From: bugzilla-daemon@bugzilla.kernel.org
To: linuxppc-dev@lists.ozlabs.org
Subject: [Bug 214913] New: [xfstests generic/051] BUG: Kernel NULL pointer dereference on read at 0x00000108 NIP [c0000000000372e4] tm_cgpr_active+0x14/0x40
Date: Tue, 02 Nov 2021 09:27:48 +0000 [thread overview]
Message-ID: <bug-214913-206035@https.bugzilla.kernel.org/> (raw)
https://bugzilla.kernel.org/show_bug.cgi?id=214913
Bug ID: 214913
Summary: [xfstests generic/051] BUG: Kernel NULL pointer
dereference on read at 0x00000108 NIP
[c0000000000372e4] tm_cgpr_active+0x14/0x40
Product: Platform Specific/Hardware
Version: 2.5
Kernel Version: mainline linux v5.15
Hardware: All
OS: Linux
Tree: Mainline
Status: NEW
Severity: normal
Priority: P1
Component: PPC-64
Assignee: platform_ppc-64@kernel-bugs.osdl.org
Reporter: zlang@redhat.com
Regression: No
xfstests generic/051 and some similar test cases always hit a kernel panic on
XFS.
From the call trace, it doesn't look like a xfs bug. As I only reproduce it on
ppc64le, so I report this bug to PPC64 at first.
[ 740.492561] run fstests generic/051 at 2021-11-01 12:40:42
[ 742.806962] XFS (sda3): Mounting V5 Filesystem
[ 742.925825] XFS (sda3): Ending clean mount
[ 742.955028] XFS (sda3): User initiated shutdown received.
[ 742.955201] XFS (sda3): Metadata I/O Error (0x4) detected at
xfs_fs_goingdown+0x68/0x160 [xfs] (fs/xfs/xfs_fsops.c:497). Shutting down
filesystem.
[ 742.955370] XFS (sda3): Please unmount the filesystem and rectify the
problem(s)
[ 742.973098] XFS (sda3): Unmounting Filesystem
[ 744.352066] XFS (sda3): Mounting V5 Filesystem
[ 744.425758] XFS (sda3): Ending clean mount
[ 775.192100] XFS (sda3): Unmounting Filesystem
[ 776.116445] XFS (sda3): Mounting V5 Filesystem
[ 777.331381] XFS (sda3): Ending clean mount
[ 800.111560] restraintd[1327]: *** Current Time: Mon Nov 01 12:41:42 2021
Localwatchdog at: Wed Nov 03 12:31:42 2021
[ 813.403287] XFS (sda3): User initiated shutdown received.
[ 813.403380] XFS (sda3): Log I/O Error (0x6) detected at
xfs_fs_goingdown+0xf8/0x160 [xfs] (fs/xfs/xfs_fsops.c:500). Shutting down
filesystem.
[ 813.403514] XFS (sda3): Please unmount the filesystem and rectify the
problem(s)
[ 813.418455] sda3: writeback error on inode 60042, offset 63640576, sector
2306320
[ 813.418484] sda3: writeback error on inode 81161, offset 13091840, sector
2306496
[ 813.428831] sda3: writeback error on inode 16878782, offset 30536704, sector
18080754
[ 813.429026] Kernel attempted to read user page (108) - exploit attempt?
