Re: 4.5.0-rc6: kernel BUG at ../mm/memory.c:1879

[Vlastimil Babka]

On 03/07/2016 01:51 PM, Vlastimil Babka wrote:
> [+CC ARM, module maintainers/lists]
>
> On 03/07/2016 12:14 PM, Matwey V. Kornilov wrote:
> > Hello,
> >
> > I see the following when try to boot 4.5.0-rc6 on ARM TI AM33xx based board.
> >
> >       [   13.907631] ------------[ cut here ]------------
> >       [   13.912323] kernel BUG at ../mm/memory.c:1879!
>
> That's:
> BUG_ON(addr >= end);
>
> where:
> end = addr + size;
>
> All these variables are unsigned long, so they overflown?
>
> I don't know ARM much, and there's no code for decodecode, but if I get
> the calling convention correctly, and the registers didn't change, both
> addr is r1 and size is r2, i.e. both bf006000. Weird.

OK, wrong, according to followup mail from Matwey which I'm pasting here 
to include the CC list:

===
I believe the following kgdb backtrace is relevant.

size = 0 for some reason in apply_to_page_range
This means that end == addr.

(gdb) bt
#0  apply_to_page_range (mm=0xc11d3190 <init_mm>, addr=3204472832,
size=0, fn=0xc0231cec <change_page_range>, data=0xdb5c3de8)
    at ../mm/memory.c:1876
#1  0xc0231dc4 in change_memory_common (addr=3204472832,
numpages=<optimized out>, set_mask=<optimized out>, clear_mask=0)
    at ../arch/arm/mm/pageattr.c:61
#2  0xc0231e30 in set_memory_ro (addr=<optimized out>,
numpages=<optimized out>) at ../arch/arm/mm/pageattr.c:70
#3  0xc02fd5b4 in frob_rodata (layout=<optimized out>,
set_memory=0xbf006000) at ../kernel/module.c:1983
#4  0xc02ff4f8 in module_enable_ro (mod=<optimized out>) at
../kernel/module.c:2011
#5  0xc0301c80 in complete_formation (info=<optimized out>,
mod=<optimized out>) at ../kernel/module.c:3494
#6  load_module (info=0xdb5c3f40, uargs=<optimized out>,
flags=<optimized out>) at ../kernel/module.c:3622
#7  0xc0302120 in SYSC_finit_module (flags=<optimized out>,
uargs=<optimized out>, fd=<optimized out>) at ../kernel/module.c:3741
#8  SyS_finit_module (fd=6, uargs=-1226082716, flags=0) at
../kernel/module.c:3722
#9  0xc021c140 in arm_elf_read_implies_exec (x=<optimized out>,
executable_stack=-1090494464) at ../arch/arm/kernel/elf.c:90
#10 0x00000006 in __vectors_start ()
Backtrace stopped: previous frame inner to this frame (corrupt stack?)

