Greeting, FYI, we noticed the following commit (built with gcc-9): commit: f9338c1399c9581b3b3fcac898b36dfb9e6eb42f ("mm, slub: convert kmem_cpu_slab protection to local_lock") https://git.kernel.org/cgit/linux/kernel/git/vbabka/linux.git slub-local-lock-v2r3 in testcase: trinity version: trinity-i386-4d2343bd-1_20200320 with following parameters: number: 99999 group: group-00 test-description: Trinity is a linux system call fuzz tester. test-url: http://codemonkey.org.uk/projects/trinity/ on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace): +------------------------------------------+------------+------------+ | | d92ed3b2ec | f9338c1399 | +------------------------------------------+------------+------------+ | boot_successes | 15 | 0 | | boot_failures | 0 | 28 | | kernel_BUG_at_mm/slub.c | 0 | 28 | | invalid_opcode:#[##] | 0 | 28 | | RIP:kmem_cache_alloc | 0 | 28 | | Kernel_panic-not_syncing:Fatal_exception | 0 | 28 | +------------------------------------------+------------+------------+ If you fix the issue, kindly add following tag Reported-by: kernel test robot <oliver.sang(a)intel.com&gt; [ 261.108893] kernel BUG at mm/slub.c:3098! [ 261.109474] invalid opcode: 0000 [#1] KASAN [ 261.110017] CPU: 0 PID: 0 Comm: swapper Not tainted 5.13.0-rc5-00034-gf9338c1399c9 #1 [ 261.110990] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 261.111959] RIP: 0010:kmem_cache_alloc (kbuild/src/consumer/mm/slub.c:3098 kbuild/src/consumer/mm/slub.c:3122 kbuild/src/consumer/mm/slub.c:3127) [ 261.112569] Code: 13 4c 89 f2 89 ee 4c 89 e7 e8 96 ff ff ff 48 89 04 24 eb 32 41 8b 4c 24 28 49 8b 3c 24 48 8b 1c 08 48 8d 4f 38 80 e1 0f 74 02 <0f> 0b 48 8d 4a 01 48 8d 77 38 e8 d9 c8 ca 00 84 c0 74 a8 41 8b 44 All code ======== 0: 13 4c 89 f2 adc -0xe(%rcx,%rcx,4),%ecx 4: 89 ee mov %ebp,%esi 6: 4c 89 e7 mov %r12,%rdi 9: e8 96 ff ff ff callq 0xffffffffffffffa4 e: 48 89 04 24 mov %rax,(%rsp) 12: eb 32 jmp 0x46 14: 41 8b 4c 24 28 mov 0x28(%r12),%ecx 19: 49 8b 3c 24 mov (%r12),%rdi 1d: 48 8b 1c 08 mov (%rax,%rcx,1),%rbx 21: 48 8d 4f 38 lea 0x38(%rdi),%rcx 25: 80 e1 0f and $0xf,%cl 28: 74 02 je 0x2c 2a:* 0f 0b ud2 <-- trapping instruction 2c: 48 8d 4a 01 lea 0x1(%rdx),%rcx 30: 48 8d 77 38 lea 0x38(%rdi),%rsi 34: e8 d9 c8 ca 00 callq 0xcac912 39: 84 c0 test %al,%al 3b: 74 a8 je 0xffffffffffffffe5 3d: 41 rex.B 3e: 8b .byte 0x8b 3f: 44 rex.R Code starting with the faulting instruction =========================================== 0: 0f 0b ud2 2: 48 8d 4a 01 lea 0x1(%rdx),%rcx 6: 48 8d 77 38 lea 0x38(%rdi),%rsi a: e8 d9 c8 ca 00 callq 0xcac8e8 f: 84 c0 test %al,%al 11: 74 a8 je 0xffffffffffffffbb 13: 41 rex.B 14: 8b .byte 0x8b 15: 44 rex.R [ 261.114803] RSP: 0000:ffffffffa5207e78 EFLAGS: 00010002 [ 261.115442] RAX: ffff888100041280 RBX: ffff8881000413c0 RCX: ffff8883af2bf008 [ 261.116298] RDX: 0000000000000003 RSI: 0000000000000100 RDI: ffff8883af2bf050 [ 261.117180] RBP: 0000000000000900 R08: 0000000000000008 R09: 0000000000000001 [ 