Hello, kernel test robot noticed "WARNING:at_mm/gup.c:#__get_user_pages" on: commit: a425ac5365f6cb3cc47bf83e6bff0213c10445f7 ("gup: add warning if some caller would seem to want stack expansion") https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git master we noticed this commit 'add a (temporary) warning' for the case that 'anybody actually does anything quite this strange'. and in our this test, the warning hits. just FYI. [test failed on linus/master a901a3568fd26ca9c4a82d8bc5ed5b3ed844d451] [test failed on linux-next/master 296d53d8f84ce50ffaee7d575487058c8d437335] in testcase: trinity version: trinity-i386-abe9de86-1_20230429 with following parameters: runtime: 300s group: group-00 nr_groups: 5 test-description: Trinity is a linux system call fuzz tester. test-url: http://codemonkey.org.uk/projects/trinity/ compiler: clang-15 on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace): If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot | Closes: https://lore.kernel.org/oe-lkp/202307041023.bcdbbfc0-oliver.sang@intel.com [ 410.961829][ T3941] WARNING: CPU: 1 PID: 3941 at mm/gup.c:1101 __get_user_pages (mm/gup.c:1101) [ 410.963037][ T3941] Modules linked in: ipmi_devintf ipmi_msghandler crc32c_intel sha512_ssse3 sg pcspkr evdev floppy tiny_power_button button fuse [ 410.964888][ T3941] CPU: 1 PID: 3941 Comm: trinity-c2 Not tainted 6.4.0-rc7-00013-ga425ac5365f6 #1 [ 410.966162][ T3941] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 [ 410.967315][ T3941] RIP: 0010:__get_user_pages (mm/gup.c:1101) [ 410.967988][ T3941] Code: f6 ff 49 8b 5e 20 81 e3 00 01 00 00 48 89 dd 48 c1 ed 08 48 c7 c7 40 9c 2a bd 89 ee 31 d2 31 c9 e8 0e cd f3 ff 48 85 db 74 02 <0f> 0b 48 c7 c7 70 9c 2a bd 89 ee 31 d2 31 c9 e8 f5 cc f3 ff 48 8b All code ======== 0: f6 ff idiv %bh 2: 49 8b 5e 20 mov 0x20(%r14),%rbx 6: 81 e3 00 01 00 00 and $0x100,%ebx c: 48 89 dd mov %rbx,%rbp f: 48 c1 ed 08 shr $0x8,%rbp 13: 48 c7 c7 40 9c 2a bd mov $0xffffffffbd2a9c40,%rdi 1a: 89 ee mov %ebp,%esi 1c: 31 d2 xor %edx,%edx 1e: 31 c9 xor %ecx,%ecx 20: e8 0e cd f3 ff call 0xfffffffffff3cd33 25: 48 85 db test %rbx,%rbx 28: 74 02 je 0x2c 2a:* 0f 0b ud2 <-- trapping instruction 2c: 48 c7 c7 70 9c 2a bd mov $0xffffffffbd2a9c70,%rdi 33: 89 ee mov %ebp,%esi 35: 31 d2 xor %edx,%edx 37: 31 c9 xor %ecx,%ecx 39: e8 f5 cc f3 ff call 0xfffffffffff3cd33 3e: 48 rex.W 3f: 8b .byte 0x8b Code starting with the faulting instruction =========================================== 0: 0f 0b ud2 2: 48 c7 c7 70 9c 2a bd mov $0xffffffffbd2a9c70,%rdi 9: 89 ee mov %ebp,%esi b: 31 d2 xor %edx,%edx d: 31 c9 xor %ecx,%ecx f: e8 f5 cc f3 ff call 0xfffffffffff3cd09 14: 48 rex.W 15: 8b .byte 0x8b [ 410.970326][ T3941] RSP: 0018:ffff8881478bfa10 EFLAGS: 00010206 [ 410.971186][ T3941] RAX: 0000000000000000 RBX: 0000000000000100 RCX: 0000000000000000 [ 410.972183][ T3941] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 410.973321][ T3941] RBP: 0000000000000001 R08: 0001ffffffffffff R09: 0000000000000000 [ 410.974484][ T3941] R10: 0000000000000000 R11: 0000000000000000 R12: 00000000f69a9000 [ 410.975470][ T3941] R13: 0000000000000000 R14: ffff8881560d7708 R15: 0000000000000000 [ 410.976511][ T3941] FS: 0000000000000000(0000) GS:ffff88842fa00000(0063) knlGS:00000000f7f1c280 [ 410.977654][ T3941] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 410.978442][ T3941] CR2: 00000000f72ae000 CR3: 0000000155633000 CR4: 00000000000406a0 [ 410.979480][ T3941] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 410.980467][ T3941] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 410.981514][ T3941] Call Trace: [ 410.981989][ T3941] [ 410.982436][ T3941] ? __warn (kernel/panic.c:673) [ 410.983007][ T3941] ? __get_user_pages (mm/gup.c:1101) [ 410.983719][ T3941] ? report_bug (lib/bug.c:?) [ 410.984500][ T3941] ? handle_bug (arch/x86/kernel/traps.c:324) [ 410.985177][ T3941] ? exc_invalid_op (arch/x86/kernel/traps.c:345) [ 410.985772][ T3941] ? asm_exc_invalid_op (arch/x86/include/asm/idtentry.h:568) [ 410.986410][ T3941] ? __get_user_pages (mm/gup.c:1101) [ 410.987100][ T3941] ? pvclock_clocksource_read_nowd (arch/x86/include/asm/pvclock.h:36 arch/x86/kernel/pvclock.c:79 arch/x86/kernel/pvclock.c:120) [ 410.987939][ T3941] __gup_longterm_locked (mm/gup.c:1389) [ 410.988605][ T3941] ? process_vm_rw (arch/x86/include/asm/jump_label.h:27 include/linux/jump_label.h:207 include/linux/mmap_lock.h:35 include/linux/mmap_lock.h:143 mm/process_vm_access.c:104 mm/process_vm_access.c:215 mm/process_vm_access.c:283) [ 410.989355][ T3941] ? process_vm_rw (arch/x86/include/asm/jump_label.h:27 include/linux/jump_label.h:207 include/linux/mmap_lock.h:35 include/linux/mmap_lock.h:143 mm/process_vm_access.c:104 mm/process_vm_access.c:215 mm/process_vm_access.c:283) [ 410.990202][ T3941] ? is_valid_gup_args (mm/gup.c:2162) [ 410.991069][ T3941] pin_user_pages_remote (mm/gup.c:3132) [ 410.991884][ T3941] process_vm_rw (mm/process_vm_access.c:105) [ 410.992728][ T3941] ? __ct_user_exit (kernel/context_tracking.c:623) [ 410.993526][ T3941] __ia32_sys_process_vm_readv (mm/process_vm_access.c:295 mm/process_vm_access.c:291 mm/process_vm_access.c:291) [ 410.994422][ T3941] __do_fast_syscall_32 (arch/x86/entry/common.c:? arch/x86/entry/common.c:178) [ 410.995197][ T3941] ? __do_fast_syscall_32 (arch/x86/entry/common.c:165) [ 410.995988][ T3941] ? __do_fast_syscall_32 (arch/x86/entry/common.c:165) [ 411.000892][ T3941] ? irqentry_exit (kernel/entry/common.c:446) [ 411.001656][ T3941] do_fast_syscall_32 (arch/x86/entry/common.c:203) [ 411.002442][ T3941] do_SYSENTER_32 (arch/x86/entry/common.c:246) [ 411.003178][ T3941] entry_SYSENTER_compat_after_hwframe (arch/x86/entry/entry_64_compat.S:122) [ 411.004161][ T3941] RIP: 0023:0xf7f21539 [ 411.004859][ T3941] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 All code ======== 0: 03 74 b4 01 add 0x1(%rsp,%rsi,4),%esi 4: 10 07 adc %al,(%rdi) 6: 03 74 b0 01 add 0x1(%rax,%rsi,4),%esi a: 10 08 adc %cl,(%rax) c: 03 74 d8 01 add 0x1(%rax,%rbx,8),%esi ... 20: 00 51 52 add %dl,0x52(%rcx) 23: 55 push %rbp 24:* 89 e5 mov %esp,%ebp <-- trapping instruction 26: 0f 34 sysenter 28: cd 80 int $0x80 2a: 5d pop %rbp 2b: 5a pop %rdx 2c: 59 pop %rcx 2d: c3 ret 2e: 90 nop 2f: 90 nop 30: 90 nop 31: 90 nop 32: 66 2e 0f 1f 84 00 00 cs nopw 0x0(%rax,%rax,1) 39: 00 00 00 3c: 0f .byte 0xf 3d: 1f (bad) 3e: 44 rex.R ... Code starting with the faulting instruction =========================================== 0: 5d pop %rbp 1: 5a pop %rdx 2: 59 pop %rcx 3: c3 ret 4: 90 nop 5: 90 nop 6: 90 nop 7: 90 nop 8: 66 2e 0f 1f 84 00 00 cs nopw 0x0(%rax,%rax,1) f: 00 00 00 12: 0f .byte 0xf 13: 1f (bad) 14: 44 rex.R To reproduce: # build kernel cd linux cp config-6.4.0-rc7-00013-ga425ac5365f6 .config make HOSTCC=clang-15 CC=clang-15 ARCH=x86_64 olddefconfig prepare modules_prepare bzImage modules make HOSTCC=clang-15 CC=clang-15 ARCH=x86_64 INSTALL_MOD_PATH= modules_install cd find lib/ | cpio -o -H newc --quiet | gzip > modules.cgz git clone https://github.com/intel/lkp-tests.git cd lkp-tests bin/lkp qemu -k -m modules.cgz job-script # job-script is attached in this email # if come across any failure that blocks the test, # please remove ~/.lkp and /lkp dir to run from a clean state. -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki