Greeting,

FYI, we noticed the following commit (built with gcc-9):

commit: b7fb14d3ac63117e0e8beabe75f4ea52051fbe3a ("ide: remove the legacy ide driver")
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git master


in testcase: trinity
version: trinity-static-i386-x86_64-f93256fb_2019-08-28
with following parameters:

	number: 99999
	group: group-00

test-description: Trinity is a linux system call fuzz tester.
test-url: http://codemonkey.org.uk/projects/trinity/


on test machine: qemu-system-i386 -enable-kvm -cpu SandyBridge -smp 2 -m 4G

caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):


+-------------------------------------------------------------------------------------+------------+------------+
|                                                                                     | b90257bfdd | b7fb14d3ac |
+-------------------------------------------------------------------------------------+------------+------------+
| EIP:ioread32_rep                                                                    | 0          | 110        |
+-------------------------------------------------------------------------------------+------------+------------+


If you fix the issue, kindly add following tag
Reported-by: kernel test robot <oliver.sang@intel.com>


[   76.215832] BUG: unable to handle page fault for address: fffba000
[   76.216542] #PF: supervisor write access in kernel mode
[   76.216542] #PF: error_code(0x0002) - not-present page
[   76.216542] *pde = 1c5cc067 *pte = 00000000
[   76.216542] Oops: 0002 [#1] SMP
[   76.216542] CPU: 0 PID: 7 Comm: kworker/0:1 Tainted: G S      W         5.13.0-rc2-00028-gb7fb14d3ac63 #1
[   76.216542] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[   76.216542] Workqueue: ata_sff ata_sff_pio_task
[   76.216542] EIP: ioread32_rep (arch/x86/include/asm/io.h:336 (discriminator 4) lib/iomap.c:338 (discriminator 4)) 
[ 76.216542] Code: 78 15 8d b6 00 00 00 00 8b 10 83 e9 01 89 17 83 c7 04 83 f9 ff 75 f1 8b 7d fc c9 c3 8d 74 26 00 3d 00 00 01 00 76 11 0f b7 d0 <f3> 6d 8b 7d fc c9 c3 8d b4 26 00 00 00 00 8b 15 fc ec ea da 85 d2
All code
========
   0:	78 15                	js     0x17
   2:	8d b6 00 00 00 00    	lea    0x0(%rsi),%esi
   8:	8b 10                	mov    (%rax),%edx
   a:	83 e9 01             	sub    $0x1,%ecx
   d:	89 17                	mov    %edx,(%rdi)
   f:	83 c7 04             	add    $0x4,%edi
  12:	83 f9 ff             	cmp    $0xffffffff,%ecx
  15:	75 f1                	jne    0x8
  17:	8b 7d fc             	mov    -0x4(%rbp),%edi
  1a:	c9                   	leaveq 
  1b:	c3                   	retq   
  1c:	8d 74 26 00          	lea    0x0(%rsi,%riz,1),%esi
  20:	3d 00 00 01 00       	cmp    $0x10000,%eax
  25:	76 11                	jbe    0x38
  27:	0f b7 d0             	movzwl %ax,%edx
  2a:*	f3 6d                	rep insl (%dx),%es:(%rdi)		<-- trapping instruction
  2c:	8b 7d fc             	mov    -0x4(%rbp),%edi
  2f:	c9                   	leaveq 
  30:	c3                   	retq   
  31:	8d b4 26 00 00 00 00 	lea    0x0(%rsi,%riz,1),%esi
  38:	8b 15 fc ec ea da    	mov    -0x25151304(%rip),%edx        # 0xffffffffdaeaed3a
  3e:	85 d2                	test   %edx,%edx

Code starting with the faulting instruction
===========================================
   0:	f3 6d                	rep insl (%dx),%es:(%rdi)
   2:	8b 7d fc             	mov    -0x4(%rbp),%edi
   5:	c9                   	leaveq 
   6:	c3                   	retq   
   7:	8d b4 26 00 00 00 00 	lea    0x0(%rsi,%riz,1),%esi
   e:	8b 15 fc ec ea da    	mov    -0x25151304(%rip),%edx        # 0xffffffffdaeaed10
  14:	85 d2                	test   %edx,%edx
[   76.216542] EAX: 00010170 EBX: 00000200 ECX: 00000080 EDX: 00000170
[   76.216542] ESI: fffb9ec0 EDI: fffb9ec0 EBP: c1c9be58 ESP: c1c9be54
[   76.216542] DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 EFLAGS: 00010002
[   76.216542] CR0: 80050033 CR2: fffba000 CR3: 1bb3e000 CR4: 000406d0
[   76.216542] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
[   76.216542] DR6: fffe0ff0 DR7: 00000400
[   76.216542] Call Trace:
[   76.216542] ata_sff_data_xfer32 (drivers/ata/libata-sff.c:612) 
[   76.216542] ? ata_sff_data_xfer (drivers/ata/libata-sff.c:595) 
[   76.216542] ata_pio_sector (include/linux/highmem-internal.h:112 drivers/ata/libata-sff.c:676) 
[   76.216542] ata_pio_sectors (drivers/ata/libata-sff.c:717) 
[   76.216542] ata_sff_hsm_move (drivers/ata/libata-sff.c:1169) 
[   76.216542] ? lock_acquired (kernel/locking/lockdep.c:5705 kernel/locking/lockdep.c:5765) 
[   76.216542] ? ata_sff_pio_task (drivers/ata/libata-sff.c:1279) 
[   76.216542] ata_sff_pio_task (drivers/ata/libata-sff.c:1321) 
[   76.216542] process_one_work (arch/x86/include/asm/jump_label.h:19 include/linux/jump_label.h:200 include/trace/events/workqueue.h:108 kernel/workqueue.c:2280) 
[   76.216542] worker_thread (include/linux/list.h:282 kernel/workqueue.c:2422) 
[   76.216542] kthread (kernel/kthread.c:313) 
[   76.216542] ? process_one_work (kernel/workqueue.c:2364) 
[   76.216542] ? kthread_insert_work_sanity_check (kernel/kthread.c:266) 
[   76.216542] ret_from_fork (arch/x86/entry/entry_32.S:775) 
[   76.216542] Modules linked in:
[   76.216542] CR2: 00000000fffba000
[   76.216542] ---[ end trace c380b1d7998675ad ]---
[   76.216542] EIP: ioread32_rep (arch/x86/include/asm/io.h:336 (discriminator 4) lib/iomap.c:338 (discriminator 4)) 
[ 76.216542] Code: 78 15 8d b6 00 00 00 00 8b 10 83 e9 01 89 17 83 c7 04 83 f9 ff 75 f1 8b 7d fc c9 c3 8d 74 26 00 3d 00 00 01 00 76 11 0f b7 d0 <f3> 6d 8b 7d fc c9 c3 8d b4 26 00 00 00 00 8b 15 fc ec ea da 85 d2
All code
========
   0:	78 15                	js     0x17
   2:	8d b6 00 00 00 00    	lea    0x0(%rsi),%esi
   8:	8b 10                	mov    (%rax),%edx
   a:	83 e9 01             	sub    $0x1,%ecx
   d:	89 17                	mov    %edx,(%rdi)
   f:	83 c7 04             	add    $0x4,%edi
  12:	83 f9 ff             	cmp    $0xffffffff,%ecx
  15:	75 f1                	jne    0x8
  17:	8b 7d fc             	mov    -0x4(%rbp),%edi
  1a:	c9                   	leaveq 
  1b:	c3                   	retq   
  1c:	8d 74 26 00          	lea    0x0(%rsi,%riz,1),%esi
  20:	3d 00 00 01 00       	cmp    $0x10000,%eax
  25:	76 11                	jbe    0x38
  27:	0f b7 d0             	movzwl %ax,%edx
  2a:*	f3 6d                	rep insl (%dx),%es:(%rdi)		<-- trapping instruction
  2c:	8b 7d fc             	mov    -0x4(%rbp),%edi
  2f:	c9                   	leaveq 
  30:	c3                   	retq   
  31:	8d b4 26 00 00 00 00 	lea    0x0(%rsi,%riz,1),%esi
  38:	8b 15 fc ec ea da    	mov    -0x25151304(%rip),%edx        # 0xffffffffdaeaed3a
  3e:	85 d2                	test   %edx,%edx

Code starting with the faulting instruction
===========================================
   0:	f3 6d                	rep insl (%dx),%es:(%rdi)
   2:	8b 7d fc             	mov    -0x4(%rbp),%edi
   5:	c9                   	leaveq 
   6:	c3                   	retq   
   7:	8d b4 26 00 00 00 00 	lea    0x0(%rsi,%riz,1),%esi
   e:	8b 15 fc ec ea da    	mov    -0x25151304(%rip),%edx        # 0xffffffffdaeaed10
  14:	85 d2                	test   %edx,%edx


To reproduce:

        # build kernel
	cd linux
	cp config-5.13.0-rc2-00028-gb7fb14d3ac63 .config
	make HOSTCC=gcc-9 CC=gcc-9 ARCH=i386 olddefconfig prepare modules_prepare bzImage

        git clone https://github.com/intel/lkp-tests.git
        cd lkp-tests
        bin/lkp qemu -k <bzImage> job-script # job-script is attached in this email



---
0DAY/LKP+ Test Infrastructure                   Open Source Technology Center
https://lists.01.org/hyperkitty/list/lkp@lists.01.org       Intel Corporation

Thanks,
Oliver Sang