Bug: Write fault blocked by KUAP! (kernel 6.2-rc6, Talos II)
Erhard F.
erhard_f at mailbox.org
Fri Feb 3 10:46:49 AEDT 2023
Happened during boot:
[...]
Creating 6 MTD partitions on "flash at 0":
0x000000000000-0x000004000000 : "PNOR"
0x000001b21000-0x000003921000 : "BOOTKERNEL"
0x000003a44000-0x000003a68000 : "CAPP"
0x000003a88000-0x000003a89000 : "VERSION"
0x000003a89000-0x000003ac9000 : "IMA_CATALOG"
0x000003e10000-0x000004000000 : "BOOTKERNFW"
BTRFS info: devid 1 device path /dev/root changed to /dev/nvme0n1p3 scanned by systemd-udevd (387)
Kernel attempted to write user page (aa55c280000) - exploit attempt? (uid: 0)
------------[ cut here ]------------
Bug: Write fault blocked by KUAP!
WARNING: CPU: 11 PID: 404 at arch/powerpc/mm/fault.c:228 ___do_page_fault+0x794/0x920
Modules linked in: drm_ttm_helper ttm drm_display_helper ofpart ghash_generic(+) drm_kms_helper vmx_crypto(+) powernv_flash ibmpowernv gf128mul syscopyarea sysfillrect hwmon mtd at24(+) sysimgblt usb_common regmap_i2c opal_prd pkcs8_key_parser zram zsmalloc powernv_cpufreq drm fuse drm_panel_orientation_quirks backlight configfs
CPU: 11 PID: 404 Comm: systemd-udevd Tainted: G T 6.2.0-rc6-P9 #2
Hardware name: T2P9D01 REV 1.01 POWER9 0x4e1202 opal:skiboot-bc106a0 PowerNV
NIP: c0000000000579c4 LR: c0000000000579c0 CTR: 0000000000000000
REGS: c000000023b57280 TRAP: 0700 Tainted: G T (6.2.0-rc6-P9)
MSR: 9000000000029032 <SF,HV,EE,ME,IR,DR,RI> CR: 44242242 XER: 00000000
CFAR: c0000000000b6d54 IRQMASK: 3
GPR00: 0000000000000000 c000000023b57520 c000000000e7cc00 0000000000000000
GPR04: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
GPR08: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
GPR12: 0000000000000000 c0000007fbfdcf00 aaaaaaaaaaaaaaab c00800000ce2ed98
GPR16: c00800000ce44d00 c00800000ce33fd8 c00800000bd97d08 c00800000bd29c80
GPR20: c00800000bd97e48 c00800000bd98f48 000000000002dd98 c000000023545500
GPR24: 00000aa55c27fffc 00000aa55c27f000 0000000002000000 c000000023545500
GPR28: 0000000000000300 c000000000d80470 00000aa55c280000 c000000023b57630
NIP [c0000000000579c4] ___do_page_fault+0x794/0x920
LR [c0000000000579c0] ___do_page_fault+0x790/0x920
Call Trace:
[c000000023b57520] [c0000000000579c0] ___do_page_fault+0x790/0x920 (unreliable)
[c000000023b575d0] [c000000000057bac] do_page_fault+0x5c/0x170
[c000000023b57600] [c0000000000088d8] data_access_common_virt+0x198/0x1f0
--- interrupt: 300 at __patch_instruction+0x50/0x70
NIP: c000000000064670 LR: c000000000064c2c CTR: c000000000048ee0
REGS: c000000023b57630 TRAP: 0300 Tainted: G T (6.2.0-rc6-P9)
MSR: 900000000280b032 <SF,HV,VEC,VSX,EE,FP,ME,IR,DR,RI> CR: 24222244 XER: 00000000
CFAR: c00000000006462c DAR: 00000aa55c280000 DSISR: 42000000 IRQMASK: 1
GPR00: 0000000000000000 c000000023b578d0 c000000000e7cc00 c00800000ce33ffc
GPR04: 041ae13000000000 00000aa55c27fffc 0000000000000000 0000000000000000
GPR08: 0000000000000000 00000000041ae130 0000000000000001 0000000000000000
