From: Thomas Gleixner <tglx@kernel.org>
To: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>,
root <admin@windowsforum.com>
Cc: peterz@infradead.org, mingo@redhat.com,
linux-kernel@vger.kernel.org, mjfara@gmail.com,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
"stable@vger.kernel.org" <stable@vger.kernel.org>
Subject: Re: [BUG] sched_mm_cid_exit+0xe2: page fault on CID bitmap write with nopti on 6.19.0
Date: Fri, 13 Feb 2026 00:21:52 +0100 [thread overview]
Message-ID: <87seb58s4v.ffs@tglx> (raw)
In-Reply-To: <31feb490-c9dc-4cb0-80bc-951e9a6cdab6@efficios.com>
On Thu, Feb 12 2026 at 16:19, Mathieu Desnoyers wrote:
> On 2026-02-12 16:12, root wrote:
>> I'm hitting a repeatable page fault in sched_mm_cid_exit() on 6.19.0
>> when booting with nopti. The crash occurs during process exit
>> (do_exit -> sched_mm_cid_exit) on an atomic bit-clear (lock btr) of
>> the CID bitmap. The faulting address is within a 2MB huge page that
>> returns a permissions violation on supervisor write access.
>>
>> The bug triggered 8 times over ~20 hours on a single boot, hitting
>> multiple unrelated processes (git, gce_workload_ce). Eventually D-Bus
>> died and systemd became non-functional, requiring a hard power-off.
>
> Can you confirm whether the following fix in Linus' tree fixes your issue ?
It's exactly that problem:
2a:* f0 48 0f b3 10 lock btr %rdx,(%rax) <-- trapping instruction
RDX: 0000000020000006
which has the TRANSIT bit set and that's what below fixes:
> commit 1e83ccd5921a ("sched/mmcid: Don't assume CID is CPU owned on mode switch")
next prev parent reply other threads:[~2026-02-12 23:21 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-12 21:12 [BUG] sched_mm_cid_exit+0xe2: page fault on CID bitmap write with nopti on 6.19.0 root
2026-02-12 21:19 ` Mathieu Desnoyers
2026-02-12 23:21 ` Thomas Gleixner [this message]
2026-02-13 11:16 ` Greg Kroah-Hartman
-- strict thread matches above, loose matches on Subject: below --
2026-02-12 21:13 mjfara
2026-02-12 21:14 mjfara
2026-02-12 21:33 Mike Fara
2026-02-12 22:28 Mike Fara
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87seb58s4v.ffs@tglx \
--to=tglx@kernel.org \
--cc=admin@windowsforum.com \
--cc=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mathieu.desnoyers@efficios.com \
--cc=mingo@redhat.com \
--cc=mjfara@gmail.com \
--cc=peterz@infradead.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.