[LTP] [PATCH 12/32] hugetlbfs: Stop using i_private_data
kernel test robot
oliver.sang@intel.com
Tue Mar 10 08:24:00 CET 2026
Hello,
kernel test robot noticed "BUG:KASAN:wild-memory-access_in_raw_spin_lock" on:
commit: 75576f3c4ced72ab572ee9275b464cd79763fd85 ("[PATCH 12/32] hugetlbfs: Stop using i_private_data")
url: https://github.com/intel-lab-lkp/linux/commits/Jan-Kara/fat-Sync-and-invalidate-metadata-buffers-from-fat_evict_inode/20260303-183910
base: https://git.kernel.org/cgit/linux/kernel/git/vfs/vfs.git vfs.all
patch link: https://lore.kernel.org/all/20260303103406.4355-44-jack@suse.cz/
patch subject: [PATCH 12/32] hugetlbfs: Stop using i_private_data
in testcase: ltp
version:
with following parameters:
test: hugetlb
config: x86_64-rhel-9.4-ltp
compiler: gcc-14
test machine: 8 threads 1 sockets Intel(R) Core(TM) i7-7700 CPU @ 3.60GHz (Kaby Lake) with 32G memory
(please refer to attached dmesg/kmsg for entire log/backtrace)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@intel.com>
| Closes: https://lore.kernel.org/oe-lkp/202603101532.fecbeae3-lkp@intel.com
[ 270.445802][ T4529] BUG: KASAN: wild-memory-access in _raw_spin_lock (include/linux/instrumented.h:55 include/linux/atomic/atomic-instrumented.h:1301 include/asm-generic/qspinlock.h:111 include/linux/spinlock.h:187 include/linux/spinlock_api_smp.h:159 kernel/locking/spinlock.c:154)
[ 270.453010][ T4529] Write of size 4 at addr ccccccccccccccd0 by task hugefallocate01/4529
[ 270.461165][ T4529]
[ 270.463347][ T4529] CPU: 2 UID: 0 PID: 4529 Comm: hugefallocate01 Tainted: G S I 7.0.0-rc1-00214-g75576f3c4ced #1 PREEMPT(lazy)
[ 270.463352][ T4529] Tainted: [S]=CPU_OUT_OF_SPEC, [I]=FIRMWARE_WORKAROUND
[ 270.463353][ T4529] Hardware name: Dell Inc. OptiPlex 7050/062KRH, BIOS 1.2.0 12/22/2016
[ 270.463355][ T4529] Call Trace:
[ 270.463356][ T4529] <TASK>
[ 270.463358][ T4529] dump_stack_lvl (lib/dump_stack.c:122)
[ 270.463362][ T4529] ? _raw_spin_lock (include/linux/instrumented.h:55 include/linux/atomic/atomic-instrumented.h:1301 include/asm-generic/qspinlock.h:111 include/linux/spinlock.h:187 include/linux/spinlock_api_smp.h:159 kernel/locking/spinlock.c:154)
[ 270.463365][ T4529] kasan_report (mm/kasan/report.c:597)
[ 270.463369][ T4529] ? _raw_spin_lock (include/linux/instrumented.h:55 include/linux/atomic/atomic-instrumented.h:1301 include/asm-generic/qspinlock.h:111 include/linux/spinlock.h:187 include/linux/spinlock_api_smp.h:159 kernel/locking/spinlock.c:154)
[ 270.463372][ T4529] kasan_check_range (mm/kasan/generic.c:186 (discriminator 1) mm/kasan/generic.c:200 (discriminator 1))
[ 270.463374][ T4529] _raw_spin_lock (include/linux/instrumented.h:55 include/linux/atomic/atomic-instrumented.h:1301 include/asm-generic/qspinlock.h:111 include/linux/spinlock.h:187 include/linux/spinlock_api_smp.h:159 kernel/locking/spinlock.c:154)
[ 270.463377][ T4529] ? __pfx__raw_spin_lock (kernel/locking/spinlock.c:153)
[ 270.463380][ T4529] ? filemap_get_folios_tag (include/linux/pagevec.h:56 mm/filemap.c:2359)
[ 270.463384][ T4529] region_del (mm/hugetlb.c:864)
[ 270.463387][ T4529] hugetlb_unreserve_pages (mm/hugetlb.c:6757)
[ 270.463390][ T4529] remove_inode_hugepages (fs/hugetlbfs/inode.c:616)
[ 270.463394][ T4529] ? __pfx_remove_inode_hugepages (fs/hugetlbfs/inode.c:579)