GPR12: 0000000000000000 c0000007fbfdcf00 aaaaaaaaaaaaaaab c00800000ce2ed98
GPR16: c00800000ce44d00 c00800000ce33fd8 c00800000bd97d08 c00800000bd29c80
GPR20: c00800000bd97e48 c00800000bd98f48 000000000002dd98 c000000023545500
GPR24: 00000aa55c27fffc 00000aa55c27f000 041ae13000000000 c0000000012e1400
GPR28: 0000000000000000 c00800000ce33ffc c000000004a813f8 00000000000251bd
NIP [c000000000064670] __patch_instruction+0x50/0x70
LR [c000000000064c2c] patch_instruction+0x13c/0x280
--- interrupt: 300
[c000000023b578d0] [c000000000064bd8] patch_instruction+0xe8/0x280 (unreliable)
[c000000023b57950] [c000000000049314] apply_relocate_add+0x9f4/0xb50
[c000000023b57a70] [c000000000172cbc] load_module+0x20fc/0x2a00
[c000000023b57c00] [c0000000001738c8] __do_sys_finit_module+0xc8/0x180
[c000000023b57ce0] [c00000000002ae90] system_call_exception+0x130/0x2d0
[c000000023b57e50] [c00000000000c070] system_call_vectored_common+0xf0/0x280
--- interrupt: 3000 at 0x3fffa31d5a28
NIP: 00003fffa31d5a28 LR: 0000000000000000 CTR: 0000000000000000
REGS: c000000023b57e80 TRAP: 3000 Tainted: G T (6.2.0-rc6-P9)
MSR: 900000000280f032 <SF,HV,VEC,VSX,EE,PR,FP,ME,IR,DR,RI> CR: 48222244 XER: 00000000
IRQMASK: 0
GPR00: 0000000000000161 00003ffff9bf99f0 00003fffa32d7200 000000000000000d
GPR04: 00003fffa3375029 0000000000000000 000000000000000d 0000000000000000
GPR08: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
GPR12: 0000000000000000 00003fffa379c7e0 0000000000000000 000000012cb4a805
GPR16: 0000000040000000 0000000020000000 000000012cb4bcc9 00003fffa366da07
GPR20: 0000000000000000 000000015a588320 0000000020000000 0000000000000000
GPR24: 0000000020000000 0000000000000000 0000000000000000 000000015a561eb0
GPR28: 00003fffa3375029 0000000000020000 0000000000000000 000000015a58cc20
NIP [00003fffa31d5a28] 0x3fffa31d5a28
LR [0000000000000000] 0x0
--- interrupt: 3000
Code: e87f0100 48094161 60000000 2c230000 4182fefc 418e00b8 3c82ffee 388442a8 3c62ffee 38634398 4805f315 60000000 <0fe00000> fb210078 60000000 e93d0650
---[ end trace 0000000000000000 ]---
BTRFS: device label g5_sta devid 1 transid 55729 /dev/nvme0n1p5 scanned by systemd-udevd (467)
BTRFS: device label g4_musl devid 1 transid 64188 /dev/nvme0n1p8 scanned by systemd-udevd (425)
BTRFS: device label aux_p9 devid 1 transid 155143 /dev/nvme0n1p9 scanned by systemd-udevd (472)
BTRFS: device label g5_musl devid 1 transid 71824 /dev/nvme0n1p6 scanned by systemd-udevd (402)
[...]
Regards,
Erhard
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: dmesg_62-rc6_p9.txt
URL: <http://lists.ozlabs.org/pipermail/linuxppc-dev/attachments/20230203/33a2313f/attachment-0001.txt>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: config_62-rc6_p9
Type: application/octet-stream
Size: 117101 bytes
Desc: not available
URL: <http://lists.ozlabs.org/pipermail/linuxppc-dev/attachments/20230203/33a2313f/attachment-0001.obj>
More information about the Linuxppc-dev
mailing list