261.118043] R10: fffffbfff4eabd9d R11: ffffffffa755ece7 R12: ffff888100041000 [ 261.118856] R13: ffff888100041000 R14: ffffffffa6cc0261 R15: 0000000000000000 [ 261.119687] FS: 0000000000000000(0000) GS:ffffffffa5327000(0000) knlGS:0000000000000000 [ 261.120666] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 261.121413] CR2: ffff88843ffff000 CR3: 000000006548b000 CR4: 00000000000406b0 [ 261.122278] Call Trace: [ 261.122636] create_kmalloc_cache (kbuild/src/consumer/mm/slab_common.c:664) [ 261.123209] new_kmalloc_cache (kbuild/src/consumer/mm/slab_common.c:844) [ 261.123717] create_kmalloc_caches (kbuild/src/consumer/mm/slab_common.c:870) [ 261.124231] kmem_cache_init (kbuild/src/consumer/include/linux/cpuhotplug.h:260 kbuild/src/consumer/mm/slub.c:4725) [ 261.124699] mm_init (kbuild/src/consumer/include/linux/mm.h:2242 kbuild/src/consumer/init/main.c:838) [ 261.125133] start_kernel (kbuild/src/consumer/init/main.c:936) [ 261.125595] secondary_startup_64_no_verify (kbuild/src/consumer/arch/x86/kernel/head_64.S:283) [ 261.126229] Modules linked in: [ 261.126652] random: get_random_bytes called from init_oops_id+0x1d/0x2c with crng_init=0 [ 261.126673] ---[ end trace 79cfc4eb7b4892f4 ]--- [ 261.128261] RIP: 0010:kmem_cache_alloc (kbuild/src/consumer/mm/slub.c:3098 kbuild/src/consumer/mm/slub.c:3122 kbuild/src/consumer/mm/slub.c:3127) [ 261.128846] Code: 13 4c 89 f2 89 ee 4c 89 e7 e8 96 ff ff ff 48 89 04 24 eb 32 41 8b 4c 24 28 49 8b 3c 24 48 8b 1c 08 48 8d 4f 38 80 e1 0f 74 02 <0f> 0b 48 8d 4a 01 48 8d 77 38 e8 d9 c8 ca 00 84 c0 74 a8 41 8b 44 All code ======== 0: 13 4c 89 f2 adc -0xe(%rcx,%rcx,4),%ecx 4: 89 ee mov %ebp,%esi 6: 4c 89 e7 mov %r12,%rdi 9: e8 96 ff ff ff callq 0xffffffffffffffa4 e: 48 89 04 24 mov %rax,(%rsp) 12: eb 32 jmp 0x46 14: 41 8b 4c 24 28 mov 0x28(%r12),%ecx 19: 49 8b 3c 24 mov (%r12),%rdi 1d: 48 8b 1c 08 mov (%rax,%rcx,1),%rbx 21: 48 8d 4f 38 lea 0x38(%rdi),%rcx 25: 80 e1 0f and $0xf,%cl 28: 74 02 je 0x2c 2a:* 0f 0b ud2 <-- trapping instruction 2c: 48 8d 4a 01 lea 0x1(%rdx),%rcx 30: 48 8d 77 38 lea 0x38(%rdi),%rsi 34: e8 d9 c8 ca 00 callq 0xcac912 39: 84 c0 test %al,%al 3b: 74 a8 je 0xffffffffffffffe5 3d: 41 rex.B 3e: 8b .byte 0x8b 3f: 44 rex.R Code starting with the faulting instruction =========================================== 0: 0f 0b ud2 2: 48 8d 4a 01 lea 0x1(%rdx),%rcx 6: 48 8d 77 38 lea 0x38(%rdi),%rsi a: e8 d9 c8 ca 00 callq 0xcac8e8 f: 84 c0 test %al,%al 11: 74 a8 je 0xffffffffffffffbb 13: 41 rex.B 14: 8b .byte 0x8b 15: 44 rex.R To reproduce: # build kernel cd linux cp config-5.13.0-rc5-00034-gf9338c1399c9 .config make HOSTCC=gcc-9 CC=gcc-9 ARCH=x86_64 olddefconfig prepare modules_prepare bzImage git clone https://github.com/intel/lkp-tests.git cd lkp-tests bin/lkp qemu -k <bzImage> job-script # job-script is attached in this email --- 0DAY/LKP+ Test Infrastructure Open Source Technology Center https://lists.01.org/hyperkitty/list/lkp@lists.01.org Intel Corporation Thanks, Oliver Sang