https://bugzilla.kernel.org/show_bug.cgi?id=214913
Bug ID: 214913 Summary: [xfstests generic/051] BUG: Kernel NULL pointer dereference on read at 0x00000108 NIP [c0000000000372e4] tm_cgpr_active+0x14/0x40 Product: Platform Specific/Hardware Version: 2.5 Kernel Version: mainline linux v5.15 Hardware: All OS: Linux Tree: Mainline Status: NEW Severity: normal Priority: P1 Component: PPC-64 Assignee: platform_ppc...@kernel-bugs.osdl.org Reporter: zl...@redhat.com Regression: No xfstests generic/051 and some similar test cases always hit a kernel panic on XFS. >From the call trace, it doesn't look like a xfs bug. As I only reproduce it on ppc64le, so I report this bug to PPC64 at first. [ 740.492561] run fstests generic/051 at 2021-11-01 12:40:42 [ 742.806962] XFS (sda3): Mounting V5 Filesystem [ 742.925825] XFS (sda3): Ending clean mount [ 742.955028] XFS (sda3): User initiated shutdown received. [ 742.955201] XFS (sda3): Metadata I/O Error (0x4) detected at xfs_fs_goingdown+0x68/0x160 [xfs] (fs/xfs/xfs_fsops.c:497). Shutting down filesystem. [ 742.955370] XFS (sda3): Please unmount the filesystem and rectify the problem(s) [ 742.973098] XFS (sda3): Unmounting Filesystem [ 744.352066] XFS (sda3): Mounting V5 Filesystem [ 744.425758] XFS (sda3): Ending clean mount [ 775.192100] XFS (sda3): Unmounting Filesystem [ 776.116445] XFS (sda3): Mounting V5 Filesystem [ 777.331381] XFS (sda3): Ending clean mount [ 800.111560] restraintd[1327]: *** Current Time: Mon Nov 01 12:41:42 2021 Localwatchdog at: Wed Nov 03 12:31:42 2021 [ 813.403287] XFS (sda3): User initiated shutdown received. [ 813.403380] XFS (sda3): Log I/O Error (0x6) detected at xfs_fs_goingdown+0xf8/0x160 [xfs] (fs/xfs/xfs_fsops.c:500). Shutting down filesystem. [ 813.403514] XFS (sda3): Please unmount the filesystem and rectify the problem(s) [ 813.418455] sda3: writeback error on inode 60042, offset 63640576, sector 2306320 [ 813.418484] sda3: writeback error on inode 81161, offset 13091840, sector 2306496 [ 813.428831] sda3: writeback error on inode 16878782, offset 30536704, sector 18080754 [ 813.429026] Kernel attempted to read user page (108) - exploit attempt? (uid: 0) [ 813.429068] BUG: Kernel NULL pointer dereference on read at 0x00000108 [ 813.429085] Faulting instruction address: 0xc0000000000372e4 [ 813.429102] Oops: Kernel access of bad area, sig: 11 [#1] [ 813.429117] LE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=2048 NUMA pSeries [ 813.429133] Modules linked in: bonding rfkill tls sunrpc pseries_rng drm fuse drm_panel_orientation_quirks xfs libcrc32c sd_mod t10_pi sg ibmvscsi ibmveth scsi_transport_srp vmx_crypto [ 813.429202] CPU: 3 PID: 94001 Comm: fsstress Kdump: loaded Tainted: G W 5.15.0 #1 [ 813.429216] NIP: c0000000000372e4 LR: c0000000006d9e48 CTR: c0000000000372d0 [ 813.429227] REGS: c000000064ba7440 TRAP: 0300 Tainted: G W (5.15.0) [ 813.429238] MSR: 800000010280b033 <SF,VEC,VSX,EE,FP,ME,IR,DR,RI,LE,TM[E]> CR: 88004280 XER: 00000000 [ 813.429272] CFAR: c00000000000cb1c DAR: 0000000000000108 DSISR: 40000000 IRQMASK: 0 [ 813.429272] GPR00: c0000000006d9e48 c000000064ba76e0 c000000002cdc400 0000000000000000 [ 813.429272] GPR04: c000000002c3ac50 0000000000000000 0000000000000000 c00000004d174000 [ 813.429272] GPR08: c0000000013d21d8 0000000000000000 0000000000000012 0000000000000000 [ 813.429272] GPR12: c0000000000372d0 c000000007fccb00 0000000000000000 0000000000000005 [ 813.429272] GPR16: 0000000000000000 c0000000d19fa900 c000000001365bb0 c000000003fc26b4 [ 813.429272] GPR20: c0000000d19fb338 0000000000040100 0000000000000001 0000000000000001 [ 813.429272] GPR24: c00000000135d2e0 00000000ffffffff c000000064ba7968 c000000001091ef8 [ 813.429272] GPR28: 0000000000000108 0000000000000004 c0000000cc456400 c000000002c3ac50 [ 813.429396] NIP [c0000000000372e4] tm_cgpr_active+0x14/0x40 [ 813.429420] LR [c0000000006d9e48] fill_thread_core_info+0x158/0x250 [ 813.429435] Call Trace: [ 813.429443] [c000000064ba76e0] [c0000000006d9eb8] fill_thread_core_info+0x1c8/0x250 (unreliable) [ 813.429465] [c000000064ba7760] [c0000000006dac70] fill_note_info.constprop.0+0x240/0x420 [ 813.429480] [c000000064ba77d0] [c0000000006daf3c] elf_core_dump+0xec/0x5e0 [ 813.429494] [c000000064ba79e0] [c0000000006e1edc] do_coredump+0x32c/0xc10 [ 813.429507] [c000000064ba7bb0] [c000000000187adc] get_signal+0x52c/0x910 [ 813.429519] [c000000064ba7ca0] [c000000000021b9c] do_signal+0x7c/0x330 [ 813.429533] [c000000064ba7d40] [c000000000022e00] do_notify_resume+0xb0/0x140 [ 813.429548] [c000000064ba7d70] [c000000000031330] interrupt_exit_user_prepare_main+0x220/0x280 [ 813.429562] [c000000064ba7de0] [c000000000031804] syscall_exit_prepare+0xe4/0x1e0 [ 813.429575] [c000000064ba7e10] [c00000000000c174] system_call_vectored_common+0xf4/0x278 [ 813.429589] --- interrupt: 3000 at 0x7fffa9c7667c [ 813.429600] NIP: 00007fffa9c7667c LR: 0000000000000000 CTR: 0000000000000000 [ 813.429610] REGS: c000000064ba7e80 TRAP: 3000 Tainted: G W (5.15.0) [ 813.429621] MSR: 800000000000d033 <SF,EE,PR,ME,IR,DR,RI,LE> CR: 44004402 XER: 00000000 [ 813.429647] IRQMASK: 0 [ 813.429647] GPR00: 00000000000000fa 00007fffefa13e10 00007fffa9e17100 0000000000000000 [ 813.429647] GPR04: 0000000000016f31 0000000000000006 0000000000000008 00000000ffffffff [ 813.429647] GPR08: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 [ 813.429647] GPR12: 0000000000000000 00007fffa9f2b040 0000000000000000 0000000000000000 [ 813.429647] GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000010030de4 [ 813.429647] GPR20: 00000000100158c8 0000000000000000 0000000000000000 0000000010003d60 [ 813.429647] GPR24: 0000000000000001 0000000010012c60 00000000100137c8 0000000000000006 [ 813.429647] GPR28: 0000000000000005 ffffffffffffffff 00007fffa9f23840 0000000000016f31 [ 813.429776] NIP [00007fffa9c7667c] 0x7fffa9c7667c [ 813.429789] LR [0000000000000000] 0x0 [ 813.429799] --- interrupt: 3000 [ 813.429808] Instruction dump: [ 813.429816] 4bfe8345 60000000 e8010040 38210030 ebe1fff8 7c0803a6 4e800020 7c0802a6 [ 813.429839] 60000000 60000000 e92329c0 38600000 <e9290108> 7929e844 79291f43 4d820020 [ 813.429863] ---[ end trace 8a41ad95f224ad91 ]--- [ 813.431701] [ 813.431723] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:573 [ 813.431733] in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 94001, name: fsstress [ 813.431744] INFO: lockdep is turned off. [ 813.431750] irq event stamp: 1270330 [ 813.431756] hardirqs last enabled at (1270329): [<c000000000589680>] ___slab_alloc+0xc40/0xf60 [ 813.431769] hardirqs last disabled at (1270330): [<c00000000009a4cc>] interrupt_enter_prepare.constprop.0+0x10c/0x200 [ 813.431784] softirqs last enabled at (1269500): [<c008000001dc61dc>] __rhashtable_insert_fast.constprop.0+0x3d4/0x7c0 [xfs] [ 813.431932] softirqs last disabled at (1269498): [<c008000001dc5ef8>] __rhashtable_insert_fast.constprop.0+0xf0/0x7c0 [xfs] [ 813.432045] CPU: 3 PID: 94001 Comm: fsstress Kdump: loaded Tainted: G D W 5.15.0 #1 [ 813.432056] Call Trace: [ 813.432060] [c000000064ba6f20] [c00000000093e5d8] dump_stack_lvl+0xac/0x108 (unreliable) [ 813.432075] [c000000064ba6f60] [c0000000001b991c] ___might_sleep+0x2dc/0x300 [ 813.432087] [c000000064ba6ff0] [c00000000107703c] __mutex_lock+0x6c/0x9e0 [ 813.432098] [c000000064ba7100] [c00000000069f678] io_uring_del_tctx_node+0x78/0x170 [ 813.432111] [c000000064ba7140] [c0000000006b4c28] io_uring_cancel_generic+0x248/0x3e0 [ 813.432122] [c000000064ba7200] [c00000000016ff70] do_exit+0xf0/0x700 [ 813.432135] [c000000064ba7290] [c00000000002b060] oops_end+0x1d0/0x200 [ 813.432148] [c000000064ba7310] [c000000000092ac4] __bad_page_fault+0x174/0x190 [ 813.432177] [c000000064ba7380] [c00000000009c508] __do_hash_fault+0x148/0x1f0 [ 813.432196] [c000000064ba73b0] [c00000000009c5d8] do_hash_fault+0x28/0x60 [ 813.432211] [c000000064ba73d0] [c00000000000891c] data_access_common_virt+0x19c/0x1f0 [ 813.432226] --- interrupt: 300 at tm_cgpr_active+0x14/0x40 [ 813.432234] NIP: c0000000000372e4 LR: c0000000006d9e48 CTR: c0000000000372d0 [ 813.432244] REGS: c000000064ba7440 TRAP: 0300 Tainted: G D W (5.15.0) [ 813.432253] MSR: 800000010280b033 <SF,VEC,VSX,EE,FP,ME,IR,DR,RI,LE,TM[E]> CR: 88004280 XER: 00000000 [ 813.432286] CFAR: c00000000000cb1c DAR: 0000000000000108 DSISR: 40000000 IRQMASK: 0 [ 813.432286] GPR00: c0000000006d9e48 c000000064ba76e0 c000000002cdc400 0000000000000000 [ 813.432286] GPR04: c000000002c3ac50 0000000000000000 0000000000000000 c00000004d174000 [ 813.432286] GPR08: c0000000013d21d8 0000000000000000 0000000000000012 0000000000000000 [ 813.432286] GPR12: c0000000000372d0 c000000007fccb00 0000000000000000 0000000000000005 [ 813.432286] GPR16: 0000000000000000 c0000000d19fa900 