BUG: Bad page map in process/Bad Swap file entry, RPI CM4 on clone syscall
Max Schulze
max.schulze at online.de
Fri Aug 12 13:01:06 PDT 2022
Hello,
I run a userspace program, which does image analysis. This is compiled from freepascal. The program freezes, I get below kernel oops. My program is calling SysUtils.ExecuteProcess('/sbin/shutdown') when finished, I have traced with strace and it hangs at the *clone syscall*.
I have 4 different devices where this happens. Tonight I built the latest kernel with debug infos (rpi-5.19.y commit c3a3eb5a3).
Log is attached.
a) might bad pointers being fed into the clone syscall be the culprit or is this purely a kernel issue? Do you have tips how to investigate?
b) how can I improve the debug logs, which kernel options should I add ?
Thanks,
Max
$ cat /proc/cmdline
coherent_pool=1M snd_bcm2835.enable_headphones=0 snd_bcm2835.enable_hdmi=0 video=HDMI-A-1:1920x1080M at 60 smsc95xx.macaddr=<> vc_mem.mem_base=0x3ec00000 vc_mem.mem_size=0x40000000 console=tty1 root=PARTUUID=<> rootfstype=ext4 fsck.repair=yes rootwait kpti=0 nokaslr mitigations=off
[20:47:09] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
[20:48:46] BUG: Bad page map in process projecta pte:1110111111111111 pmd:800000001c40003
[20:48:46] addr:0000007fa1c00000 vm_flags:00100073 anon_vma:ffffff805bf80d08 mapping:0000000000000000 index:7fa1c00
[20:48:46] file:(null) fault:0x0 mmap:0x0 read_folio:0x0
[20:48:46] CPU: 0 PID: 1069 Comm: projecta Tainted: G C 5.19.0-v8+ #1
[20:48:46] Hardware name: Raspberry Pi Compute Module 4 Rev 1.0 (DT)
[20:48:46] Call trace:
[20:48:46] dump_backtrace.part.0+0x1dc/0x1ec
[20:48:46] show_stack+0x24/0x80
[20:48:46] dump_stack_lvl+0x8c/0xb8
[20:48:46] dump_stack+0x1c/0x38
[20:48:46] print_bad_pte+0x2ec/0x350
[20:48:46] vm_normal_page+0x16c/0x190
[20:48:46] copy_page_range+0x45c/0x13c0
[20:48:46] dup_mm+0x5bc/0x7f4
[20:48:46] copy_process+0x1354/0x2370
[20:48:46] kernel_clone+0xf0/0x590
[20:48:46] __do_sys_clone+0xa4/0xe0
[20:48:46] __arm64_sys_clone+0x74/0x90
[20:48:46] invoke_syscall+0x68/0x1a0
[20:48:46] el0_svc_common.constprop.0+0x88/0x170
[20:48:46] do_el0_svc+0xcc/0xf0
[20:48:46] el0_svc+0x30/0x70
[20:48:46] el0t_64_sync_handler+0x1ac/0x1b0
[20:48:46] el0t_64_sync+0x18c/0x190
[20:48:46] Disabling lock debugging due to kernel taint
[20:48:46] get_swap_device: Bad swap file entry 801111112111111
[20:48:46] BUG: Bad page map in process projecta pte:1211111111111111 pmd:800000001c40003
[20:48:46] addr:0000007fa1c02000 vm_flags:00100073 anon_vma:ffffff805bf80d08 mapping:0000000000000000 index:7fa1c02
[20:48:46] file:(null) fault:0x0 mmap:0x0 read_folio:0x0
[20:48:46] CPU: 0 PID: 1069 Comm: projecta Tainted: G B C 5.19.0-v8+ #1
[20:48:46] Hardware name: Raspberry Pi Compute Module 4 Rev 1.0 (DT)
[20:48:46] Call trace:
[20:48:46] dump_backtrace.part.0+0x1dc/0x1ec
[20:48:46] show_stack+0x24/0x80
[20:48:46] dump_stack_lvl+0x8c/0xb8
[20:48:46] dump_stack+0x1c/0x38
[20:48:46] print_bad_pte+0x2ec/0x350
[20:48:46] vm_normal_page+0x16c/0x190
[20:48:46] copy_page_range+0x45c/0x13c0
[20:48:46] dup_mm+0x5bc/0x7f4
[20:48:46] copy_process+0x1354/0x2370
[20:48:46] kernel_clone+0xf0/0x590
[20:48:46] __do_sys_clone+0xa4/0xe0
[20:48:46] __arm64_sys_clone+0x74/0x90
[20:48:46] invoke_syscall+0x68/0x1a0
[20:48:46] el0_svc_common.constprop.0+0x88/0x170
[20:48:46] do_el0_svc+0xcc/0xf0
[20:48:46] el0_svc+0x30/0x70
[20:48:46] el0t_64_sync_handler+0x1ac/0x1b0
[20:48:46] el0t_64_sync+0x18c/0x190
[20:48:46] ==================================================================
[20:48:46] BUG: KASAN: user-memory-access in __sync_icache_dcache+0xc0/0x190
[20:48:46] Read of size 8 at addr 0000004244444440 by task projecta/1069
[20:48:46] CPU: 0 PID: 1069 Comm: projecta Tainted: G B C 5.19.0-v8+ #1
[20:48:46] Hardware name: Raspberry Pi Compute Module 4 Rev 1.0 (DT)
[20:48:46] Call trace:
[20:48:46] dump_backtrace.part.0+0x1dc/0x1ec
[20:48:46] show_stack+0x24/0x80
[20:48:46] dump_stack_lvl+0x8c/0xb8
[20:48:46] print_report+0xcc/0x580
[20:48:46] kasan_report+0xa8/0x170
[20:48:46] __asan_load8+0x94/0xd0
[20:48:46] __sync_icache_dcache+0xc0/0x190
[20:48:46] set_pte_at+0x20c/0x280
[20:48:46] copy_page_range+0x7fc/0x13c0
[20:48:46] dup_mm+0x5bc/0x7f4
[20:48:46] copy_process+0x1354/0x2370
[20:48:46] kernel_clone+0xf0/0x590
[20:48:46] __do_sys_clone+0xa4/0xe0
[20:48:46] __arm64_sys_clone+0x74/0x90
[20:48:46] invoke_syscall+0x68/0x1a0
[20:48:46] el0_svc_common.constprop.0+0x88/0x170
[20:48:46] do_el0_svc+0xcc/0xf0
[20:48:46] el0_svc+0x30/0x70
[20:48:46] el0t_64_sync_handler+0x1ac/0x1b0
[20:48:46] el0t_64_sync+0x18c/0x190
[20:48:46] ==================================================================
[20:48:46] Unable to handle kernel paging request at virtual address 0000004244444440
[20:48:46] Mem abort info:
[20:48:46] ESR = 0x0000000096000005
[20:48:46] EC = 0x25: DABT (current EL), IL = 32 bits
[20:48:46] SET = 0, FnV = 0
[20:48:46] EA = 0, S1PTW = 0
[20:48:46] FSC = 0x05: level 1 translation fault
[20:48:46] Data abort info:
[20:48:46] ISV = 0, ISS = 0x00000005
[20:48:46] CM = 0, WnR = 0
[20:48:46] user pgtable: 4k pages, 39-bit VAs, pgdp=000000004ef1b000
[20:48:46] [0000004244444440] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000
[20:48:46] Internal error: Oops: 96000005 [#1] PREEMPT SMP