(uid: 0)
[ 813.429068] BUG: Kernel NULL pointer dereference on read at 0x00000108
[ 813.429085] Faulting instruction address: 0xc0000000000372e4
[ 813.429102] Oops: Kernel access of bad area, sig: 11 [#1]
[ 813.429117] LE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=2048 NUMA pSeries
[ 813.429133] Modules linked in: bonding rfkill tls sunrpc pseries_rng drm
fuse drm_panel_orientation_quirks xfs libcrc32c sd_mod t10_pi sg ibmvscsi
ibmveth scsi_transport_srp vmx_crypto
[ 813.429202] CPU: 3 PID: 94001 Comm: fsstress Kdump: loaded Tainted: G
W 5.15.0 #1
[ 813.429216] NIP: c0000000000372e4 LR: c0000000006d9e48 CTR:
c0000000000372d0
[ 813.429227] REGS: c000000064ba7440 TRAP: 0300 Tainted: G W
(5.15.0)
[ 813.429238] MSR: 800000010280b033 <SF,VEC,VSX,EE,FP,ME,IR,DR,RI,LE,TM[E]>
CR: 88004280 XER: 00000000
[ 813.429272] CFAR: c00000000000cb1c DAR: 0000000000000108 DSISR: 40000000
IRQMASK: 0
[ 813.429272] GPR00: c0000000006d9e48 c000000064ba76e0 c000000002cdc400
0000000000000000
[ 813.429272] GPR04: c000000002c3ac50 0000000000000000 0000000000000000
c00000004d174000
[ 813.429272] GPR08: c0000000013d21d8 0000000000000000 0000000000000012
0000000000000000
[ 813.429272] GPR12: c0000000000372d0 c000000007fccb00 0000000000000000
0000000000000005
[ 813.429272] GPR16: 0000000000000000 c0000000d19fa900 c000000001365bb0
c000000003fc26b4
[ 813.429272] GPR20: c0000000d19fb338 0000000000040100 0000000000000001
0000000000000001
[ 813.429272] GPR24: c00000000135d2e0 00000000ffffffff c000000064ba7968
c000000001091ef8
[ 813.429272] GPR28: 0000000000000108 0000000000000004 c0000000cc456400
c000000002c3ac50
[ 813.429396] NIP [c0000000000372e4] tm_cgpr_active+0x14/0x40
[ 813.429420] LR [c0000000006d9e48] fill_thread_core_info+0x158/0x250
[ 813.429435] Call Trace:
[ 813.429443] [c000000064ba76e0] [c0000000006d9eb8]
fill_thread_core_info+0x1c8/0x250 (unreliable)
[ 813.429465] [c000000064ba7760] [c0000000006dac70]
fill_note_info.constprop.0+0x240/0x420
[ 813.429480] [c000000064ba77d0] [c0000000006daf3c] elf_core_dump+0xec/0x5e0
[ 813.429494] [c000000064ba79e0] [c0000000006e1edc] do_coredump+0x32c/0xc10
[ 813.429507] [c000000064ba7bb0] [c000000000187adc] get_signal+0x52c/0x910
[ 813.429519] [c000000064ba7ca0] [c000000000021b9c] do_signal+0x7c/0x330
[ 813.429533] [c000000064ba7d40] [c000000000022e00]
do_notify_resume+0xb0/0x140
[ 813.429548] [c000000064ba7d70] [c000000000031330]
interrupt_exit_user_prepare_main+0x220/0x280
[ 813.429562] [c000000064ba7de0] [c000000000031804]
syscall_exit_prepare+0xe4/0x1e0
[ 813.429575] [c000000064ba7e10] [c00000000000c174]
system_call_vectored_common+0xf4/0x278
[ 813.429589] --- interrupt: 3000 at 0x7fffa9c7667c
[ 813.429600] NIP: 00007fffa9c7667c LR: 0000000000000000 CTR:
0000000000000000
[ 813.429610] REGS: c000000064ba7e80 TRAP: 3000 Tainted: G W
(5.15.0)
[ 813.429621] MSR: 800000000000d033 <SF,EE,PR,ME,IR,DR,RI,LE> CR: 44004402
XER: 00000000
[ 813.429647] IRQMASK: 0
[ 813.429647] GPR00: 00000000000000fa 00007fffefa13e10 00007fffa9e17100
0000000000000000
[ 813.429647] GPR04: 0000000000016f31 0000000000000006 0000000000000008
00000000ffffffff
[ 813.429647] GPR08: 0000000000000000 0000000000000000 0000000000000000
0000000000000000
[ 813.429647] GPR12: 0000000000000000 00007fffa9f2b040 0000000000000000
0000000000000000
[ 813.429647] GPR16: 0000000000000000 0000000000000000 0000000000000000
0000000010030de4
[ 813.429647] GPR20: 00000000100158c8 0000000000000000 0000000000000000
0000000010003d60
[ 813.429647] GPR24: 0000000000000001 0000000010012c60 00000000100137c8
0000000000000006
[ 813.429647] GPR28: 0000000000000005 ffffffffffffffff 00007fffa9f23840
0000000000016f31
[ 813.429776] NIP [00007fffa9c7667c] 0x7fffa9c7667c
[ 813.429789] LR [0000000000000000] 0x0
[ 813.429799] --- interrupt: 3000
[ 813.429808] Instruction dump:
[ 813.429816] 4bfe8345 60000000 e8010040 38210030 ebe1fff8 7c0803a6 4e800020
7c0802a6
[ 813.429839] 60000000 60000000 e92329c0 38600000 <e9290108> 7929e844 79291f43
4d820020
[ 813.429863] ---[ end trace 8a41ad95f224ad91 ]---
[ 813.431701]
[ 813.431723] BUG: sleeping function called from invalid context at
kernel/locking/mutex.c:573
[ 813.431733] in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 94001,
name: fsstress
[ 813.431744] INFO: lockdep is turned off.
