[ppc64le] Boot failure kernel BUG at mm/usercopy.c:102!

Sachin Sant sachinp at linux.ibm.com
Mon Mar 25 17:38:35 AEDT 2024


Today’s next (6.9.0-rc1-next-20240325) fails to boot on powerpc:

[ 1.955512] usercopy: Kernel memory exposure attempt detected from SLUB object 'cpumask' (offset 0, size 16)!
[ 1.955531] ------------[ cut here ]------------
[ 1.955535] kernel BUG at mm/usercopy.c:102!
[ 1.955539] Oops: Exception in kernel mode, sig: 5 [#1]
[ 1.955543] LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=8192 NUMA pSeries
[ 1.955547] Modules linked in:
[ 1.955551] CPU: 27 PID: 482 Comm: systemd-udevd Not tainted 6.9.0-rc1-next-20240325 #1
[ 1.955556] Hardware name: IBM,9080-HEX POWER10 (raw) 0x800200 0xf000006 of:IBM,FW1060.00 (NH1060_018) hv:phyp pSeries
[ 1.955561] NIP: c0000000005d08d4 LR: c0000000005d08d0 CTR: 00000000006e638c
[ 1.955565] REGS: c00000005383f9f0 TRAP: 0700 Not tainted (6.9.0-rc1-next-20240325)
[ 1.955570] MSR: 8000000000029033 <SF,EE,ME,IR,DR,RI,LE> CR: 2800220f XER: 00000002
[ 1.955579] CFAR: c0000000002141f0 IRQMASK: 0 
[ 1.955579] GPR00: c0000000005d08d0 c00000005383fc90 c000000001563b00 0000000000000061 
[ 1.955579] GPR04: c000000e855b7c08 c000000e8563e000 c00000005383fad8 0000000e83380000 
[ 1.955579] GPR08: 0000000000000027 c00000000223c030 0000000e83380000 0000000000000001 
[ 1.955579] GPR12: c000000002a37bd0 c000000e87be8300 0000000000000000 0000000000000000 
[ 1.955579] GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 
[ 1.955579] GPR20: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 
[ 1.955579] GPR24: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 
[ 1.955579] GPR28: 0000000000000001 c000000004017200 0000000000000010 c0000000097129b0 
[ 1.955623] NIP [c0000000005d08d4] usercopy_abort+0x78/0xb0
[ 1.955630] LR [c0000000005d08d0] usercopy_abort+0x74/0xb0
[ 1.955634] Call Trace:
[ 1.955636] [c00000005383fc90] [c0000000005d08d0] usercopy_abort+0x74/0xb0 (unreliable)
[ 1.955642] [c00000005383fd00] [c0000000005424e4] __check_heap_object+0x1b0/0x1b4
[ 1.955649] [c00000005383fd40] [c0000000005d0b24] check_heap_object+0x218/0x240
[ 1.955654] [c00000005383fd80] [c0000000005d0bd0] __check_object_size+0x84/0x1a4
[ 1.955659] [c00000005383fdc0] [c0000000001c1990] sys_sched_getaffinity+0x114/0x174
[ 1.955665] [c00000005383fe10] [c000000000033498] system_call_exception+0x138/0x330
[ 1.955671] [c00000005383fe50] [c00000000000d05c] system_call_vectored_common+0x15c/0x2ec
[ 1.955678] --- interrupt: 3000 at 0x7fff8ccb72c0
[ 1.955682] NIP: 00007fff8ccb72c0 LR: 00007fff8ccb72c0 CTR: 0000000000000000
[ 1.955686] REGS: c00000005383fe80 TRAP: 3000 Not tainted (6.9.0-rc1-next-20240325)
[ 1.955690] MSR: 800000000280f033 <SF,VEC,VSX,EE,PR,FP,ME,IR,DR,RI,LE> CR: 44002808 XER: 00000000
[ 1.955700] IRQMASK: 0 
[ 1.955700] GPR00: 00000000000000df 00007fffd97f38a0 00007fff8d337500 0000000000000000 
[ 1.955700] GPR04: 0000000000000010 0000000145511090 0000000145510010 0000000000145511 
[ 1.955700] GPR08: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 
[ 1.955700] GPR12: 0000000000000000 00007fff8d3e4c40 0000000110e15770 0000000110e157c8 
[ 1.955700] GPR16: 0000000110e15840 0000000110e15880 0000000110e15800 0000000110e190c0 
[ 1.955700] GPR20: 0000000000000000 0000000000000001 0000000000000001 0000000110e60000 
[ 1.955700] GPR24: 0000000110e60340 0000000110e603c8 0000000110e603c0 0000000110e60058 
[ 1.955700] GPR28: 0000000000000038 0000000000000100 0000000145511090 0000000000000010 
[ 1.955742] NIP [00007fff8ccb72c0] 0x7fff8ccb72c0
[ 1.955746] LR [00007fff8ccb72c0] 0x7fff8ccb72c0
[ 1.955749] --- interrupt: 3000
[ 1.955751] Code: 2c280000 41820050 3ce2ffe6 3d22ffe5 38e77ce8 3929c168 7c661b78 3c62ffe6 f9610060 38637cf0 4bc438dd 60000000 <0fe00000> 3c82ffe4 3ca2ffef 38846510 
[ 1.955765] ---[ end trace 0000000000000000 ]---
[ 1.957568] pstore: backend (nvram) writing error (-1)
[ 1.957572] 
[ 2.957575] Kernel panic - not syncing: Fatal exception
[ 2.963038] Rebooting in 10 seconds..

Git bisect points to following patch

commit 328c801335d5f7edf2a3c9c331ddf8978f21e2a7
    cpumask: create dedicated kmem cache for cpumask var

Have attached the boot log and .config
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: boot.txt
URL: <http://lists.ozlabs.org/pipermail/linuxppc-dev/attachments/20240325/521d4704/attachment-0001.txt>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: config_next
Type: application/octet-stream
Size: 174532 bytes
Desc: not available
URL: <http://lists.ozlabs.org/pipermail/linuxppc-dev/attachments/20240325/521d4704/attachment-0001.obj>
-------------- next part --------------


-- Sachin


More information about the Linuxppc-dev mailing list