[ 270.463398][ T4529] ? stack_trace_save (kernel/stacktrace.c:123)
[ 270.463403][ T4529] ? __pfx_stack_trace_save (kernel/stacktrace.c:114)
[ 270.463407][ T4529] ? stack_depot_save_flags (lib/stackdepot.c:667)
[ 270.463411][ T4529] ? kasan_save_stack (mm/kasan/common.c:59)
[ 270.463413][ T4529] ? kasan_save_stack (mm/kasan/common.c:58)
[ 270.463415][ T4529] ? kasan_record_aux_stack (mm/kasan/generic.c:556 (discriminator 1))
[ 270.463417][ T4529] ? __call_rcu_common+0xc9/0x970
[ 270.463421][ T4529] ? deactivate_locked_super (fs/super.c:476)
[ 270.463426][ T4529] ? cleanup_mnt (fs/namespace.c:227 fs/namespace.c:1313)
[ 270.463430][ T4529] ? inode_wait_for_writeback (arch/x86/include/asm/atomic.h:23 include/linux/atomic/atomic-arch-fallback.h:457 include/linux/atomic/atomic-instrumented.h:33 include/asm-generic/qspinlock.h:57 fs/fs-writeback.c:1598)
[ 270.463433][ T4529] ? __pfx_inode_wait_for_writeback (fs/fs-writeback.c:1594)
[ 270.463455][ T4529] ? __call_rcu_common+0xc9/0x970
[ 270.463458][ T4529] ? task_work_run (kernel/task_work.c:235)
[ 270.463460][ T4529] ? exit_to_user_mode_loop (include/linux/memcontrol.h:915 (discriminator 2) include/linux/resume_user_mode.h:59 (discriminator 2) kernel/entry/common.c:67 (discriminator 2) kernel/entry/common.c:98 (discriminator 2))
[ 270.463463][ T4529] ? do_syscall_64 (include/linux/irq-entry-common.h:226 include/linux/irq-entry-common.h:256 include/linux/entry-common.h:325 arch/x86/entry/syscall_64.c:100)
[ 270.463465][ T4529] ? entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)
[ 270.463468][ T4529] ? _raw_spin_lock (arch/x86/include/asm/atomic.h:107 (discriminator 4) include/linux/atomic/atomic-arch-fallback.h:2170 (discriminator 4) include/linux/atomic/atomic-instrumented.h:1302 (discriminator 4) include/asm-generic/qspinlock.h:111 (discriminator 4) include/linux/spinlock.h:187 (discriminator 4) include/linux/spinlock_api_smp.h:159 (discriminator 4) kernel/locking/spinlock.c:154 (discriminator 4))
[ 270.463483][ T4529] ? __pfx__raw_spin_lock (kernel/locking/spinlock.c:153)
[ 270.463486][ T4529] hugetlbfs_evict_inode (fs/hugetlbfs/inode.c:625 (discriminator 1))
[ 270.463489][ T4529] evict (fs/inode.c:849)
[ 270.463507][ T4529] ? __pfx_evict (fs/inode.c:822)
[ 270.463511][ T4529] ? __pfx__raw_spin_lock (kernel/locking/spinlock.c:153)
[ 270.463514][ T4529] ? _raw_spin_trylock (arch/x86/include/asm/atomic.h:107 (discriminator 4) include/linux/atomic/atomic-arch-fallback.h:2170 (discriminator 4) include/linux/atomic/atomic-instrumented.h:1302 (discriminator 4) include/asm-generic/qspinlock.h:97 (discriminator 4) include/linux/spinlock.h:193 (discriminator 4) include/linux/spinlock_api_smp.h:90 (discriminator 4) kernel/locking/spinlock.c:138 (discriminator 4))
[ 270.463517][ T4529] ? iput (fs/inode.c:1963 fs/inode.c:2012 fs/inode.c:1975)
[ 270.463519][ T4529] __dentry_kill (fs/dcache.c:673 (discriminator 51))
[ 270.463522][ T4529] finish_dput (fs/dcache.c:879)
[ 270.463525][ T4529] shrink_dcache_for_umount (fs/dcache.c:920 fs/dcache.c:1657 fs/dcache.c:1671)
[ 270.463528][ T4529] ? __pfx___call_rcu_common+0x10/0x10
[ 270.463531][ T4529] generic_shutdown_super (fs/super.c:625)
[ 270.463534][ T4529] kill_anon_super (fs/super.c:437 fs/super.c:1293)
[ 270.463536][ T4529] deactivate_locked_super (fs/super.c:437 fs/super.c:478)
[ 270.463538][ T4529] cleanup_mnt (fs/namespace.c:227 fs/namespace.c:1313)
[ 270.463540][ T4529] task_work_run (kernel/task_work.c:235)
[ 270.463543][ T4529] ? __pfx_task_work_run (kernel/task_work.c:201)
[ 270.463545][ T4529] ? __x64_sys_umount (fs/namespace.c:2065 fs/namespace.c:2070 fs/namespace.c:2068 fs/namespace.c:2068)
[ 270.463547][ T4529] exit_to_user_mode_loop (include/linux/memcontrol.h:915 (discriminator 2) include/linux/resume_user_mode.h:59 (discriminator 2) kernel/entry/common.c:67 (discriminator 2) kernel/entry/common.c:98 (discriminator 2))
[ 270.463550][ T4529] do_syscall_64 (include/linux/irq-entry-common.h:226 include/linux/irq-entry-common.h:256 include/linux/entry-common.h:325 arch/x86/entry/syscall_64.c:100)
[ 270.463552][ T4529] ? __pfx_vfs_write (fs/read_write.c:669)
[ 270.463555][ T4529] ? fdget_pos (include/linux/atomic/atomic-arch-fallback.h:479 (discriminator 2) include/linux/atomic/atomic-instrumented.h:50 (discriminator 2) fs/file.c:1196 (discriminator 2) fs/file.c:1210 (discriminator 2) fs/file.c:1256 (discriminator 2))
[ 270.463558][ T4529] ? fdget_pos (include/linux/atomic/atomic-arch-fallback.h:479 (discriminator 2) include/linux/atomic/atomic-instrumented.h:50 (discriminator 2) fs/file.c:1196 (discriminator 2) fs/file.c:1210 (discriminator 2) fs/file.c:1256 (discriminator 2))
[ 270.463560][ T4529] ? ksys_write (fs/read_write.c:740)
[ 270.463563][ T4529] ? ksys_write (fs/read_write.c:740)
[ 270.463566][ T4529] ? __pfx_ksys_write (fs/read_write.c:730)
[ 270.463571][ T4529] ? do_syscall_64 (arch/x86/include/asm/atomic64_64.h:15 include/linux/atomic/atomic-arch-fallback.h:2583 include/linux/atomic/atomic-long.h:38 include/linux/atomic/atomic-instrumented.h:3189 include/linux/unwind_deferred.h:37 include/linux/irq-entry-common.h:296 include/linux/entry-common.h:327 arch/x86/entry/syscall_64.c:100)
[ 270.463574][ T4529] ? do_syscall_64 (arch/x86/include/asm/atomic64_64.h:15 include/linux/atomic/atomic-arch-fallback.h:2583 include/linux/atomic/atomic-long.h:38 include/linux/atomic/atomic-instrumented.h:3189 include/linux/unwind_deferred.h:37 include/linux/irq-entry-common.h:296 include/linux/entry-common.h:327 arch/x86/entry/syscall_64.c:100)
[ 270.463578][ T4529] ? irqentry_exit (arch/x86/include/asm/atomic64_64.h:15 include/linux/atomic/atomic-arch-fallback.h:2583 include/linux/atomic/atomic-long.h:38 include/linux/atomic/atomic-instrumented.h:3189 include/linux/unwind_deferred.h:37 include/linux/irq-entry-common.h:296 include/linux/irq-entry-common.h:341 kernel/entry/common.c:219)
[ 270.463581][ T4529] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)
[ 270.463583][ T4529] RIP: 0033:0x7fc1ffd84217
[ 270.463586][ T4529] Code: 0d 00 f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 8b 15 c9 4b 0d 00 f7 d8 64 89 02 b8
All code
========
0: 0d 00 f7 d8 64 or $0x64d8f700,%eax
5: 89 02 mov %eax,(%rdx)
7: b8 ff ff ff ff mov $0xffffffff,%eax
c: c3 ret
d: 66 0f 1f 44 00 00 nopw 0x0(%rax,%rax,1)
13: 31 f6 xor %esi,%esi
15: e9 09 00 00 00 jmp 0x23
1a: 66 0f 1f 84 00 00 00 nopw 0x0(%rax,%rax,1)
21: 00 00
23: b8 a6 00 00 00 mov $0xa6,%eax
28: 0f 05 syscall
2a:* 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax <-- trapping instruction
30: 77 01 ja 0x33
