BUG: Bad page map in process init pte:c0ab684c pmd:01182000 (on a PowerMac G4 DP)
Erhard Furtner
erhard_f at mailbox.org
Tue Mar 5 12:57:24 AEDT 2024
On Thu, 29 Feb 2024 17:11:28 +0000
Christophe Leroy <christophe.leroy at csgroup.eu> wrote:
> Interesting.
>
> I guess 0xe0000000 is where linear RAM starts to be mapped with pages ?
> Can you confirm with a dump of
> /sys/kernel/debug/powerpc/block_address_translation ?
>
> Do we have a problem of race with hash table ?
What I sometimes get at boot which may be related is this "BUG: KASAN: slab-out-of-bounds in filemap_map_pages":
[...]
BUG: KASAN: slab-out-of-bounds in filemap_map_pages+0x5e8/0x98c
Read of size 4 at addr c43beb88 by task (udev-worker)/595
CPU: 0 PID: 595 Comm: (udev-worker) Not tainted 6.8.0-rc7-PMacG4 #1
Hardware name: PowerMac3,6 7455 0x80010303 PowerMac
Call Trace:
ohci-pci 0001:00:12.0: OHCI PCI host controller
[f40abc10] [c1675c5c] dump_stack_lvl+0x60/0x80 (unreliable)
[f40abc30] [c04c4fd4] print_report+0xd4/0x4fc
[f40abc80] [c04c5680] kasan_report+0xfc/0x10c
[f40abd00] [c03bd348] filemap_map_pages+0x5e8/0x98c
[f40abde0] [c0447380] handle_mm_fault+0x14fc/0x1988
[f40abec0] [c00462b0] ___do_page_fault+0x918/0xbf0
[f40abf10] [c004697c] do_page_fault+0x28/0x50
[f40abf30] [c000433c] DataAccess_virt+0x124/0x17c
ohci-pci 0001:00:12.0: new USB bus registered, assigned bus number 3
--- interrupt: 300 at 0x8a5d50
NIP: 008a5d50 LR: 008a5cd4 CTR: 00486290
REGS: f40abf40 TRAP: 0300 Not tainted (6.8.0-rc7-PMacG4)
MSR: 0000d032 <EE,PR,ME,IR,DR,RI> CR: 24004280 XER: 00000000
ohci-pci 0001:00:12.0: irq 52, io mem 0x8008c000
DAR: a6ed7038 DSISR: 40000000
GPR00: 008a6a1c afe0f3a0 a7adf6e0 013d9620 013aefd0 00000000 00000000 00000000
GPR08: 00000000 a6ed7038 00000000 afe0fbf0 44004280 009afaf4 afe0fc9c afe0fcb4
GPR16: afe0fcb0 afe0fca8 afe0fcb8 00000000 afe0fcac a6ed7000 0000005b 0000003f
GPR24: 0000002a afe0f3b4 013aefd0 00000000 013d9620 013d9620 009b311c afe0f3a0
NIP [008a5d50] 0x8a5d50
LR [008a5cd4] 0x8a5cd4
--- interrupt: 300
Allocated by task 1 on cpu 1 at 4.791311s:
kasan_save_stack+0x38/0x54
kasan_save_track+0x20/0x3c
__kasan_slab_alloc+0x60/0x6c
kmem_cache_alloc+0x19c/0x264
__kernfs_new_node+0xfc/0x54c
kernfs_new_node+0x138/0x180
usb usb3: New USB device found, idVendor=1d6b, idProduct=0001, bcdDevice= 6.08
__kernfs_create_file+0x44/0x2c8
sysfs_add_file_mode_ns+0x284/0x304
internal_create_group+0x7dc/0xa54
sysfs_slab_add+0xb0/0x240
usb usb3: New USB device strings: Mfr=3, Product=2, SerialNumber=1
__kmem_cache_create+0xf0/0x2cc
kmem_cache_create_usercopy+0x150/0x21c
usb usb3: Product: OHCI PCI host controller
bioset_init+0x4fc/0x808
btrfs_init_compress+0x38/0x25c
init_btrfs_fs+0xa8/0x288
do_one_initcall+0x144/0x434
usb usb3: Manufacturer: Linux 6.8.0-rc7-PMacG4 ohci_hcd
kernel_init_freeable+0x7d4/0x7f4
usb usb3: SerialNumber: 0001:00:12.0
kernel_init+0x28/0x148
ret_from_kernel_user_thread+0x10/0x18
The buggy address belongs to the object at c43beb30
which belongs to the cache kernfs_node_cache of size 88
The buggy address is located 0 bytes to the right of
allocated 88-byte region [c43beb30, c43beb88)
The buggy address belongs to the physical page:
page:eee706b8 refcount:1 mapcount:0 mapping:00000000 index:0x0 pfn:0x43be
flags: 0x800(slab|zone=0)
page_type: 0xffffffff()
raw: 00000800 c208ee20 00000100 00000122 00000000 001e003c ffffffff 00000001
raw: 00000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 1, tgid 1 (swapper/0), ts 4790613568, free_ts 4778274944
prep_new_page+0x24/0x9c
get_page_from_freelist+0xcd0/0xeec
__alloc_pages+0x1e0/0xe08
alloc_slab_page+0x30/0x6c
new_slab+0xb4/0x308
___slab_alloc+0x400/0x5c8
kmem_cache_alloc+0xfc/0x264
__kernfs_new_node+0xfc/0x54c
kernfs_new_node+0x138/0x180
__kernfs_create_file+0x44/0x2c8
sysfs_add_file_mode_ns+0x284/0x304
sysfs_merge_group+0x2e0/0x310
btrfs_init_sysfs+0x3a8/0x52c
init_btrfs_fs+0xa8/0x288
do_one_initcall+0x144/0x434
kernel_init_freeable+0x7d4/0x7f4
page last free pid 1 tgid 1 stack trace:
free_unref_page_prepare+0x2a8/0x440
free_unref_page+0x84/0x2a8
destroy_args+0x1b8/0x388
debug_vm_pgtable+0xc40/0x12c0
do_one_initcall+0x144/0x434
kernel_init_freeable+0x7d4/0x7f4
kernel_init+0x28/0x148
ret_from_kernel_user_thread+0x10/0x18
Memory state around the buggy address:
c43bea80: fc fc fc fc fc 00 00 00 00 00 00 00 00 00 00 00
c43beb00: fc fc fc fc fc fc 00 00 00 00 00 00 00 00 00 00
>c43beb80: 00 fc fc fc fc fc fc 00 00 00 00 00 00 00 00 00
^
c43bec00: 00 00 fc fc fc fc fc fc 00 00 00 00 00 00 00 00
c43bec80: 00 00 00 fc fc fc fc fc fc 00 00 00 00 00 00 00
==================================================================
Disabling lock debugging due to kernel taint
hub 3-0:1.0: USB hub found
hub 3-0:1.0: 3 ports detected
b43-pci-bridge 0001:00:16.0: enabling device (0004 -> 0006)
------------[ cut here ]------------
kernel BUG at include/linux/swapops.h:466!
