From: kernel test robot <oliver.sang@intel.com>
To: "Matthew Wilcox (Oracle)" <willy@infradead.org>
Cc: <oe-lkp@lists.linux.dev>, <lkp@intel.com>, <linux-mm@kvack.org>,
"Andrew Morton" <akpm@linux-foundation.org>,
"Matthew Wilcox (Oracle)" <willy@infradead.org>,
David Hildenbrand <david@kernel.org>,
Vishal Moola <vishal.moola@gmail.com>, <oliver.sang@intel.com>
Subject: Re: [PATCH 1/4] mm: Use frozen pages for page tables
Date: Mon, 17 Nov 2025 22:38:09 +0800 [thread overview]
Message-ID: <202511172257.ffd96dab-lkp@intel.com> (raw)
In-Reply-To: <20251113140448.1814860-2-willy@infradead.org>
Hello,
kernel test robot noticed "BUG:Bad_page_state_in_process" on:
commit: ffb870b766822062b6c71211c80342c85a7ffcd8 ("[PATCH 1/4] mm: Use frozen pages for page tables")
url: https://github.com/intel-lab-lkp/linux/commits/Matthew-Wilcox-Oracle/mm-Use-frozen-pages-for-page-tables/20251113-222907
base: https://git.kernel.org/cgit/linux/kernel/git/akpm/mm.git mm-everything
patch link: https://lore.kernel.org/all/20251113140448.1814860-2-willy@infradead.org/
patch subject: [PATCH 1/4] mm: Use frozen pages for page tables
in testcase: rcutorture
version:
with following parameters:
runtime: 300s
test: cpuhotplug
torture_type: trivial
config: x86_64-randconfig-101-20251114
compiler: clang-20
test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 32G
(please refer to attached dmesg/kmsg for entire log/backtrace)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@intel.com>
| Closes: https://lore.kernel.org/oe-lkp/202511172257.ffd96dab-lkp@intel.com
[ 19.289760][ T422] BUG: Bad page state in process modprobe pfn:1618b2
[ 19.290414][ T422] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1618b2
[ 19.291313][ T422] flags: 0x8000000000000000(zone=2)
[ 19.291714][ T422] raw: 8000000000000000 dead000000000100 dead000000000122 0000000000000000
[ 19.292382][ T422] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[ 19.293020][ T422] page dumped because: nonzero _refcount
[ 19.293444][ T422] Modules linked in:
[ 19.293804][ T422] CPU: 0 UID: 0 PID: 422 Comm: modprobe Not tainted 6.18.0-rc5-00422-gffb870b76682 #1 PREEMPT(none) 65c9d11eede624b36533d4efe2c3c7798fc76b60
[ 19.293811][ T422] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 19.293814][ T422] Call Trace:
[ 19.293817][ T422] <TASK>
[ 19.293820][ T422] dump_stack_lvl (lib/dump_stack.c:123)
[ 19.293834][ T422] ? show_regs_print_info (lib/dump_stack.c:104)
[ 19.293842][ T422] ? smp_call_function_many (kernel/smp.c:784)
[ 19.293847][ T422] ? find_held_lock (kernel/locking/lockdep.c:5350)
[ 19.293854][ T422] bad_page (mm/page_alloc.c:?)
[ 19.293860][ T422] __free_frozen_pages (mm/page_alloc.c:?)
[ 19.293870][ T422] change_page_attr_set_clr (include/linux/list.h:372)
[ 19.293878][ T422] ? __set_memory_prot (arch/x86/mm/pat/set_memory.c:2041)
[ 19.293884][ T422] ? __set_memory_prot (arch/x86/mm/pat/set_memory.c:2041)
[ 19.293889][ T422] ? trace_contention_end (include/trace/events/lock.h:122)
[ 19.293897][ T422] ? do_raw_spin_lock (arch/x86/include/asm/atomic.h:107)
[ 19.293904][ T422] set_memory_rox (arch/x86/mm/pat/set_memory.c:2327)
[ 19.293910][ T422] ? set_memory_nx (arch/x86/mm/pat/set_memory.c:2123 arch/x86/mm/pat/set_memory.c:2312)
[ 19.293915][ T422] ? set_memory_ro (arch/x86/mm/pat/set_memory.c:2321)
[ 19.293921][ T422] ? _raw_spin_unlock (arch/x86/include/asm/preempt.h:95 include/linux/spinlock_api_smp.h:143 kernel/locking/spinlock.c:186)
[ 19.293929][ T422] ? find_vmap_area (mm/vmalloc.c:2507)
[ 19.293935][ T422] module_enable_text_rox (kernel/module/strict_rwx.c:40)
[ 19.293943][ T422] complete_formation (kernel/module/main.c:3258)
[ 19.293952][ T422] ? post_relocation (kernel/module/main.c:3237)
[ 19.293959][ T422] ? init_build_id (kernel/module/kallsyms.c:?)
[ 19.293967][ T422] load_module (kernel/module/main.c:3468)
[ 19.293979][ T422] __se_sys_finit_module (kernel/module/main.c:? kernel/module/main.c:3713 kernel/module/main.c:3739 kernel/module/main.c:3723)
[ 19.293987][ T422] ? __x64_sys_finit_module (kernel/module/main.c:3723)
[ 19.293998][ T422] ? exc_page_fault (arch/x86/mm/fault.c:?)
[ 19.294007][ T422] ? __ia32_sys_write (fs/read_write.c:754)
[ 19.294015][ T422] ? do_sys_open (fs/open.c:1452)
[ 19.294022][ T422] ? entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)
[ 19.294026][ T422] do_syscall_64 (arch/x86/entry/syscall_64.c:?)
[ 19.294034][ T422] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)
[ 19.294038][ T422] RIP: 0033:0x7f8d36fda779
[ 19.294042][ T422] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 4f 86 0d 00 f7 d8 64 89 01 48
All code
========
0: ff c3 inc %ebx
2: 66 2e 0f 1f 84 00 00 cs nopw 0x0(%rax,%rax,1)
9: 00 00 00
c: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
11: 48 89 f8 mov %rdi,%rax
14: 48 89 f7 mov %rsi,%rdi
17: 48 89 d6 mov %rdx,%rsi
1a: 48 89 ca mov %rcx,%rdx
1d: 4d 89 c2 mov %r8,%r10
20: 4d 89 c8 mov %r9,%r8
23: 4c 8b 4c 24 08 mov 0x8(%rsp),%r9
28: 0f 05 syscall
2a:* 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax <-- trapping instruction
30: 73 01 jae 0x33
32: c3 ret
33: 48 8b 0d 4f 86 0d 00 mov 0xd864f(%rip),%rcx # 0xd8689
3a: f7 d8 neg %eax
3c: 64 89 01 mov %eax,%fs:(%rcx)
3f: 48 rex.W
Code starting with the faulting instruction
===========================================
0: 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax
6: 73 01 jae 0x9
8: c3 ret
9: 48 8b 0d 4f 86 0d 00 mov 0xd864f(%rip),%rcx # 0xd865f
10: f7 d8 neg %eax
12: 64 89 01 mov %eax,%fs:(%rcx)
15: 48 rex.W
[ 19.294046][ T422] RSP: 002b:00007ffe07ac3298 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
[ 19.294051][ T422] RAX: ffffffffffffffda RBX: 000055b5fb23ae30 RCX: 00007f8d36fda779
[ 19.294054][ T422] RDX: 0000000000000000 RSI: 000055b5e55e332b RDI: 0000000000000004
[ 19.294056][ T422] RBP: 0000000000000000 R08: 0000000000000000 R09: 000055b5fb23c020
