"BUG: Kernel NULL pointer dereference on read at 0x00000000" at running drm_gem_shmem_test on a Talos II, kernel 6.8-rc5

Erhard Furtner erhard_f at mailbox.org
Fri Feb 23 12:42:22 AEDT 2024 

Greetings!

Looks like my Talos II (running a BE kernel+system) fails some of the kernels internal unit tests. At running drm_gem_shmem_test via 'modprobe -v drm_gem_shmem_test' I get:

[...]
KTAP version 1
1..1
    KTAP version 1
    # Subtest: drm_gem_shmem
    # module: drm_gem_shmem_test
    1..8
    ok 1 drm_gem_shmem_test_obj_create
Kernel attempted to read user page (0) - exploit attempt? (uid: 0)
BUG: Kernel NULL pointer dereference on read at 0x00000000
Faulting instruction address: 0xc0000000002038a8
Oops: Kernel access of bad area, sig: 11 [#1]
BE PAGE_SIZE=4K MMU=Radix SMP NR_CPUS=32 NUMA PowerNV
Modules linked in: drm_gem_shmem_test drm_shmem_helper drm_format_helper_test drm_kunit_helpers rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace sunrpc snd_hrtimer snd_seq snd_seq_device snd_timer snd soundcore evdev input_leds hid_generic usbhid hid cfg80211 rfkill xts radeon ctr xhci_pci xhci_hcd cbc drm_suballoc_helper i2c_algo_bit drm_ttm_helper ttm usbcore ofpart aes_generic libaes drm_display_helper powernv_flash vmx_crypto gf128mul at24 mtd backlight opal_prd usb_common ibmpowernv regmap_i2c lz4 lz4_compress lz4_decompress zram pkcs8_key_parser powernv_cpufreq loop dm_mod configfs
CPU: 14 PID: 1272 Comm: kunit_try_catch Tainted: G                TN 6.8.0-rc5-P9 #1
Hardware name: T2P9D01 REV 1.01 POWER9 0x4e1202 opal:skiboot-bc106a0 PowerNV
NIP:  c0000000002038a8 LR: c00800000ccbe238 CTR: c00000000020386c
REGS: c00000000dfc7920 TRAP: 0300   Tainted: G                TN  (6.8.0-rc5-P9)
MSR:  9000000000009032 <SF,HV,EE,ME,IR,DR,RI>  CR: 24000220  XER: 20040156
CFAR: c00800000ccbfc84 DAR: 0000000000000000 DSISR: 40000000 IRQMASK: 0 
GPR00: c00800000ccbe238 c00000000dfc7bc0 c0000000011ee100 c000000011f41c00 
GPR04: c00000000a6adc20 0000000000000001 0000000000000000 0000000000000000 
GPR08: 0000000000000000 0000000000000000 c0000000117c4000 c00800000ccbfc70 
GPR12: c00000000020386c c0000007fbfd6400 c0000000001822fc c00000000e728700 
GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 
GPR20: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 
GPR24: 0000000000000000 c00800000cd02de8 c00800000cd0329c c0000000117c4000 
GPR28: 0000000000100000 c00000000e1933f0 0000000000000000 c000000011f41c00 
NIP [c0000000002038a8] dma_unmap_sg_attrs+0x3c/0x198
LR [c00800000ccbe238] drm_gem_shmem_free+0xc8/0x214 [drm_shmem_helper]
Call Trace:
[c00000000dfc7bc0] [c000000000865a28] kunit_remove_action+0x204/0x248 (unreliable)
[c00000000dfc7c20] [c00800000ccbe238] drm_gem_shmem_free+0xc8/0x214 [drm_shmem_helper]
[c00000000dfc7c90] [c00800000cd03c20] drm_gem_shmem_test_obj_create_private+0x228/0x580 [drm_gem_shmem_test]
[c00000000dfc7ea0] [c0000000008642d4] kunit_try_run_case+0xb8/0x2a0
[c00000000dfc7f60] [c000000000867bf0] kunit_generic_run_threadfn_adapter+0x30/0x44
[c00000000dfc7f90] [c000000000182424] kthread+0x130/0x138
[c00000000dfc7fe0] [c00000000000d030] start_kernel_thread+0x14/0x18
Code: fbe1fff8 fbc1fff0 28060003 39200001 7c7f1b78 7d20481e f8010010 f821ffa1 ebc30238 0b090000 e9230240 2c3e0000 <e9290000> 40820054 7fe3fb78 4800215d 
---[ end trace 0000000000000000 ]---

note: kunit_try_catch[1272] exited with irqs disabled
    # drm_gem_shmem_test_obj_create_private: try timed out
[...]


drm_format_helper_test failing I already reported (https://lore.kernel.org/all/20240220004531.5c6e5b38@yea/T/). Apart from these 2 the other drm tests pass on the Talos II.

Full dmesg + kernel .config attached.

Regards,
Erhard
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dmesg_68-rc5_p9
Type: application/octet-stream
Size: 88107 bytes
Desc: not available
URL: <http://lists.ozlabs.org/pipermail/linuxppc-dev/attachments/20240223/0c1f03db/attachment-0002.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: config_68-rc5_p9
Type: application/octet-stream
Size: 128761 bytes
Desc: not available
URL: <http://lists.ozlabs.org/pipermail/linuxppc-dev/attachments/20240223/0c1f03db/attachment-0003.obj>

More information about the Linuxppc-dev mailing list