[powerpc]next-20210604 - Kernel crash while running pmem tests

From: Sachin Sant <sachinp@linux.vnet.ibm.com>
To: nvdimm@lists.linux.dev, linuxppc-dev@lists.ozlabs.org
Cc: linux-next@vger.kernel.org, hch@lst.de
Subject: [powerpc]next-20210604 - Kernel crash while running pmem tests
Date: Sun, 6 Jun 2021 18:28:22 +0530	[thread overview]
Message-ID: <DFB75BA8-603F-4A35-880B-C5B23EF8FA7D@linux.vnet.ibm.com> (raw)

Running pmem tests [1] against latest next tree booted on powerpc
results into following crash

[ 1307.124289] Kernel attempted to read user page (330) - exploit attempt? (uid: 0)
[ 1307.124319] BUG: Kernel NULL pointer dereference on read at 0x00000330
[ 1307.124328] Faulting instruction address: 0xc000000000906344
[ 1307.124336] Oops: Kernel access of bad area, sig: 11 [#1]
[ 1307.124343] LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA pSeries
[ 1307.124353] Modules linked in: rpadlpar_io rpaphp dm_mod bonding rfkill sunrpc pseries_rng papr_scm uio_pdrv_genirq uio sch_fq_codel ip_tables sd_mod t10_pi sg ibmvscsi scsi_transport_srp ibmveth fuse
[ 1307.124392] CPU: 14 PID: 23553 Comm: lt-ndctl Not tainted 5.13.0-rc4-next-20210604 #1
[ 1307.124403] NIP:  c000000000906344 LR: c0000000004701d4 CTR: c000000000906320
[ 1307.124411] REGS: c000000022cbb720 TRAP: 0300   Not tainted  (5.13.0-rc4-next-20210604)
[ 1307.124420] MSR:  800000000280b033 <SF,VEC,VSX,EE,FP,ME,IR,DR,RI,LE>  CR: 48048288  XER: 20040000
[ 1307.124441] CFAR: c0000000004701d0 DAR: 0000000000000330 DSISR: 40000000 IRQMASK: 0 
[ 1307.124441] GPR00: c0000000004701d4 c000000022cbb9c0 c000000001b39100 c0000000220e16a0 
[ 1307.124441] GPR04: c00000009483a300 c00000009483a300 0000000028048282 c00000000001dd30 
[ 1307.124441] GPR08: 0000000000000001 0000000000000000 0000000000000001 c000000001b7e060 
[ 1307.124441] GPR12: c000000000906320 c00000167fa21a80 fffffffffffffffa 0000000010050f6c 
[ 1307.124441] GPR16: 0000000010050e88 00007fffc289f87b 00007fffc289a850 00007fffc289a6b8 
[ 1307.124441] GPR20: 0000000000000003 0000000010033600 0000000010050f6a 0000000000000000 
[ 1307.124441] GPR24: 0000000000000000 c0000000268cf810 c00000000bcb2660 c0000000220e1728 
[ 1307.124441] GPR28: 0000000000000001 c000000001bf1978 c0000000220e16a0 00000000040f1000 
[ 1307.124537] NIP [c000000000906344] pmem_pagemap_cleanup+0x24/0x40
[ 1307.124550] LR [c0000000004701d4] memunmap_pages+0x1b4/0x4b0
[ 1307.124560] Call Trace:
[ 1307.124564] [c000000022cbb9c0] [c0000000009063c8] pmem_pagemap_kill+0x28/0x40 (unreliable)
[ 1307.124576] [c000000022cbb9e0] [c0000000004701d4] memunmap_pages+0x1b4/0x4b0
[ 1307.124586] [c000000022cbba90] [c0000000008b28a0] devm_action_release+0x30/0x50
[ 1307.124597] [c000000022cbbab0] [c0000000008b39c8] release_nodes+0x2f8/0x3e0
[ 1307.124607] [c000000022cbbb60] [c0000000008ac440] device_release_driver_internal+0x190/0x2b0
[ 1307.124619] [c000000022cbbba0] [c0000000008a8450] unbind_store+0x130/0x170
[ 1307.124629] [c000000022cbbbe0] [c0000000008a75b4] drv_attr_store+0x44/0x60
[ 1307.124638] [c000000022cbbc00] [c000000000594a08] sysfs_kf_write+0x68/0x80
[ 1307.124648] [c000000022cbbc20] [c0000000005930e0] kernfs_fop_write_iter+0x1a0/0x290
[ 1307.124657] [c000000022cbbc70] [c00000000047830c] new_sync_write+0x14c/0x1d0
[ 1307.124666] [c000000022cbbd10] [c00000000047b8d4] vfs_write+0x224/0x330
[ 1307.124675] [c000000022cbbd60] [c00000000047bbbc] ksys_write+0x7c/0x140
[ 1307.124683] [c000000022cbbdb0] [c00000000002ecd0] system_call_exception+0x150/0x2d0
[ 1307.124694] [c000000022cbbe10] [c00000000000d45c] system_call_common+0xec/0x278
[ 1307.124703] --- interrupt: c00 at 0x7fffa26cbd74
[ 1307.124710] NIP:  00007fffa26cbd74 LR: 00007fffa28bb6bc CTR: 0000000000000000
[ 1307.124717] REGS: c000000022cbbe80 TRAP: 0c00   Not tainted  (5.13.0-rc4-next-20210604)
[ 1307.124726] MSR:  800000000280f033 <SF,VEC,VSX,EE,PR,FP,ME,IR,DR,RI,LE>  CR: 24048402  XER: 00000000
[ 1307.124746] IRQMASK: 0 
[ 1307.124746] GPR00: 0000000000000004 00007fffc289a180 00007fffa27c7100 0000000000000004 
[ 1307.124746] GPR04: 0000000047d24c4c 0000000000000007 0000000000000000 00007fffa28dd1d8 
[ 1307.124746] GPR08: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 
[ 1307.124746] GPR12: 0000000000000000 00007fffa29a2560 fffffffffffffffa 0000000010050f6c 
[ 1307.124746] GPR16: 0000000010050e88 00007fffc289f87b 00007fffc289a850 00007fffc289a6b8 
[ 1307.124746] GPR20: 0000000000000003 0000000010033600 0000000010050f6a 0000000000000000 
[ 1307.124746] GPR24: 0000000010050e60 0000000047d28340 00000000100314e8 0000000000000000 
[ 1307.124746] GPR28: 00007fffa299b5c8 0000000000000004 0000000000000007 0000000047d24c4c 
[ 1307.124831] NIP [00007fffa26cbd74] 0x7fffa26cbd74
[ 1307.124838] LR [00007fffa28bb6bc] 0x7fffa28bb6bc
[ 1307.124844] --- interrupt: c00
[ 1307.124848] Instruction dump:
[ 1307.124854] 7c0803a6 4e800020 60000000 3c4c0123 38422de0 7c0802a6 60000000 7c0802a6 
[ 1307.124870] f8010010 f821ffe1 e9230030 e9290088 <e8690330> 4bddbb01 60000000 38210020 
[ 1307.124886] ---[ end trace 9881d6f8c705bac2 ]—

next-20210601 was good. 

The code in question pmem_pagemap_cleanup was last changed by
commit 87eb73b2ca7
nvdimm-pmem: convert to blk_alloc_disk/blk_cleanup_disk

static void pmem_pagemap_cleanup(struct dev_pagemap *pgmap)
{
        struct request_queue *q =
                container_of(pgmap->ref, struct request_queue, q_usage_counter);

        blk_cleanup_disk(queue_to_disk(q));  <<====
}

Thanks
-Sachin

[1] https://github.com/avocado-framework-tests/avocado-misc-tests/blob/master/memory/ndctl.py