zero pgtables_bytes on freeing mm: 53248 [ 53.949886][ T2770] BUG: Bad rss-counter state mm:000000005666b194 type:MM_FILEPAGES val:2467 [ 53.951288][ T2770] BUG: Bad rss-counter state mm:000000005666b194 type:MM_ANONPAGES val:847 [ 53.952547][ T2770] BUG: non-zero pgtables_bytes on freeing mm: 53248 [ 56.044667][ T1430] [main] 41190 iterations. [F:31257 S:9679 HI:2944] [ 56.044680][ T1430] [ 57.218048][ T3537] BUG: Bad rss-counter state mm:00000000076661cb type:MM_ANONPAGES val:4 [ 57.219389][ T3537] BUG: non-zero pgtables_bytes on freeing mm: 16384 [ 58.107193][ T2770] BUG: Bad rss-counter state mm:000000003f7bfeb5 type:MM_FILEPAGES val:2467 [ 58.108592][ T2770] BUG: Bad rss-counter state mm:000000003f7bfeb5 type:MM_ANONPAGES val:846 [ 58.109885][ T2770] BUG: non-zero pgtables_bytes on freeing mm: 53248 [ 60.294818][ T26] audit: type=1326 audit(1682538277.821:8): auid=4294967295 uid=65534 gid=65534 ses=4294967295 pid=3565 comm="trinity-c6" exe="/bin/trinity" sig=9 arch=c000003e syscall=8 compat=0 ip=0x454ba7 code=0x0 [ 62.443729][ T26] audit: type=1326 audit(1682538279.973:9): auid=4294967295 uid=65534 gid=65534 ses=4294967295 pid=3589 comm="trinity-c4" exe="/bin/trinity" sig=9 arch=c000003e syscall=8 compat=0 ip=0x454ba7 code=0x0 kvm=( qemu-system-x86_64 -enable-kvm -cpu SandyBridge -kernel $kernel -initrd initrd-vm-meta-89.cgz -m 16384 -smp 2 -device e1000,netdev=net0 -netdev user,id=net0,hostfwd=tcp::32032-:22 -boot order=nc -no-reboot -device i6300esb -watchdog-action debug -rtc base=localtime -serial stdio -display none -monitor null ) append=( ip=::::vm-meta-89::dhcp root=/dev/ram0 RESULT_ROOT=/result/trinity/300s/vm-snb/quantal-x86_64-core-20190426.cgz/x86_64-kexec/gcc-11/e56e7042dca07a9de8c957c1d67f246b8f8183ee/1 BOOT_IMAGE=/pkg/linux/x86_64-kexec/gcc-11/e56e7042dca07a9de8c957c1d67f246b8f8183ee/vmlinuz-6.3.0-rc5-00661-ge56e7042dca0 branch=linux-review/Liam-R-Howlett/maple_tree-Fix-static-analyser-cppcheck-issue/20230425-233958 job=/job-script user=lkp ARCH=x86_64 kconfig=x86_64-kexec commit=e56e7042dca07a9de8c957c1d67f246b8f8183ee initcall_debug nmi_watchdog=0 vmalloc=256M initramfs_async=0 page_owner=on max_uptime=1200 result_service=tmpfs selinux=0 debug apic=debug sysrq_always_enabled rcupdate.rcu_cpu_stall_timeout=100 net.ifnames=0 printk.devkmsg=on panic=-1 softlockup_panic=1 nmi_watchdog=panic oops=panic load_ramdisk=2 prompt_ramdisk=0 drbd.minor_count=8 systemd.log_level=err ignore_loglevel console=tty0 earlyprintk=ttyS0,115200 console=ttyS0,115200 vga=normal rw rcuperf.shutdown=0 watchdog_thresh=240 ) "${kvm[@]}" -append "${append[*]}" To reproduce: # build kernel cd linux cp config-6.3.0-rc5-00661-ge56e7042dca0 .config make HOSTCC=gcc-11 CC=gcc-11 ARCH=x86_64 olddefconfig prepare modules_prepare bzImage modules make HOSTCC=gcc-11 CC=gcc-11 ARCH=x86_64 INSTALL_MOD_PATH= modules_install cd find lib/ | cpio -o -H newc --quiet | gzip > modules.cgz git clone https://github.com/intel/lkp-tests.git cd lkp-tests bin/lkp qemu -k -m modules.cgz job-script # job-script is attached in this email # if come across any failure that blocks the test, # please remove ~/.lkp and /lkp dir to run from a clean state. -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests