Kernel crash with ftrace tests

From: Sachin Sant
Date: Tue May 30 2023 - 00:51:23 EST

Next message: Ratheesh Kannoth: "[PATCH] kernel: bpf: syscall: fix a possible sleep-in-atomic bug in __bpf_prog_put()"
Previous message: menglong8 . dong: "[PATCH] bpf, x86: allow function arguments up to 12 for TRACING"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

While running ftrace specific kernel selftests on IBM Power9 server,
following crash is observed. I have observed this crash only on Power9.
Similar test run on a Power10 server works.

[14350.791484] Kernel attempted to read user page (8) - exploit attempt? (uid: 0)
[14350.791507] BUG: Kernel NULL pointer dereference on read at 0x00000008
[14350.791514] Faulting instruction address: 0xc0000000004bf0e0
[14350.791521] Oops: Kernel access of bad area, sig: 11 [#1]
[14350.791526] LE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=8192 NUMA pSeries
[14350.791532] Modules linked in: nvram rpadlpar_io rpaphp uinput torture dummy veth tun nfsv3 nfs_acl nfs lockd grace fscache netfs brd overlay exfat vfat fat xfs loop sctp ip6_udp_tunnel udp_tunnel dm_mod nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set bonding tls rfkill nf_tables libcrc32c nfnetlink sunrpc pseries_rng vmx_crypto ext4 mbcache jbd2 sd_mod t10_pi crc64_rocksoft crc64 sg ibmvscsi scsi_transport_srp ibmveth fuse [last unloaded: test_cpuidle_latency(O)]
[14350.791616] CPU: 8 PID: 1169868 Comm: perl Tainted: G O 6.4.0-rc4-g8b817fded42d #1
[14350.791623] Hardware name: IBM,8375-42A POWER9 (raw) 0x4e0202 0xf000005 of:IBM,FW950.50 (VL950_105) hv:phyp pSeries
[14350.791629] NIP: c0000000004bf0e0 LR: c000000000498924 CTR: c0000000002e8f60
[14350.791635] REGS: c0000002c8313830 TRAP: 0300 Tainted: G O (6.4.0-rc4-g8b817fded42d)
[14350.791641] MSR: 8000000000009033 <SF,EE,ME,IR,DR,RI,LE> CR: 483139c4 XER: 20040000
[14350.791655] CFAR: c00000000000dbbc DAR: 0000000000000008 DSISR: 40000000 IRQMASK: 0
[14350.791655] GPR00: c000000000498924 c0000002c8313ad0 c000000001411300 0000000000000000
[14350.791655] GPR04: c00000001d939d68 0000000000000000 0000000000010000 0000000000000008
[14350.791655] GPR08: ffffffffffffffff 0000000000008000 0000000000000800 0000000000000001
[14350.791655] GPR12: 0000000000003000 c00000001ec56700 0000000000000000 0000000000000000
[14350.791655] GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[14350.791655] GPR20: 0000000000000000 c000000002c67400 c0000001be8b4000 c000000002c67378
[14350.791655] GPR24: c00000001a41d200 c00000001a41d200 00007fffb8eb0000 0000000000000000
[14350.791655] GPR28: 8603721f020000c0 c00000001d939d68 0000000000000000 c0000002c8313c18
[14350.791724] NIP [c0000000004bf0e0] page_remove_rmap+0x40/0x320
[14350.791732] LR [c000000000498924] wp_page_copy+0x384/0xde0
[14350.791738] Call Trace:
[14350.791741] [c0000002c8313ad0] [c00000001a41d200] 0xc00000001a41d200 (unreliable)
[14350.791749] [c0000002c8313b20] [c000000000498924] wp_page_copy+0x384/0xde0
[14350.791756] [c0000002c8313bf0] [c0000000004a1a34] __handle_mm_fault+0x9a4/0xf90
[14350.791764] [c0000002c8313cf0] [c0000000004a2110] handle_mm_fault+0xf0/0x350
[14350.791771] [c0000002c8313d40] [c000000000094b8c] ___do_page_fault+0x47c/0xc20
[14350.791780] [c0000002c8313df0] [c000000000095540] hash__do_page_fault+0x30/0x70
[14350.791788] [c0000002c8313e20] [c00000000009e378] do_hash_fault+0x278/0x470
[14350.791794] [c0000002c8313e50] [c000000000008be0] data_access_common_virt+0x210/0x220
[14350.791802] --- interrupt: 300 at 0x7fffb8e91968
[14350.791807] NIP: 00007fffb8e91968 LR: 00007fffb8e91958 CTR: 0000000000000000
[14350.791812] REGS: c0000002c8313e80 TRAP: 0300 Tainted: G O (6.4.0-rc4-g8b817fded42d)
[14350.791818] MSR: 800000000280f033 <SF,VEC,VSX,EE,PR,FP,ME,IR,DR,RI,LE> CR: 24000422 XER: 00000000
[14350.791835] CFAR: 00007fffb8e9185c DAR: 00007fffb8eb0000 DSISR: 0a000000 IRQMASK: 0
[14350.791835] GPR00: 00007fffb9684d14 00007fffc55f14f0 00007fffb8eb7f00 00007fffb8eb0000
[14350.791835] GPR04: 0000000000000001 00007fffb9122840 0000000000000001 0000000000000000
[14350.791835] GPR08: 00007fffb9122890 0000000000000001 0000000000000000 00007fffc55f1440
[14350.791835] GPR12: 0000000000000000 00007fffb96dce80 0000000000000000 0000000000000000
[14350.791835] GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[14350.791835] GPR20: 00007fffb8eafb38 00007fffc55f15a8 00007fffc55f1560 00007fffc55f1550
[14350.791835] GPR24: 0000010022406210 0000000000000000 00007fffb96d0988 00007fffb96d0000
[14350.791835] GPR28: 0000000000000000 00007fffb96d0000 00007fffb8eafb38 00007fffc55f1550
[14350.791902] NIP [00007fffb8e91968] 0x7fffb8e91968
[14350.791907] LR [00007fffb8e91958] 0x7fffb8e91958
[14350.791911] --- interrupt: 300
[14350.791914] Code: 7c0802a6 7d908026 fb61ffd8 fba1ffe8 fbc1fff0 fbe1fff8 7c7e1b78 7c9d2378 7cbb2b78 91810008 f8010010 f821ffb1 <e9230008> 712a0001 3929ffff 7fe3489e
[14350.791937] ---[ end trace 0000000000000000 ]---
[14350.793185] pstore: backend (nvram) writing error (-1)
[14350.793190]
[14351.793195] Kernel panic - not syncing: Fatal exception

- Sachin

Next message: Ratheesh Kannoth: "[PATCH] kernel: bpf: syscall: fix a possible sleep-in-atomic bug in __bpf_prog_put()"
Previous message: menglong8 . dong: "[PATCH] bpf, x86: allow function arguments up to 12 for TRACING"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]