[20:48:46] Modules linked in: ov9281 rtc_pcf85063 regmap_i2c brcmfmac brcmutil cfg80211 v3d gpu_sched raspberrypi_hwmon drm_shmem_helper gpio_keys i2c_mux_pinctrl i2c_mux bcm2835_unicam rfkill v4l2_dv_timings i2c_brcmstb v4l2_fwnode joydev v4l2_async hid_microsoft rpivid_hevc(C) bcm2835_codec(C) bcm2835_isp(C) ff_memless bcm2835_v4l2(C) i2c_bcm2835 bcm2835_mmal_vchiq(C) v4l2_mem2mem videobuf2_dma_contig videobuf2_vmalloc videobuf2_memops vc_sm_cma(C) videobuf2_v4l2 videobuf2_common videodev mc nvmem_rmem uio_pdrv_genirq uio drm fuse drm_panel_orientation_quirks backlight ip_tables x_tables ipv6
[20:48:46] CPU: 0 PID: 1069 Comm: projecta Tainted: G B C 5.19.0-v8+ #1
[20:48:46] Hardware name: Raspberry Pi Compute Module 4 Rev 1.0 (DT)
[20:48:46] pstate: 40000005 (nZcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[20:48:46] pc : __sync_icache_dcache+0xc0/0x190
[20:48:46] lr : __sync_icache_dcache+0xc0/0x190
[20:48:46] sp : ffffffc00ce97590
[20:48:46] x29: ffffffc00ce97590 x28: ffffff804b540e50 x27: fffffffe00071028
[20:48:46] x26: 0000007fa1c02000 x25: fffffffe00bf5228 x24: 0000000000000000
[20:48:46] x23: fffffffe00000000 x22: 0000004244444440 x21: 1ffffff8019d2eba
[20:48:46] x20: 0000000000000000 x19: 0000004444444440 x18: 0000000000000000
[20:48:46] x17: 3d3d3d3d3d3d3d3d x16: 3d3d3d3d3d3d3d3d x15: 3d3d3d3d3d3d3d3d
[20:48:46] x14: 3d3d3d3d3d3d3d3d x13: 3d3d3d3d3d3d3d3d x12: ffffffb8014d3a11
[20:48:46] x11: 1ffffff8014d3a10 x10: ffffffb8014d3a10 x9 : dfffffc000000000
[20:48:46] x8 : ffffffc00a69d087 x7 : 0000000000000001 x6 : 00000047feb2c5f0
[20:48:46] x5 : ffffffc00a69d080 x4 : ffffffb8014d3a11 x3 : ffffffc0080b88a4
[20:48:46] x2 : 0000000000000000 x1 : ffffff804c330040 x0 : 0000000000000001
[20:48:46] Call trace:
[20:48:46] __sync_icache_dcache+0xc0/0x190
[20:48:46] set_pte_at+0x20c/0x280
[20:48:46] copy_page_range+0x7fc/0x13c0
[20:48:46] dup_mm+0x5bc/0x7f4
[20:48:46] copy_process+0x1354/0x2370
[20:48:46] kernel_clone+0xf0/0x590
[20:48:46] __do_sys_clone+0xa4/0xe0
[20:48:46] __arm64_sys_clone+0x74/0x90
[20:48:46] invoke_syscall+0x68/0x1a0
[20:48:46] el0_svc_common.constprop.0+0x88/0x170
[20:48:46] do_el0_svc+0xcc/0xf0
[20:48:46] el0_svc+0x30/0x70
[20:48:46] el0t_64_sync_handler+0x1ac/0x1b0
[20:48:46] el0t_64_sync+0x18c/0x190
[20:48:46] Code: d37ae673 8b170276 aa1603e0 940fa1ce (f8776a60)
[20:48:46] ---[ end trace 0000000000000000 ]---
[20:48:46] note: projecta[1069] exited with preempt_count 2
[20:53:57] brcmfmac: brcmf_cfg80211_set_power_mgmt: power save enabled
[20:57:57] kmemleak: 2434 new suspected memory leaks (see /sys/kernel/debug/kmemleak)
More information about the linux-arm-kernel
mailing list