[ 19.294059][ T422] R10: 0000000000000000 R11: 0000000000000246 R12: 000055b5e55e332b
[ 19.294061][ T422] R13: 0000000000040000 R14: 000055b5fb23ade0 R15: 0000000000000000
[ 19.294069][ T422] </TASK>
[ 19.294071][ T422] Disabling lock debugging due to kernel taint
[ 19.373082][ T422] BUG: Bad page state in process modprobe pfn:163532
[ 19.373680][ T422] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x163532
[ 19.374387][ T422] flags: 0x8000000000000000(zone=2)
[ 19.374795][ T422] raw: 8000000000000000 dead000000000100 dead000000000122 0000000000000000
[ 19.375424][ T422] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[ 19.376107][ T422] page dumped because: nonzero _refcount
[ 19.376525][ T422] Modules linked in: torture
[ 19.376917][ T422] CPU: 0 UID: 0 PID: 422 Comm: modprobe Tainted: G B 6.18.0-rc5-00422-gffb870b76682 #1 PREEMPT(none) 65c9d11eede624b36533d4efe2c3c7798fc76b60
[ 19.376925][ T422] Tainted: [B]=BAD_PAGE
[ 19.376927][ T422] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 19.376930][ T422] Call Trace:
[ 19.376933][ T422] <TASK>
[ 19.376936][ T422] dump_stack_lvl (lib/dump_stack.c:123)
[ 19.376946][ T422] ? show_regs_print_info (lib/dump_stack.c:104)
[ 19.376952][ T422] ? smp_call_function_many (kernel/smp.c:784)
[ 19.376959][ T422] bad_page (mm/page_alloc.c:?)
[ 19.376964][ T422] __free_frozen_pages (mm/page_alloc.c:?)
[ 19.376972][ T422] change_page_attr_set_clr (include/linux/list.h:372)
[ 19.376979][ T422] ? __set_memory_prot (arch/x86/mm/pat/set_memory.c:2041)
[ 19.376984][ T422] ? __set_memory_prot (arch/x86/mm/pat/set_memory.c:2041)
[ 19.376989][ T422] ? trace_contention_end (include/trace/events/lock.h:122)
[ 19.376995][ T422] ? do_raw_spin_lock (arch/x86/include/asm/atomic.h:107)
[ 19.377001][ T422] set_memory_rox (arch/x86/mm/pat/set_memory.c:2327)
[ 19.377006][ T422] ? set_memory_nx (arch/x86/mm/pat/set_memory.c:2123 arch/x86/mm/pat/set_memory.c:2312)
[ 19.377010][ T422] ? set_memory_ro (arch/x86/mm/pat/set_memory.c:2321)
[ 19.377016][ T422] ? _raw_spin_unlock (arch/x86/include/asm/preempt.h:95 include/linux/spinlock_api_smp.h:143 kernel/locking/spinlock.c:186)
[ 19.377023][ T422] ? find_vmap_area (mm/vmalloc.c:2507)
[ 19.377028][ T422] module_enable_text_rox (kernel/module/strict_rwx.c:40)
[ 19.377036][ T422] complete_formation (kernel/module/main.c:3258)
[ 19.377042][ T422] ? __might_fault (mm/memory.c:7142)
[ 19.377046][ T422] ? post_relocation (kernel/module/main.c:3237)
[ 19.377051][ T422] ? __might_fault (mm/memory.c:7142)
[ 19.377054][ T422] ? init_build_id (kernel/module/kallsyms.c:?)
[ 19.377061][ T422] load_module (kernel/module/main.c:3468)
[ 19.377069][ T422] __se_sys_finit_module (kernel/module/main.c:? kernel/module/main.c:3713 kernel/module/main.c:3739 kernel/module/main.c:3723)
[ 19.377074][ T422] ? __x64_sys_finit_module (kernel/module/main.c:3723)
[ 19.377081][ T422] ? do_sys_openat2 (fs/open.c:1447)
[ 19.377089][ T422] ? __ia32_sys_write (fs/read_write.c:754)
[ 19.377095][ T422] ? do_sys_open (fs/open.c:1452)
[ 19.377100][ T422] ? entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)
[ 19.377104][ T422] do_syscall_64 (arch/x86/entry/syscall_64.c:?)
