Greeting, FYI, we noticed the following commit (built with clang-15): commit: d1ec551f874e1663bfe76b994c0010a4566cf936 ("x86/pgtable: support __HAVE_ARCH_PTE_SWP_EXCLUSIVE") https://github.com/hnaz/linux-mm master in testcase: trinity version: trinity-static-i386-x86_64-1c734c75-1_2020-01-06 with following parameters: runtime: 300s group: group-01 test-description: Trinity is a linux system call fuzz tester. test-url: http://codemonkey.org.uk/projects/trinity/ on test machine: qemu-system-i386 -enable-kvm -cpu SandyBridge -smp 2 -m 4G caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace): If you fix the issue, kindly add following tag Reported-by: kernel test robot [ 40.201103][ T5099] BUG: Bad page map in process trinity-c7 pte:1713003a pmd:7ff71067 [ 40.201999][ T5099] addr:096e7000 vm_flags:00100073 anon_vma:bff0aa00 mapping:00000000 index:96e7 [ 40.202718][ T5099] file:(null) fault:0x0 mmap:0x0 readpage:0x0 [ 40.203229][ T5099] CPU: 0 PID: 5099 Comm: trinity-c7 Not tainted 5.18.0-rc2-mm1-00053-gd1ec551f874e #1 [ 40.203952][ T5099] Call Trace: [ 40.204195][ T5099] ? dump_stack_lvl (??:?) [ 40.204581][ T5099] ? dump_stack (??:?) [ 40.204970][ T5099] ? print_bad_pte (memory.c:?) [ 40.205384][ T5099] ? unmap_page_range (??:?) [ 40.205843][ T5099] ? unmap_single_vma (memory.c:?) [ 40.206271][ T5099] ? unmap_vmas (??:?) [ 40.206647][ T5099] ? exit_mmap (??:?) [ 40.207032][ T5099] ? __mmput (fork.c:?) [ 40.207405][ T5099] ? mmput (??:?) [ 40.207751][ T5099] ? exit_mm (exit.c:?) [ 40.208121][ T5099] ? do_exit (??:?) [ 40.208497][ T5099] ? do_group_exit (??:?) [ 40.208905][ T5099] ? trace_hardirqs_on (??:?) [ 40.209345][ T5099] ? get_signal (??:?) [ 40.209750][ T5099] ? arch_do_signal_or_restart (??:?) [ 40.210287][ T5099] ? exit_to_user_mode_loop (common.c:?) [ 40.210778][ T5099] ? exit_to_user_mode_prepare (common.c:?) [ 40.211302][ T5099] ? syscall_exit_to_user_mode (??:?) [ 40.211808][ T5099] ? ret_from_fork (??:?) [ 40.212268][ T5099] Disabling lock debugging due to kernel taint [ 40.231123][ T5097] BUG: Bad page map in process trinity-c5 pte:171e0a3e pmd:0a8d3067 [ 40.231770][ T5099] BUG: Bad page map in process trinity-c7 pte:1713023a pmd:7ff71067 [ 40.231883][ T5097] addr:36ed5000 vm_flags:000000fb anon_vma:00000000 mapping:485d0d80 index:1 [ 40.232611][ T5099] addr:096e8000 vm_flags:00100073 anon_vma:bff0ab18 mapping:00000000 index:96e8 [ 40.233429][ T5097] file:dev/zero fault:shmem_fault mmap:shmem_mmap readpage:0x0 [ 40.234271][ T5099] file:(null) fault:0x0 mmap:0x0 readpage:0x0 [ 40.234971][ T5097] CPU: 1 PID: 5097 Comm: trinity-c5 Tainted: G B 5.18.0-rc2-mm1-00053-gd1ec551f874e #1 [ 40.236510][ T5097] Call Trace: [ 40.236805][ T5097] dump_stack_lvl (??:?) [ 40.237195][ T5097] dump_stack (??:?) [ 40.237547][ T5097] print_bad_pte (memory.c:?) [ 40.237947][ T5097] unmap_page_range (??:?) [ 40.238399][ T5097] unmap_single_vma (memory.c:?) [ 40.238819][ T5097] unmap_vmas (??:?) [ 40.239196][ T5097] exit_mmap (??:?) [ 40.239579][ T5097] __mmput (fork.c:?) [ 40.239920][ T5097] mmput (??:?) [ 40.240270][ T5097] exit_mm (exit.c:?) [ 40.240632][ T5097] do_exit (??:?) [ 40.241007][ T5097] ? rcu_read_lock_sched_held (??:?) [ 40.241492][ T5097] do_group_exit (??:?) [ 40.241894][ T5097] __ia32_sys_exit_group (??:?) [ 40.242385][ T5097] __do_fast_syscall_32 (common.c:?) [ 40.242850][ T5097] ? rcu_read_lock_sched_held (??:?) [ 40.243361][ T5097] ? lock_release (??:?) [ 40.243774][ T5097] ? rcu_read_lock_sched_held (??:?) [ 40.244264][ T5097] ? irqentry_exit (??:?) [ 40.244683][ T5097] ? irqentry_exit (??:?) [ 40.245100][ T5097] ? irqentry_exit_to_user_mode (??:?) [ 40.245586][ T5097] ? __do_fast_syscall_32 (common.c:?) [ 40.246054][ T5097] ? irqentry_exit (??:?) [ 40.246467][ T5097] ? exc_page_fault (??:?) [ 40.246914][ T5097] do_fast_syscall_32 (??:?) [ 40.247358][ T5097] do_SYSENTER_32 (??:?) [ 40.247766][ T5097] entry_SYSENTER_32 (??:?) [ 40.248212][ T5097] EIP: 0x37f4c509 [ 40.248542][ T5097] Code: Unable to access opcode bytes at RIP 0x37f4c4df. Code starting with the faulting instruction =========================================== [ 40.249171][ T5097] EAX: ffffffda EBX: 00000001 ECX: 00000000 EDX: 00000007 [ 40.249805][ T5097] ESI: 371e5000 EDI: 371e5030 EBP: ffffffff ESP: 3fa05f5c [ 40.250472][ T5097] DS: 007b ES: 007b FS: 0000 GS: 0000 SS: 007b EFLAGS: 00000216 [ 40.254660][ T5099] CPU: 0 PID: 5099 Comm: trinity-c7 Tainted: G B 5.18.0-rc2-mm1-00053-gd1ec551f874e #1 [ 40.259088][ T5099] Call Trace: [ 40.259386][ T5099] ? dump_stack_lvl (??:?) [ 40.259790][ T5099] ? dump_stack (??:?) [ 40.260147][ T5099] ? print_bad_pte (memory.c:?) [ 40.260564][ T5099] ? unmap_page_range (??:?) [ 40.260778][ T5097] BUG: Bad page map in process trinity-c5 pte:171e0e3e pmd:0a8d3067 [ 40.260997][ T5099] ? unmap_single_vma (memory.c:?) [ 40.261728][ T5097] addr:36ed7000 vm_flags:000000fb anon_vma:00000000 mapping:485d0d80 index:3 [ 40.262182][ T5099] ? unmap_vmas (??:?) [ 40.262958][ T5097] file:dev/zero fault:shmem_fault mmap:shmem_mmap readpage:0x0 [ 40.263374][ T5099] ? exit_mmap (??:?) [ 40.264462][ T5099] ? __mmput (fork.c:?) [ 40.264827][ T5099] ? mmput (??:?) [ 40.265179][ T5099] ? exit_mm (exit.c:?) [ 40.265563][ T5099] ? do_exit (??:?) [ 40.265962][ T5099] ? do_group_exit (??:?) [ 40.266399][ T5099] ? trace_hardirqs_on (??:?) [ 40.266845][ T5099] ? get_signal (??:?) [ 40.267254][ T5099] ? arch_do_signal_or_restart (??:?) [ 40.267752][ T5099] ? exit_to_user_mode_loop (common.c:?) [ 40.268228][ T5099] ? exit_to_user_mode_prepare (common.c:?) [ 40.268719][ T5099] ? syscall_exit_to_user_mode (??:?) [ 40.269211][ T5099] ? ret_from_fork (??:?) [ 40.269608][ T5097] CPU: 1 PID: 5097 Comm: trinity-c5 Tainted: G B 5.18.0-rc2-mm1-00053-gd1ec551f874e #1 [ 40.272368][ T5097] Call Trace: [ 40.273126][ T5097] dump_stack_lvl (??:?) [ 40.274237][ T5097] dump_stack (??:?) [ 40.275198][ T5097] print_bad_pte (memory.c:?) [ 40.276320][ T5097] unmap_page_range (??:?) [ 40.277590][ T5097] unmap_single_vma (memory.c:?) [ 40.278811][ T5097] unmap_vmas (??:?) [ 40.279932][ T5097] exit_mmap (??:?) [ 40.281041][ T5097] __mmput (fork.c:?) [ 40.282054][ T5097] mmput (??:?) [ 40.283036][ T5097] exit_mm (exit.c:?) [ 40.284073][ T5097] do_exit (??:?) [ 40.285071][ T5097] ? rcu_read_lock_sched_held (??:?) [ 40.286479][ T5097] do_group_exit (??:?) [ 40.287604][ T5097] __ia32_sys_exit_group (??:?) [ 40.288968][ T5097] __do_fast_syscall_32 (common.c:?) [ 40.290162][ T5097] ? rcu_read_lock_sched_held (??:?) [ 40.291440][ T5097] ? lock_release (??:?) [ 40.292436][ T5097] ? rcu_read_lock_sched_held (??:?) [ 40.292946][ T5097] ? irqentry_exit (??:?) [ 40.293399][ T5097] ? irqentry_exit (??:?) [ 40.293843][ T5097] ? irqentry_exit_to_user_mode (??:?) [ 40.294391][ T5097] ? __do_fast_syscall_32 (common.c:?) [ 40.294884][ T5097] ? irqentry_exit (??:?) [ 40.295320][ T5097] ? exc_page_fault (??:?) [ 40.295758][ T5097] do_fast_syscall_32 (??:?) [ 40.296193][ T5097] do_SYSENTER_32 (??:?) [ 40.296600][ T5097] entry_SYSENTER_32 (??:?) [ 40.297028][ T5097] EIP: 0x37f4c509 [ 40.297373][ T5097] Code: Unable to access opcode bytes at RIP 0x37f4c4df. To reproduce: # build kernel cd linux cp config-5.18.0-rc2-mm1-00053-gd1ec551f874e .config make HOSTCC=clang-15 CC=clang-15 ARCH=i386 olddefconfig prepare modules_prepare bzImage modules make HOSTCC=clang-15 CC=clang-15 ARCH=i386 INSTALL_MOD_PATH= modules_install cd find lib/ | cpio -o -H newc --quiet | gzip > modules.cgz git clone https://github.com/intel/lkp-tests.git cd lkp-tests bin/lkp qemu -k -m modules.cgz job-script # job-script is attached in this email # if come across any failure that blocks the test, # please remove ~/.lkp and /lkp dir to run from a clean state. -- 0-DAY CI Kernel Test Service https://01.org/lkp