> >       [   13.916795] Internal error: Oops - BUG: 0 [#1] PREEMPT SMP ARM
> >       [   13.922663] Modules linked in:
> >       [   13.925761] CPU: 0 PID: 242 Comm: systemd-udevd Not tainted 4.5.0-rc6-3.ga55dde2-default #1
> >       [   13.934153] Hardware name: Generic AM33XX (Flattened Device Tree)
> >       [   13.940281] task: c2da2040 ti: c2db4000 task.ti: c2db4000
> >       [   13.945738] PC is at apply_to_page_range+0x23c/0x240
> >       [   13.950741] LR is at change_memory_common+0x94/0xe0
> >       [   13.955648] pc : [<c03b333c>]    lr : [<c0231dc4>]    psr: 60010013
> >       [   13.955648] sp : c2db5d88  ip : c2db5dd8  fp : c2db5dd4
> >       [   13.967182] r10: bf002080  r9 : c2db5de8  r8 : c0231cec
> >       [   13.972434] r7 : bf002180  r6 : bf006000  r5 : bf006000  r4 : bf006000
> >       [   13.978995] r3 : c0231cec  r2 : bf006000  r1 : bf006000  r0 : c11d3190
> >       [   13.985559] Flags: nZCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment user
> >       [   13.992732] Control: 10c5387d  Table: 82dc0019  DAC: 00000055
> >       [   13.998509] Process systemd-udevd (pid: 242, stack limit = 0xc2db4220)
> >       [   14.005070] Stack: (0xc2db5d88 to 0xc2db6000)
> >       [   14.009457] 5d80:                   bf005fff c11d3190 c11d3190 00000001 c1187dc4 c136c540
> >       [   14.017682] 5da0: bf006000 c11d3190 c2db5dd4 bf006000 00000000 bf006000 bf002180 00000000
> >       [   14.025907] 5dc0: c118350c bf002080 c2db5e14 c2db5dd8 c0231dc4 c03b310c c2db5de8 0000000c
> >       [   14.034130] 5de0: c2db5dfc c2db5df0 00000080 00000000 c2db5e4c c0231e10 bf0021ac bf002180
> >       [   14.042355] 5e00: bf002180 bf0021ac c2db5e24 c2db5e18 c0231e30 c0231d3c c2db5e3c c2db5e28
> >       [   14.050579] 5e20: c02fd5b4 c0231e1c c0231e10 bf0021ac c2db5e5c c2db5e40 c02ff4f8 c02fd568
> >       [   14.058802] 5e40: 00000001 bf00208c c2db5f40 bf002180 c2db5f34 c2db5e60 c0301c80 c02ff4ac
> >       [   14.067025] 5e60: bf002080 c042d74c 00000000 00000000 bf000000 c118350c c0b359cc 00000000
> >       [   14.075250] 5e80: bf00208c c118350c bf003000 c2db5ea0 bf002190 bf00208c 000014e4 00000000
> >       [   14.083473] 5ea0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
> >       [   14.091695] 5ec0: 00000000 00000000 6e72656b 00006c65 00000000 00000000 00000000 00000000
> >       [   14.099918] 5ee0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
> >       [   14.108143] 5f00: 00000000 dc8ba700 00000010 00000000 00000006 b6e73664 0000017b c021c308
> >       [   14.116367] 5f20: c2db4000 00000000 c2db5fa4 c2db5f38 c0302120 c03009ac 00000002 00000000
> >       [   14.124590] 5f40: d0851000 000014e4 d0851f0c d085180b d0851ca4 00003000 00003110 00000000
> >       [   14.132814] 5f60: 00000000 00000000 00001538 0000001b 0000001c 00000014 00000011 0000000d
> >       [   14.141036] 5f80: 00000000 00000000 00000000 7f611780 00000000 00000000 00000000 c2db5fa8
> >       [   14.149259] 5fa0: c021c140 c0302090 7f611780 00000000 00000006 b6e73664 00000000 7f611830
> >       [   14.157484] 5fc0: 7f611780 00000000 00000000 0000017b 00000000 00000000 00020000 80a76238
> >       [   14.165707] 5fe0: be8c8058 be8c8048 b6e69de0 b6d8db40 60010010 00000006 45145044 91104437
> >       [   14.173957] [<c03b333c>] (apply_to_page_range) from [<c0231dc4>] (change_memory_common+0x94/0xe0)
> >       [   14.182888] [<c0231dc4>] (change_memory_common) from [<c0231e30>] (set_memory_ro+0x20/0x28)
> >       [   14.191307] [<c0231e30>] (set_memory_ro) from [<c02fd5b4>] (frob_rodata+0x58/0x6c)
> >       [   14.198930] [<c02fd5b4>] (frob_rodata) from [<c02ff4f8>] (module_enable_ro+0x58/0x60)
>
> These just seem to pass on whatever module loader told them.
>
> >       [   14.206811] [<c02ff4f8>] (module_enable_ro) from [<c0301c80>] (load_module+0x12e0/0x1548)
>
> This uses mod->core_layout to get the range, so maybe that's what's wrong?
>
> >       [   14.215039] [<c0301c80>] (load_module) from [<c0302120>] (SyS_finit_module+0x9c/0xd8)
> >       [   14.222920] [<c0302120>] (SyS_finit_module) from [<c021c140>] (ret_fast_syscall+0x0/0x34)
> >       [   14.231148] Code: e3500000 1afffff4 e51a3008 eaffffe5 (e7f001f2)
> >       [   14.237282] ---[ end trace e25b4430ecf4fcdd ]---
> >
> >
> > --
> > To unsubscribe, send a message with 'unsubscribe linux-mm' in
> > the body to majordomo@xxxxxxxxxx  For more info on Linux MM,
> > see: http://www.linux-mm.org/ .
> > Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>
>
> --
> To unsubscribe, send a message with 'unsubscribe linux-mm' in
> the body to majordomo@xxxxxxxxxx  For more info on Linux MM,
> see: http://www.linux-mm.org/ .
> Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>