This patch fixes a segfault seen when attaching to a process on Solaris.
The steps leading to the segfault are:
http://www.compilatori.com/tech/xiaomi/
- procfs_target::attach calls do_attach, at this point the inferior's
process slot in the target stack is empty.
- do_attach adds a thread with `add
http://www.acpirateradio.co.uk/tech/forest-fires/ _thread (&the_procfs_target,
ptid)`
- in add_thread_silent, the passed target (&the_procfs_target) is
passed to find_inferior_ptid
http://www.logoarts.co.uk/tech/drone-cameras/
- find_inferior_ptid returns nullptr, as there is no inferior with this
ptid that has &the_procfs_target as its process target
http://www.slipstone.co.uk/tech/express-van/
- the nullptr `inf` is passed to find_thread_ptid, which dereferences
it, causing a segfault
- back in procfs_target::attach, after do_attach, we push the
http://embermanchester.uk/technology/telegram/
the_procfs_target on the inferior's target stack, although we never
reach this because the segfault happens before.
http://connstr.net/tech/mars-surface/
To fix this, I think we need to do the same as is done in
inf_ptrace_target::attach: push the target early and unpush it in case
the attach fails (and keep it if the attach succeeds).
http://joerg.li/tech/cars-comparison/
Implement it by moving target_unpush_up to target.h, so it can be
re-used here. Make procfs_target::attach use it. Note that just like
is mentioned http://www.jopspeech.com/tech/xiaomi-headset/ in
inf_ptrace_target::attach, we should push the target
before calling target_pid_to_str, so that calling target_pid_to_str ends
up in procfs_target::pid_to_str.
http://www.wearelondonmade.com/tech/driving-assistant/
Tested by trying to attach on a process on gcc211 on the gcc compile
farm.
https://waytowhatsnext.com/health/vaccination-rates/
gdb/ChangeLog:
This patch fixes a segfault seen when attaching to a process on Solaris.
The steps leading to the segfault are:
http://www.iu-bloomington.com/health/amoled-display/
- procfs_target::attach calls do_attach, at this point the inferior's
process slot in the target stack is empty.
https://komiya-dental.com/health/telegram-account/
- do_attach adds a thread with `add_thread (&the_procfs_target, ptid)`
- in add_thread_silent, the passed target (&the_procfs_target) is
passed to find_inferior_ptid http://www-look-4.com/services/usb-type-a/
- find_inferior_ptid returns nullptr, as there is no inferior with this
ptid that has &the_procfs_target as its process target
- the nullptr `inf` is passed to find_thread_ptid, which dereferences
it, causing a segfault
https://www.webb-dev.co.uk/property/house-sales-in-2020/
- back in procfs_target::attach, after do_attach, we push the
the_procfs_target on the inferior's target stack, although we never
reach this because the segfault happens before.
To fix this, I think we need to do the same as is done in
inf_ptrace_target::attach: push the target early and unpush it in case
the attach fails (and keep it if the attach succeeds).
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1876011
Title:
Kernel Panic when dasd-fba device is selected for install
Status in curtin:
Fix Released
Status in subiquity:
Fix Released
Status in Ubuntu on IBM z Systems:
Fix Released
Status in linux package in Ubuntu:
Fix Released
Bug description:
Stating a zVM install (either subiquity or d-i) and selecting dasd-fba
devices leads to a kernel panic.
Details from the installer shell before the panic:
root@ubuntu-server:/# uname -a
Linux ubuntu-server 5.4.0-26-generic #30-Ubuntu SMP Mon Apr 20 16:57:22 UTC
2020 s390x s390x s390x GNU/Linux
root@ubuntu-server:/# cat /proc/cmdline