32: c3 ret
33: 48 8b 15 c9 4b 0d 00 mov 0xd4bc9(%rip),%rdx # 0xd4c03
3a: f7 d8 neg %eax
3c: 64 89 02 mov %eax,%fs:(%rdx)
3f: b8 .byte 0xb8
Code starting with the faulting instruction
===========================================
0: 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax
6: 77 01 ja 0x9
8: c3 ret
9: 48 8b 15 c9 4b 0d 00 mov 0xd4bc9(%rip),%rdx # 0xd4bd9
10: f7 d8 neg %eax
12: 64 89 02 mov %eax,%fs:(%rdx)
15: b8 .byte 0xb8
[ 270.463588][ T4529] RSP: 002b:00007ffc300541e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 270.463592][ T4529] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fc1ffd84217
[ 270.463593][ T4529] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000056024b59b06a
[ 270.463595][ T4529] RBP: 00007ffc30054470 R08: 0000000000000000 R09: 0000000000000000
[ 270.463596][ T4529] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000
[ 270.463598][ T4529] R13: 000056024b59b06a R14: 000056024b59b7d0 R15: 000056024b59f8b0
[ 270.463600][ T4529] </TASK>
[ 270.463601][ T4529] ==================================================================
[ 270.864814][ T4529] Disabling lock debugging due to kernel taint
[ 270.870833][ T4529] Oops: general protection fault, probably for non-canonical address 0xccccccccccccccd0: 0000 [#1] SMP KASAN PTI
[ 270.882549][ T4529] CPU: 2 UID: 0 PID: 4529 Comm: hugefallocate01 Tainted: G S B I 7.0.0-rc1-00214-g75576f3c4ced #1 PREEMPT(lazy)
[ 270.895404][ T4529] Tainted: [S]=CPU_OUT_OF_SPEC, [B]=BAD_PAGE, [I]=FIRMWARE_WORKAROUND
[ 270.903398][ T4529] Hardware name: Dell Inc. OptiPlex 7050/062KRH, BIOS 1.2.0 12/22/2016
[ 270.911474][ T4529] RIP: 0010:_raw_spin_lock (arch/x86/include/asm/atomic.h:107 (discriminator 4) include/linux/atomic/atomic-arch-fallback.h:2170 (discriminator 4) include/linux/atomic/atomic-instrumented.h:1302 (discriminator 4) include/asm-generic/qspinlock.h:111 (discriminator 4) include/linux/spinlock.h:187 (discriminator 4) include/linux/spinlock_api_smp.h:159 (discriminator 4) kernel/locking/spinlock.c:154 (discriminator 4))
[ 270.916599][ T4529] Code: be 04 00 00 00 c7 44 24 20 00 00 00 00 e8 8f 19 e5 fd be 04 00 00 00 48 8d 7c 24 20 e8 80 19 e5 fd ba 01 00 00 00 8b 44 24 20 <f0> 0f b1 13 75 2d 48 b8 00 00 00 00 00 fc ff df 48 c7 44 05 00 00
All code
========
0: be 04 00 00 00 mov $0x4,%esi
5: c7 44 24 20 00 00 00 movl $0x0,0x20(%rsp)
c: 00
d: e8 8f 19 e5 fd call 0xfffffffffde519a1
12: be 04 00 00 00 mov $0x4,%esi
17: 48 8d 7c 24 20 lea 0x20(%rsp),%rdi
1c: e8 80 19 e5 fd call 0xfffffffffde519a1
21: ba 01 00 00 00 mov $0x1,%edx
26: 8b 44 24 20 mov 0x20(%rsp),%eax
2a:* f0 0f b1 13 lock cmpxchg %edx,(%rbx) <-- trapping instruction
2e: 75 2d jne 0x5d
30: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax
37: fc ff df
3a: 48 rex.W
3b: c7 .byte 0xc7
3c: 44 rex.R
3d: 05 .byte 0x5
...
Code starting with the faulting instruction
===========================================
0: f0 0f b1 13 lock cmpxchg %edx,(%rbx)
4: 75 2d jne 0x33
6: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax
d: fc ff df
10: 48 rex.W
11: c7 .byte 0xc7
12: 44 rex.R
13: 05 .byte 0x5
The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20260310/202603101532.fecbeae3-lkp@intel.com
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
More information about the ltp
mailing list