[ 19.377111][ T422] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)
[ 19.377115][ T422] RIP: 0033:0x7f8d36fda779
[ 19.377120][ T422] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 4f 86 0d 00 f7 d8 64 89 01 48
All code
========
0: ff c3 inc %ebx
2: 66 2e 0f 1f 84 00 00 cs nopw 0x0(%rax,%rax,1)
9: 00 00 00
c: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
11: 48 89 f8 mov %rdi,%rax
14: 48 89 f7 mov %rsi,%rdi
17: 48 89 d6 mov %rdx,%rsi
1a: 48 89 ca mov %rcx,%rdx
1d: 4d 89 c2 mov %r8,%r10
20: 4d 89 c8 mov %r9,%r8
23: 4c 8b 4c 24 08 mov 0x8(%rsp),%r9
28: 0f 05 syscall
2a:* 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax <-- trapping instruction
30: 73 01 jae 0x33
32: c3 ret
33: 48 8b 0d 4f 86 0d 00 mov 0xd864f(%rip),%rcx # 0xd8689
3a: f7 d8 neg %eax
3c: 64 89 01 mov %eax,%fs:(%rcx)
3f: 48 rex.W
Code starting with the faulting instruction
===========================================
0: 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax
6: 73 01 jae 0x9
8: c3 ret
9: 48 8b 0d 4f 86 0d 00 mov 0xd864f(%rip),%rcx # 0xd865f
10: f7 d8 neg %eax
12: 64 89 01 mov %eax,%fs:(%rcx)
15: 48 rex.W
[ 19.377123][ T422] RSP: 002b:00007ffe07ac3298 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
[ 19.377128][ T422] RAX: ffffffffffffffda RBX: 000055b5fb23ac50 RCX: 00007f8d36fda779
[ 19.377131][ T422] RDX: 0000000000000000 RSI: 000055b5fb23aff0 RDI: 0000000000000005
[ 19.377134][ T422] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 19.377136][ T422] R10: 0000000000000000 R11: 0000000000000246 R12: 000055b5fb23aff0
[ 19.377139][ T422] R13: 0000000000040000 R14: 000055b5fb23ad80 R15: 0000000000000000
[ 19.377143][ T422] </TASK>
The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20251117/202511172257.ffd96dab-lkp@intel.com
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
next prev parent reply other threads:[~2025-11-17 14:38 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-13 14:04 [PATCH 0/4] Convert pgtable to use frozen pages Matthew Wilcox (Oracle)
2025-11-13 14:04 ` [PATCH 1/4] mm: Use frozen pages for page tables Matthew Wilcox (Oracle)
2025-11-13 18:24 ` Vishal Moola (Oracle)
2025-11-13 19:14 ` Vishal Moola (Oracle)
2025-11-14 13:45 ` Matthew Wilcox
2025-11-14 14:31 ` Will Deacon
2025-11-17 14:38 ` kernel test robot [this message]
2025-11-18 0:44 ` Vishal Moola (Oracle)
2025-11-19 15:46 ` Chih-En Lin
2025-11-20 13:55 ` David Hildenbrand (Red Hat)
2025-11-13 14:04 ` [PATCH 2/4] mm: Account pagetable memory when allocated Matthew Wilcox (Oracle)
2025-11-13 19:39 ` Vishal Moola (Oracle)
2025-11-13 14:04 ` [PATCH 3/4] mm: Mark " Matthew Wilcox (Oracle)
2025-11-18 17:00 ` David Hildenbrand (Red Hat)
2025-11-13 14:04 ` [PATCH 4/4] pgtable: Remove uses of page->lru Matthew Wilcox (Oracle)
2025-11-20 13:56 ` David Hildenbrand (Red Hat)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202511172257.ffd96dab-lkp@intel.com \
--to=oliver.sang@intel.com \
--cc=akpm@linux-foundation.org \
--cc=david@kernel.org \
--cc=linux-mm@kvack.org \
--cc=lkp@intel.com \
--cc=oe-lkp@lists.linux.dev \
--cc=vishal.moola@gmail.com \
--cc=willy@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.