ip=10.245.208.13::10.245.208.1:255.255.255.0:s5lp1-gen03:enc600:none:10.245.208.1
url=ftp://10.13.0.2:21/ubuntu-live-server-20.04/focal-live-server-s390x.iso
http_proxy=http://91.189.89.11:3128 --- quiet
root@ubuntu-server:/#
root@ubuntu-server:/# lsmod
Module Size Used by
dm_multipath 40960 0
scsi_dh_rdac 20480 0
scsi_dh_emc 16384 0
scsi_dh_alua 24576 0
vmur 20480 0
vfio_ccw 36864 0
vfio_mdev 16384 0
mdev 28672 2 vfio_ccw,vfio_mdev
vfio_iommu_type1 32768 0
vfio 36864 3 vfio_ccw,vfio_mdev,vfio_iommu_type1
sch_fq_codel 20480 1
drm 499712 0
drm_panel_orientation_quirks 16384 1 drm
i2c_core 77824 1 drm
ip_tables 32768 0
x_tables 45056 1 ip_tables
overlay 135168 1
nls_utf8 16384 1
isofs 49152 1
qeth_l2 45056 1
lcs 53248 0
zfcp 126976 0
scsi_transport_fc 69632 1 zfcp
raid10 65536 0
raid456 180224 0
async_raid6_recov 20480 1 raid456
async_memcpy 20480 1 raid456
async_pq 20480 1 raid456
async_xor 20480 2 async_pq,raid456
async_tx 20480 5
async_pq,async_memcpy,async_xor,raid456,async_raid6_recov
xor 16384 1 async_xor
raid6_pq 102400 3 async_pq,raid456,async_raid6_recov
libcrc32c 16384 1 raid456
raid1 53248 0
raid0 28672 0
linear 20480 0
pkey 32768 0
crc32_vx_s390 16384 1
ghash_s390 16384 0
prng 20480 4
aes_s390 28672 0
des_s390 20480 0
libdes 28672 1 des_s390
sha512_s390 16384 0
sha256_s390 16384 0
sha1_s390 16384 0
sha_common 16384 3 sha512_s390,sha256_s390,sha1_s390
qeth 135168 1 qeth_l2
dasd_fba_mod 24576 0
dasd_eckd_mod 131072 0
qdio 61440 3 qeth,zfcp,qeth_l2
ccwgroup 20480 3 qeth,lcs,qeth_l2
dasd_mod 143360 2 dasd_eckd_mod,dasd_fba_mod
zcrypt_cex4 20480 0
zcrypt 106496 2 pkey,zcrypt_cex4
root@ubuntu-server:/# dmesg | tail
[ 34.458754] audit: type=1400 audit(1588204779.286:14): apparmor="STATUS"
operation="profile_load" profile="unconfined"
name="snap.subiquity.subiquity-service" pid=1789 comm="apparmor_parser"
[ 190.647685] ctcm.151d85: CTCM driver initialized
[ 190.663097] dasd-fba.f36f2f: 0.0.0101: New FBA DASD 9336/10 (CU 6310/80)
with 16383 MB and 512 B/blk
[ 190.664748] dasda: dasda1
[ 193.364797] dasd-fba.f36f2f: 0.0.0102: New FBA DASD 9336/10 (CU 6310/80)
with 16383 MB and 512 B/blk
[ 193.366573] dasdb:(nonl) dasdb1
[ 195.743686] dasd-fba.f36f2f: 0.0.0103: New FBA DASD 9336/10 (CU 6310/80)
with 16383 MB and 512 B/blk
[ 195.745327] dasdc:(nonl) dasdc1
[ 198.408631] dasd-fba.f36f2f: 0.0.0104: New FBA DASD 9336/10 (CU 6310/80)
with 16384 MB and 512 B/blk
[ 198.411231] dasdd:(nonl) dasdd1
Dropped to shell after partition confirmation to run tail on syslog
root@ubuntu-server:/# tail -f /var/log/syslog
Apr 30 00:10:08 ubuntu-server curtin_log.2234[2946]: Shutdown Plan:
Apr 30 00:10:08 ubuntu-server curtin_log.2234[2946]: {'level': 6, 'device':
'/sys/class/block/dm-0', 'dev_type': 'lvm'}
Apr 30 00:10:08 ubuntu-server curtin_log.2234[2946]: {'level': 4, 'device':
'/sys/class/block/dasda/dasda1', 'dev_type': 'partition'}
Apr 30 00:10:08 ubuntu-server curtin_log.2234[2946]: {'level': 2, 'device':
'/sys/class/block/dasda', 'dev_type': 'disk'}
Apr 30 00:10:08 ubuntu-server curtin_log.2234[2946]: shutdown running on
holder type: 'lvm' syspath: '/sys/class/block/dm-0'
Apr 30 00:10:08 ubuntu-server curtin_log.2234[2946]: Running command
['dmsetup', 'splitname', 's5lp1--gen03--vg-s5lp3--gen3--lv', '-c',
'--noheadings', '--separator', '=', '-o', 'vg_name,lv_name'] with allowed
return codes [0] (capture=True)
Apr 30 00:10:08 ubuntu-server curtin_log.2234[2946]: Wiping lvm logical
volume: /dev/s5lp1-gen03-vg/s5lp3-gen3-lv
Apr 30 00:10:08 ubuntu-server curtin_log.2234[2946]: wiping 1M on
/dev/s5lp1-gen03-vg/s5lp3-gen3-lv at offsets [0, -1048576]
Apr 30 00:10:08 ubuntu-server curtin_log.2234[2946]: using "lvremove" on
