hi Kees Cook, the issue we found below is by clang-15, but we confirmed clang-15 we use is commit 8dfdcc7b7b in llvm-project. it supports the flag already. llvm-project$ git show 8dfdcc7b7b:clang/docs/ReleaseNotes.rst | grep -C5 flex-array .. note:: Randomizing structure layout is a C-only feature. - Clang now supports the ``-fstrict-flex-arrays=`` option to control which array bounds lead to flexible array members. The option yields more accurate ``__builtin_object_size`` and ``__builtin_dynamic_object_size`` results in most cases but may be overly conservative for some legacy code. - Experimental support for HLSL has been added. The implementation is incomplete and highly experimental. For more information about the ongoing at the same time, we also tried to run same tests upon clang-16, but we didn't observe similar issues. we are not sure if it's a compiler issue, so Cc llvm@lists.linux.dev, too. Hello, kernel test robot noticed "BUG:unable_to_handle_page_fault_for_address" on: commit: df8fc4e934c12b906d08050d7779f292b9c5c6b5 ("kbuild: Enable -fstrict-flex-arrays=3") https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git master [test failed on linux-next/master abbd8bb42915d9ed06df11b430bf4ecb3d8ac5ad] in testcase: boot compiler: clang-15 test machine: qemu-system-i386 -enable-kvm -cpu SandyBridge -smp 2 -m 4G (please refer to attached dmesg/kmsg for entire log/backtrace) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot | Closes: https://lore.kernel.org/oe-lkp/202306102333.8f5a7443-oliver.sang@intel.com [ 228.605608][ C1] BUG: unable to handle page fault for address: 04090300 [ 228.606532][ C1] #PF: supervisor read access in kernel mode [ 228.607325][ C1] #PF: error_code(0x0000) - not-present page [ 228.608100][ C1] *pde = 00000000 [ 228.608262][ C1] Oops: 0000 [#1] PREEMPT SMP [ 228.608262][ C1] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G W 6.4.0-rc2-00010-gdf8fc4e934c1 #1 [ 228.608262][ C1] EIP: string (lib/vsprintf.c:644 lib/vsprintf.c:726) [ 228.608262][ C1] Code: 73 43 89 c1 8b 44 24 10 89 04 24 89 5c 24 04 c1 fb 10 0f 84 a7 00 00 00 31 c0 89 ce eb 09 40 39 c3 0f 84 9e 00 00 00 8d 0c 07 <0f> b6 14 06 84 d2 0f 84 95 00 00 00 3b 4c 24 0c 73 e2 88 11 eb de All code ======== 0: 73 43 jae 0x45 2: 89 c1 mov %eax,%ecx 4: 8b 44 24 10 mov 0x10(%rsp),%eax 8: 89 04 24 mov %eax,(%rsp) b: 89 5c 24 04 mov %ebx,0x4(%rsp) f: c1 fb 10 sar $0x10,%ebx 12: 0f 84 a7 00 00 00 je 0xbf 18: 31 c0 xor %eax,%eax 1a: 89 ce mov %ecx,%esi 1c: eb 09 jmp 0x27 1e: 40 39 c3 rex cmp %eax,%ebx 21: 0f 84 9e 00 00 00 je 0xc5 27: 8d 0c 07 lea (%rdi,%rax,1),%ecx 2a:* 0f b6 14 06 movzbl (%rsi,%rax,1),%edx <-- trapping instruction 2e: 84 d2 test %dl,%dl 30: 0f 84 95 00 00 00 je 0xcb 36: 3b 4c 24 0c cmp 0xc(%rsp),%ecx 3a: 73 e2 jae 0x1e 3c: 88 11 mov %dl,(%rcx) 3e: eb de jmp 0x1e Code starting with the faulting instruction =========================================== 0: 0f b6 14 06 movzbl (%rsi,%rax,1),%edx 4: 84 d2 test %dl,%dl 6: 0f 84 95 00 00 00 je 0xa1 c: 3b 4c 24 0c cmp 0xc(%rsp),%ecx 10: 73 e2 jae 0xfffffffffffffff4 12: 88 11 mov %dl,(%rcx) 14: eb de jmp 0xfffffffffffffff4 [ 228.608262][ C1] EAX: 00000000 EBX: ffffffff ECX: b4eb1d1e EDX: 00000000 [ 228.608262][ C1] ESI: 04090300 EDI: b4eb1d1e EBP: b4eb1ca4 ESP: b4eb1c80 [ 228.608262][ C1] DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 EFLAGS: 00210046 [ 228.608262][ C1] CR0: 80050033 CR2: 04090300 CR3: 03967000 CR4: 00040690 [ 228.608262][ C1] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000 [ 228.608262][ C1] DR6: fffe0ff0 DR7: 00000400 [ 228.608262][ C1] Call Trace: [ 228.608262][ C1] [ 228.608262][ C1] vsnprintf (lib/vsprintf.c:2817) [ 228.608262][ C1] vprintk_store (kernel/printk/printk.c:2191) [ 228.608262][ C1] vprintk_emit (kernel/printk/printk.c:2288) [ 228.608262][ C1] vprintk_default (kernel/printk/printk.c:2318) [ 228.608262][ C1] vprintk (kernel/printk/printk_safe.c:50) [ 228.608262][ C1] _printk (kernel/printk/printk.c:2331) [ 228.608262][ C1] __ubsan_handle_out_of_bounds (lib/ubsan.c:209 lib/ubsan.c:343) [ 228.608262][ C1] get_string (drivers/usb/gadget/composite.c:1314) [ 228.608262][ C1] composite_setup (drivers/usb/gadget/composite.c:1871) [ 228.608262][ C1] dummy_timer (drivers/usb/gadget/udc/dummy_hcd.c:?) [ 228.608262][ C1] ? check_preemption_disabled (lib/smp_processor_id.c:16) [ 228.608262][ C1] ? __this_cpu_preempt_check (lib/smp_processor_id.c:67) [ 228.608262][ C1] ? check_preemption_disabled (lib/smp_processor_id.c:16) [ 228.608262][ C1] ? rcu_is_watching (kernel/rcu/tree.c:696) [ 228.608262][ C1] call_timer_fn (include/linux/jump_label.h:270 include/trace/events/timer.h:127 kernel/time/timer.c:1701) [ 228.608262][ C1] ? dummy_free_streams (drivers/usb/gadget/udc/dummy_hcd.c:1782) [ 228.608262][ C1] run_timer_softirq (kernel/time/timer.c:1751 kernel/time/timer.c:2022 kernel/time/timer.c:2035) [ 228.608262][ C1] __do_softirq (include/linux/jump_label.h:270 include/trace/events/irq.h:142 kernel/softirq.c:572) [ 228.608262][ C1] ? __lock_text_end (kernel/softirq.c:529) [ 228.608262][ C1] do_softirq_own_stack (arch/x86/kernel/irq_32.c:57 arch/x86/kernel/irq_32.c:147) [ 228.608262][ C1] [ 228.608262][ C1] ? sysvec_call_function_single (arch/x86/kernel/apic/apic.c:1106) [ 228.608262][ C1] __irq_exit_rcu (kernel/softirq.c:653) [ 228.608262][ C1] irq_exit_rcu (kernel/softirq.c:664) [ 228.608262][ C1] sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1106) [ 228.608262][ C1] ? do_idle (kernel/sched/idle.c:? kernel/sched/idle.c:282) [ 228.608262][ C1] handle_exception (init_task.c:?) [ 228.608262][ C1] EIP: default_idle (arch/x86/include/asm/irqflags.h:37 arch/x86/include/asm/irqflags.h:72 arch/x86/kernel/process.c:711) [ 228.608262][ C1] Code: 2a ff 83 c4 08 eb d3 00 00 cc cc 00 00 cc cc 00 00 cc cc 00 00 55 89 e5 83 3d c0 e8 96 b3 00 7e 07 0f 00 2d a4 02 36 b2 fb f4 5d c3 90 90 90 90 90 90 90 90 55 89 e5 e8 78 04 01 00 5d c3 90 All code ======== 0: 2a ff sub %bh,%bh 2: 83 c4 08 add $0x8,%esp 5: eb d3 jmp 0xffffffffffffffda 7: 00 00 add %al,(%rax) 9: cc int3 a: cc int3 b: 00 00 add %al,(%rax) d: cc int3 e: cc int3 f: 00 00 add %al,(%rax) 11: cc int3 12: cc int3 13: 00 00 add %al,(%rax) 15: 55 push %rbp 16: 89 e5 mov %esp,%ebp 18: 83 3d c0 e8 96 b3 00 cmpl $0x0,-0x4c691740(%rip) # 0xffffffffb396e8df 1f: 7e 07 jle 0x28 21: 0f 00 2d a4 02 36 b2 verw -0x4dc9fd5c(%rip) # 0xffffffffb23602cc 28: fb sti 29: f4 hlt 2a:* fa cli <-- trapping instruction 2b: 5d pop %rbp 2c: c3 retq 2d: 90 nop 2e: 90 nop 2f: 90 nop 30: 90 nop 31: 90 nop 32: 90 nop 33: 90 nop 34: 90 nop 35: 55 push %rbp 36: 89 e5 mov %esp,%ebp 38: e8 78 04 01 00 callq 0x104b5 3d: 5d pop %rbp 3e: c3 retq 3f: 90 nop Code starting with the faulting instruction =========================================== 0: fa cli 1: 5d pop %rbp 2: c3 retq 3: 90 nop 4: 90 nop 5: 90 nop 6: 90 nop 7: 90 nop 8: 90 nop 9: 90 nop a: 90 nop b: 55 push %rbp c: 89 e5 mov %esp,%ebp e: e8 78 04 01 00 callq 0x1048b 13: 5d pop %rbp 14: c3 retq 15: 90 nop To reproduce: # build kernel cd linux cp config-6.4.0-rc2-00010-gdf8fc4e934c1 .config make HOSTCC=clang-15 CC=clang-15 ARCH=i386 olddefconfig prepare modules_prepare bzImage modules make HOSTCC=clang-15 CC=clang-15 ARCH=i386 INSTALL_MOD_PATH= modules_install cd find lib/ | cpio -o -H newc --quiet | gzip > modules.cgz git clone https://github.com/intel/lkp-tests.git cd lkp-tests bin/lkp qemu -k -m modules.cgz job-script # job-script is attached in this email # if come across any failure that blocks the test, # please remove ~/.lkp and /lkp dir to run from a clean state. -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki