From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D2D7C17C220; Thu, 12 Feb 2026 23:21:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1770938516; cv=none; b=pegEhrDl9mcZHr3wgN0a0yFumR/PQeL/x+SlYJOrBKfQuZbFlqTgWNXauvitiQxH+uPeydFkfXsUQvoprHg9SBmC16IqSQ1TBJR3QdxmxWUOH5g9YiCqE/DPHOCSn5mkrPfZzYT4n2bS4DljjLdU5I8+ILw7xdePOjig9BykNK4= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1770938516; c=relaxed/simple; bh=qp9sXiv6YCh7kOwFOz34uHvgOY/+lP6HG9yRJ7MwebU=; h=From:To:Cc:Subject:In-Reply-To:References:Date:Message-ID: MIME-Version:Content-Type; b=DMv2uNde4jKPlamVXy+WNSkDeF86Ck9InPpr9xSrAk8awws7C9K1i8fP11kOyy1SLqoJBfC6aZ4IPpp4PyVPm8aU7jr0+1BtLuRZCdsLLkR8f+fzJ22HSPWakj2KmVLb7k6kFEe7AwNE0H/Nv+lN6VeUMu6aNcll1hft5wQtsYw= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=Tw/erl5i; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="Tw/erl5i" Received: by smtp.kernel.org (Postfix) with ESMTPSA id E0237C4CEF7; Thu, 12 Feb 2026 23:21:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1770938516; bh=qp9sXiv6YCh7kOwFOz34uHvgOY/+lP6HG9yRJ7MwebU=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From; b=Tw/erl5i9fySER5rkZCKFWApobBaok/63eR0sHqXQmPaOPqXcyNDfzXq1ul9GmIqy xQE2uq5b5bATz4n8TvFr0gGUBNRk4HqQrlhN+lnD3+v6asmbQnJs7LchrLBHUpQl1I AHziSXdvKl/l9ph6nDlvAO2n3iEZ91xg1MircFRHXUvmTNs3GbrJZdyNKtj1iXXp9j Og6gpy2spreRZrbQ1J8Ql+tlHZ3bs1TD0ZCNGYMr6EfMJnrZ23NhoICIq6ZYWoBtDG mZBoEw8uE2ySvVxwolmrBVPPA6FNShcY9mxJQMmlbxZdukHVvHerFzZZK4e4QtCa8G KEv8YxSBJbqpA== From: Thomas Gleixner To: Mathieu Desnoyers , root Cc: peterz@infradead.org, mingo@redhat.com, linux-kernel@vger.kernel.org, mjfara@gmail.com, Greg Kroah-Hartman , "stable@vger.kernel.org" Subject: Re: [BUG] sched_mm_cid_exit+0xe2: page fault on CID bitmap write with nopti on 6.19.0 In-Reply-To: <31feb490-c9dc-4cb0-80bc-951e9a6cdab6@efficios.com> References: <20260212211213.F1BE52A1C1D@windowsforum.com> <31feb490-c9dc-4cb0-80bc-951e9a6cdab6@efficios.com> Date: Fri, 13 Feb 2026 00:21:52 +0100 Message-ID: <87seb58s4v.ffs@tglx> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain On Thu, Feb 12 2026 at 16:19, Mathieu Desnoyers wrote: > On 2026-02-12 16:12, root wrote: >> I'm hitting a repeatable page fault in sched_mm_cid_exit() on 6.19.0 >> when booting with nopti. The crash occurs during process exit >> (do_exit -> sched_mm_cid_exit) on an atomic bit-clear (lock btr) of >> the CID bitmap. The faulting address is within a 2MB huge page that >> returns a permissions violation on supervisor write access. >> >> The bug triggered 8 times over ~20 hours on a single boot, hitting >> multiple unrelated processes (git, gce_workload_ce). Eventually D-Bus >> died and systemd became non-functional, requiring a hard power-off. > > Can you confirm whether the following fix in Linus' tree fixes your issue ? It's exactly that problem: 2a:* f0 48 0f b3 10 lock btr %rdx,(%rax) <-- trapping instruction RDX: 0000000020000006 which has the TRANSIT bit set and that's what below fixes: > commit 1e83ccd5921a ("sched/mmcid: Don't assume CID is CPU owned on mode switch")