Oops: Exception in kernel mode, sig: 5 [#1]
BE PAGE_SIZE=4K MMU=Hash SMP NR_CPUS=2 DEBUG_PAGEALLOC PowerMac
Modules linked in: ssb(+) pcmcia pcmcia_core hwmon drm_suballoc_helper i2c_algo_bit drm_ttm_helper ttm drm_display_helper backlight ohci_pci(+)
CPU: 0 PID: 595 Comm: (udev-worker) Tainted: G B 6.8.0-rc7-PMacG4 #1
Hardware name: PowerMac3,6 7455 0x80010303 PowerMac
NIP: c03c10d0 LR: c03c1084 CTR: 00000000
REGS: f40abb90 TRAP: 0700 Tainted: G B (6.8.0-rc7-PMacG4)
MSR: 00029032 <EE,ME,IR,DR,RI> CR: 22084f32 XER: 00000000
GPR00: c03c1084 f40abc50 c34e8020 ef1253e8 fefefefe 00000000 f40abcb8 00000008
GPR08: 00000000 00000000 00000003 f40abc50 22084f32 009afaf4 1e8157c6 000f4240
GPR16: 00000000 afe1873c c6d868e0 00000001 c34e8390 f40abe3c 00707908 f40abf40
GPR24: a6ed6767 70c177aa c5e8b440 00000026 c6516884 ef1253e8 ef1253e8 fe81578c
NIP [c03c10d0] migration_entry_wait_on_locked+0x184/0x34c
LR [c03c1084] migration_entry_wait_on_locked+0x138/0x34c
Call Trace:
[f40abc50] [c03c1084] migration_entry_wait_on_locked+0x138/0x34c (unreliable)
[f40abd10] [c04caa94] migration_entry_wait+0xf0/0x110
[f40abd70] [c04440b0] do_swap_page+0x208/0x16d8
[f40abde0] [c0447808] handle_mm_fault+0x1984/0x1988
ohci-pci 0001:00:12.1: OHCI PCI host controller
[f40abec0] [c00462b0] ___do_page_fault+0x918/0xbf0
[f40abf10] [c004697c] do_page_fault+0x28/0x50
[f40abf30] [c000433c] DataAccess_virt+0x124/0x17c
--- interrupt: 300 at 0x6f7bd0
NIP: 006f7bd0 LR: 006f7b60 CTR: 006f3e60
REGS: f40abf40 TRAP: 0300 Tainted: G B (6.8.0-rc7-PMacG4)
MSR: 0000d032 <EE,PR,ME,IR,DR,RI> CR: 4200448c XER: 20000000
DAR: a6ed6767 DSISR: 40000000
GPR00: 006f983c afe162c0 a7adf6e0 013dfd00 20026767 afe175dc afe18614 00000007
GPR08: 839b87df 00026767 00000000 00000003 4200448c 009afaf4 00000000 000f4240
GPR16: 00000000 afe1873c 00000000 0aba9500 00000009 afe18724 00707908 afe1872c
GPR24: afe175dc 013dfd00 20000000 013d8040 afe175dc 20026767 00727c74 a6ed6767
ohci-pci 0001:00:12.1: new USB bus registered, assigned bus number 4
NIP [006f7bd0] 0x6f7bd0
LR [006f7b60] 0x6f7b60
--- interrupt: 300
Code: 5529cffe 7d485010 7d290194 5529063e 2c090000 41820010 2c080000 41a20008 481057b9 813e0000 71290001 40a20008 <0fe00000> 7fa3eb78 3fa061c8 3f40c1f7
---[ end trace 0000000000000000 ]---
[...]
Also got a different hit "BUG: KASAN: slab-out-of-bounds in handle_mm_fault+0x9d4/0x19ac" with a slightly different .config with kernel 6.8-rc6. Kernel .config + both dmesg attached.
Regards,
Erhard
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: dmesg_68-rc7_g4_v01.txt
URL: <http://lists.ozlabs.org/pipermail/linuxppc-dev/attachments/20240305/286247ae/attachment-0002.txt>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: dmesg_68-rc6_g4_v05.txt
URL: <http://lists.ozlabs.org/pipermail/linuxppc-dev/attachments/20240305/286247ae/attachment-0003.txt>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: config_68-rc7_g4-
Type: application/octet-stream
Size: 115986 bytes
Desc: not available
URL: <http://lists.ozlabs.org/pipermail/linuxppc-dev/attachments/20240305/286247ae/attachment-0001.obj>
More information about the Linuxppc-dev
mailing list