c000000001365bb0 c000000003fc26b4 [ 813.432286] GPR20: c0000000d19fb338 0000000000040100 0000000000000001 0000000000000001 [ 813.432286] GPR24: c00000000135d2e0 00000000ffffffff c000000064ba7968 c000000001091ef8 [ 813.432286] GPR28: 0000000000000108 0000000000000004 c0000000cc456400 c000000002c3ac50 [ 813.432402] NIP [c0000000000372e4] tm_cgpr_active+0x14/0x40 [ 813.432412] LR [c0000000006d9e48] fill_thread_core_info+0x158/0x250 [ 813.432424] --- interrupt: 300 [ 813.432429] [c000000064ba76e0] [c0000000006d9eb8] fill_thread_core_info+0x1c8/0x250 (unreliable) [ 813.432443] [c000000064ba7760] [c0000000006dac70] fill_note_info.constprop.0+0x240/0x420 [ 813.432455] [c000000064ba77d0] [c0000000006daf3c] elf_core_dump+0xec/0x5e0 [ 813.432467] [c000000064ba79e0] [c0000000006e1edc] do_coredump+0x32c/0xc10 [ 813.432479] [c000000064ba7bb0] [c000000000187adc] get_signal+0x52c/0x910 [ 813.432492] [c000000064ba7ca0] [c000000000021b9c] do_signal+0x7c/0x330 [ 813.432518] [c000000064ba7d40] [c000000000022e00] do_notify_resume+0xb0/0x140 [ 813.432537] [c000000064ba7d70] [c000000000031330] interrupt_exit_user_prepare_main+0x220/0x280 [ 813.432556] [c000000064ba7de0] [c000000000031804] syscall_exit_prepare+0xe4/0x1e0 [ 813.432571] [c000000064ba7e10] [c00000000000c174] system_call_vectored_common+0xf4/0x278 [ 813.432585] --- interrupt: 3000 at 0x7fffa9c7667c [ 813.432595] NIP: 00007fffa9c7667c LR: 0000000000000000 CTR: 0000000000000000 [ 813.432605] REGS: c000000064ba7e80 TRAP: 3000 Tainted: G D W (5.15.0) [ 813.432615] MSR: 800000000000d033 <SF,EE,PR,ME,IR,DR,RI,LE> CR: 44004402 XER: 00000000 [ 813.432641] IRQMASK: 0 [ 813.432641] GPR00: 00000000000000fa 00007fffefa13e10 00007fffa9e17100 0000000000000000 [ 813.432641] GPR04: 0000000000016f31 0000000000000006 0000000000000008 00000000ffffffff [ 813.432641] GPR08: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 [ 813.432641] GPR12: 0000000000000000 00007fffa9f2b040 0000000000000000 0000000000000000 [ 813.432641] GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000010030de4 [ 813.432641] GPR20: 00000000100158c8 0000000000000000 0000000000000000 0000000010003d60 [ 813.432641] GPR24: 0000000000000001 0000000010012c60 00000000100137c8 0000000000000006 [ 813.432641] GPR28: 0000000000000005 ffffffffffffffff 00007fffa9f23840 0000000000016f31 [ 813.432761] NIP [00007fffa9c7667c] 0x7fffa9c7667c [ 813.432770] LR [0000000000000000] 0x0 [ 813.432777] --- interrupt: 3000 [ 860.223013] restraintd[1327]: *** Current Time: Mon Nov 01 12:42:42 2021 Localwatchdog at: Wed Nov 03 12:31:42 2021 I reproduced this bug on linux HEAD=8bb7eca972ad. The steps to reproduce this bug is: 1) git clone git://git.kernel.org/pub/scm/fs/xfs/xfstests-dev.git 2) build xfstests 3) run generic/051 on ppc64le on xfs. -- You may reply to this email to add a comment. You are receiving this mail because: You are watching the assignee of the bug.