[ 813.431750] irq event stamp: 1270330
[ 813.431756] hardirqs last enabled at (1270329): [<c000000000589680>]
___slab_alloc+0xc40/0xf60
[ 813.431769] hardirqs last disabled at (1270330): [<c00000000009a4cc>]
interrupt_enter_prepare.constprop.0+0x10c/0x200
[ 813.431784] softirqs last enabled at (1269500): [<c008000001dc61dc>]
__rhashtable_insert_fast.constprop.0+0x3d4/0x7c0 [xfs]
[ 813.431932] softirqs last disabled at (1269498): [<c008000001dc5ef8>]
__rhashtable_insert_fast.constprop.0+0xf0/0x7c0 [xfs]
[ 813.432045] CPU: 3 PID: 94001 Comm: fsstress Kdump: loaded Tainted: G D
W 5.15.0 #1
[ 813.432056] Call Trace:
[ 813.432060] [c000000064ba6f20] [c00000000093e5d8] dump_stack_lvl+0xac/0x108
(unreliable)
[ 813.432075] [c000000064ba6f60] [c0000000001b991c] ___might_sleep+0x2dc/0x300
[ 813.432087] [c000000064ba6ff0] [c00000000107703c] __mutex_lock+0x6c/0x9e0
[ 813.432098] [c000000064ba7100] [c00000000069f678]
io_uring_del_tctx_node+0x78/0x170
[ 813.432111] [c000000064ba7140] [c0000000006b4c28]
io_uring_cancel_generic+0x248/0x3e0
[ 813.432122] [c000000064ba7200] [c00000000016ff70] do_exit+0xf0/0x700
[ 813.432135] [c000000064ba7290] [c00000000002b060] oops_end+0x1d0/0x200
[ 813.432148] [c000000064ba7310] [c000000000092ac4]
__bad_page_fault+0x174/0x190
[ 813.432177] [c000000064ba7380] [c00000000009c508]
__do_hash_fault+0x148/0x1f0
[ 813.432196] [c000000064ba73b0] [c00000000009c5d8] do_hash_fault+0x28/0x60
[ 813.432211] [c000000064ba73d0] [c00000000000891c]
data_access_common_virt+0x19c/0x1f0
[ 813.432226] --- interrupt: 300 at tm_cgpr_active+0x14/0x40
[ 813.432234] NIP: c0000000000372e4 LR: c0000000006d9e48 CTR:
c0000000000372d0
[ 813.432244] REGS: c000000064ba7440 TRAP: 0300 Tainted: G D W
(5.15.0)
[ 813.432253] MSR: 800000010280b033 <SF,VEC,VSX,EE,FP,ME,IR,DR,RI,LE,TM[E]>
CR: 88004280 XER: 00000000
[ 813.432286] CFAR: c00000000000cb1c DAR: 0000000000000108 DSISR: 40000000
IRQMASK: 0
[ 813.432286] GPR00: c0000000006d9e48 c000000064ba76e0 c000000002cdc400
0000000000000000
[ 813.432286] GPR04: c000000002c3ac50 0000000000000000 0000000000000000
c00000004d174000
[ 813.432286] GPR08: c0000000013d21d8 0000000000000000 0000000000000012
0000000000000000
[ 813.432286] GPR12: c0000000000372d0 c000000007fccb00 0000000000000000
0000000000000005
[ 813.432286] GPR16: 0000000000000000 c0000000d19fa900 c000000001365bb0
c000000003fc26b4
[ 813.432286] GPR20: c0000000d19fb338 0000000000040100 0000000000000001
0000000000000001
[ 813.432286] GPR24: c00000000135d2e0 00000000ffffffff c000000064ba7968
c000000001091ef8
[ 813.432286] GPR28: 0000000000000108 0000000000000004 c0000000cc456400
c000000002c3ac50
[ 813.432402] NIP [c0000000000372e4] tm_cgpr_active+0x14/0x40
[ 813.432412] LR [c0000000006d9e48] fill_thread_core_info+0x158/0x250
[ 813.432424] --- interrupt: 300
[ 813.432429] [c000000064ba76e0] [c0000000006d9eb8]
fill_thread_core_info+0x1c8/0x250 (unreliable)
[ 813.432443] [c000000064ba7760] [c0000000006dac70]
fill_note_info.constprop.0+0x240/0x420
[ 813.432455] [c000000064ba77d0] [c0000000006daf3c] elf_core_dump+0xec/0x5e0