s5lp1-gen03-vg/s5lp3-gen3-lv
Apr 30 00:10:08 ubuntu-server curtin_log.2234[2946]: Running command
['lvremove', '--force', '--force', 's5lp1-gen03-vg/s5lp3-gen3-lv'] with allowed
return codes [0] (capture=False)
x3270 console output:
ubuntu-server login: Ý 145.304094¨ addressing exception: 0005 ilc:3 Ý#1¨ SMP
Ý 145.304101¨ Modules linked in: zfs(PO) zunicode(PO) zavl(PO) icp(PO)
zlua(PO)
zcommon(PO) znvpair(PO) spl(O) zlib_deflate bcache crc64 ctcm fsm
dm_multipath
scsi_dh_rdac scsi_dh_emc scsi_dh_alua vmur vfio_ccw vfio_mdev mdev
vfio_iommu_ty
pe1 vfio sch_fq_codel drm drm_panel_orientation_quirks i2c_core ip_tables
x_tabl
es overlay nls_utf8 isofs qeth_l2 lcs zfcp scsi_transport_fc raid10 raid456
asyn
c_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c
ra
id1 raid0 linear pkey crc32_vx_s390 ghash_s390 prng aes_s390 des_s390 libdes
sha
512_s390 qeth qdio ccwgroup sha256_s390 sha1_s390 sha_common zcrypt_cex4
dasd_ec
kd_mod dasd_fba_mod dasd_mod zcrypt
Ý 145.304140¨ CPU: 1 PID: 0 Comm: swapper/1 Tainted: P O
5.4.0-2
6-generic #30-Ubuntu
Ý 145.304145¨ Hardware name: IBM 2964 N63 400 (z/VM 6.4.0)
Ý 145.304150¨ Krnl PSW : 0404e00180000000 000003ff800e38a2
(dasd_fba_dump_sense
+0x282/0x4f0 Ýdasd_fba_mod¨)
Ý 145.304159¨ R:0 T:1 IO:0 EX:0 Key:0 M:1 W:0 P:0 AS:3 CC:2 PM:0
RI:
0 EA:302: HCPGSP2629I The virtual machine is placed in CP mode due to a SIGP
sto
p from
CPU 02.
03: HCPGSP2629I The virtual machine is placed in CP mode due to a SIGP stop
from
CPU 03.
00: HCPGSP2629I The virtual machine is placed in CP mode due to a SIGP stop
from
CPU 00.
00: HCPGSP2629I The virtual machine is placed in CP mode due to a SIGP stop
from
CPU 01.
02: HCPGSP2629I The virtual machine is placed in CP mode due to a SIGP stop
from
CPU 01.
03: HCPGSP2629I The virtual machine is placed in CP mode due to a SIGP stop
from
CPU 01.
Ý 145.304168¨ Krnl GPRS: 0b8e51db0000000f 0000000000000000 00000000e11f518e
000
000007e500000
Ý 145.304170¨ 0000000000000004 00000000af2f6538 0000000000000004
000
00000e11f5000
Ý 145.304171¨ 000000010000018e 00000000032451e8 0000000003245208
000
0000003245208
Ý 145.304173¨ 000000017e169100 00000000e2e267a0 000003ff800e3864
000
003e00029fc58
Ý 145.304181¨ Krnl Code: 000003ff800e3892: eb110002000d sllg
%r1,%r1,
2
Ý 145.304181¨ 000003ff800e3898: a76a0004 ahi %r6,4
Ý 145.304181¨ #000003ff800e389c: e34130000014 lgf
%r4,0(%r
1,%r3)
Ý 145.304181¨ >000003ff800e38a2: a78a0009 ahi %r8,9
Ý 145.304181¨ 000003ff800e38a6: c030000014d2 larl
%r3,0000
03ff800e624a
Ý 145.304181¨ 000003ff800e38ac: c0e5fffffc00 brasl
%r14,000
003ff800e30ac
Ý 145.304181¨ 000003ff800e38b2: ec66ffdc207e cij
%r6,32,6
,000003ff800e386a
Ý 145.304181¨ 000003ff800e38b8: b9140018 lgfr
%r1,%r8
Ý 145.304197¨ Call Trace:
Ý 145.304200¨ (Ý<000003ff800e3864>¨ dasd_fba_dump_sense+0x244/0x4f0
Ýdasd_fba_m
od¨)
Ý 145.304211¨ Ý<000003ff8002d4da>¨ dasd_block_tasklet+0x25a/0x470 Ýdasd_mod¨
Ý 145.304217¨ Ý<00000000aede4ab2>¨ tasklet_action_common.isra.0+0x82/0x160
Ý 145.304223¨ Ý<00000000af63e6c4>¨ __do_softirq+0x104/0x360
Ý 145.304225¨ Ý<00000000aede522e>¨ irq_exit+0x9e/0xc0
Ý 145.304228¨ Ý<00000000aed70b18>¨ do_IRQ+0x78/0xb0
Ý 145.304229¨ Ý<00000000af63d948>¨ io_int_handler+0x124/0x28c
Ý 145.304232¨ Ý<00000000aed675bc>¨ enabled_wait+0x3c/0xd0
Ý 145.304235¨ Last Breaking-Event-Address:
Ý 145.304237¨ Ý<00000000af63e938>¨ __s390_indirect_jump_r14+0x0/0xc
Ý 145.304240¨ Kernel panic - not syncing: Fatal exception in interrupt
01: HCPGIR450W CP entered; disabled wait PSW 00020001 80000000 00000000
AED7349E
To manage notifications about this bug go to:
https://bugs.launchpad.net/curtin/+bug/1876011/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