[ 813.432467] [c000000064ba79e0] [c0000000006e1edc] do_coredump+0x32c/0xc10
[ 813.432479] [c000000064ba7bb0] [c000000000187adc] get_signal+0x52c/0x910
[ 813.432492] [c000000064ba7ca0] [c000000000021b9c] do_signal+0x7c/0x330
[ 813.432518] [c000000064ba7d40] [c000000000022e00]
do_notify_resume+0xb0/0x140
[ 813.432537] [c000000064ba7d70] [c000000000031330]
interrupt_exit_user_prepare_main+0x220/0x280
[ 813.432556] [c000000064ba7de0] [c000000000031804]
syscall_exit_prepare+0xe4/0x1e0
[ 813.432571] [c000000064ba7e10] [c00000000000c174]
system_call_vectored_common+0xf4/0x278
[ 813.432585] --- interrupt: 3000 at 0x7fffa9c7667c
[ 813.432595] NIP: 00007fffa9c7667c LR: 0000000000000000 CTR:
0000000000000000
[ 813.432605] REGS: c000000064ba7e80 TRAP: 3000 Tainted: G D W
(5.15.0)
[ 813.432615] MSR: 800000000000d033 <SF,EE,PR,ME,IR,DR,RI,LE> CR: 44004402
XER: 00000000
[ 813.432641] IRQMASK: 0
[ 813.432641] GPR00: 00000000000000fa 00007fffefa13e10 00007fffa9e17100
0000000000000000
[ 813.432641] GPR04: 0000000000016f31 0000000000000006 0000000000000008
00000000ffffffff
[ 813.432641] GPR08: 0000000000000000 0000000000000000 0000000000000000
0000000000000000
[ 813.432641] GPR12: 0000000000000000 00007fffa9f2b040 0000000000000000
0000000000000000
[ 813.432641] GPR16: 0000000000000000 0000000000000000 0000000000000000
0000000010030de4
[ 813.432641] GPR20: 00000000100158c8 0000000000000000 0000000000000000
0000000010003d60
[ 813.432641] GPR24: 0000000000000001 0000000010012c60 00000000100137c8
0000000000000006
[ 813.432641] GPR28: 0000000000000005 ffffffffffffffff 00007fffa9f23840
0000000000016f31
[ 813.432761] NIP [00007fffa9c7667c] 0x7fffa9c7667c
[ 813.432770] LR [0000000000000000] 0x0
[ 813.432777] --- interrupt: 3000
[ 860.223013] restraintd[1327]: *** Current Time: Mon Nov 01 12:42:42 2021
Localwatchdog at: Wed Nov 03 12:31:42 2021
I reproduced this bug on linux HEAD=8bb7eca972ad. The steps to reproduce this
bug is:
1) git clone git://git.kernel.org/pub/scm/fs/xfs/xfstests-dev.git
2) build xfstests
3) run generic/051 on ppc64le on xfs.
--
You may reply to this email to add a comment.
You are receiving this mail because:
You are watching the assignee of the bug.
next reply other threads:[~2021-11-02 9:28 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-02 9:27 bugzilla-daemon [this message]
2021-11-02 9:29 ` [Bug 214913] [xfstests generic/051] BUG: Kernel NULL pointer dereference on read at 0x00000108 NIP [c0000000000372e4] tm_cgpr_active+0x14/0x40 bugzilla-daemon
2021-11-04 5:45 ` bugzilla-daemon
2021-11-04 8:15 ` bugzilla-daemon
2021-11-05 11:53 ` bugzilla-daemon
2021-12-09 11:43 ` bugzilla-daemon
2022-12-11 13:13 ` bugzilla-daemon
2022-12-11 13:19 ` bugzilla-daemon
2022-12-12 3:52 ` Nicholas Piggin
2022-12-12 7:30 ` Christophe Leroy
2022-12-12 3:52 ` bugzilla-daemon
2022-12-12 5:57 ` bugzilla-daemon
2022-12-12 7:19 ` Nicholas Piggin
2022-12-12 7:19 ` bugzilla-daemon
2022-12-12 7:30 ` bugzilla-daemon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-214913-206035@https.bugzilla.kernel.org/ \
--to=bugzilla-daemon@bugzilla.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.