BUG: Kernel Oops in in_wl_tree() with UBI Fastmap support
Buzarra, Arturo
Arturo.Buzarra at digi.com
Tue Apr 18 00:53:32 PDT 2023
Hello,
We are having randomly the following issue in the boot process on Linux 5.15.67:
[ 21.552777] 8<--- cut here ---
[ 21.555819] Unable to handle kernel paging request at virtual address 42700010
[ 21.563033] pgd = b7fa8ea6
[ 21.565681] [42700010] *pgd=00000000
[ 21.569270] Internal error: Oops: 5 [#1] PREEMPT SMP ARM
[ 21.574641] Modules linked in:
[ 21.577690] CPU: 0 PID: 453 Comm: mount Not tainted 5.15.67-00008-gddf998a73730-dirty #283
[ 21.585888] Hardware name: STM32 (Device Tree Support)
[ 21.591050] PC is at in_wl_tree+0x30/0xc8
[ 21.595019] LR is at in_wl_tree+0x28/0xc8
[ 21.599080] pc : [<c0adafa8>] lr : [<c0adafa0>] psr: 200d0013
[ 21.605355] sp : c2685c88 ip : c2684000 fp : 00000006
[ 21.610519] r10: c21f30a8 r9 : c16cdd0c r8 : c0ce0d98
[ 21.615782] r7 : c16cdccc r6 : c16cdd74 r5 : c21f30a8 r4 : 42700000
[ 21.622360] r3 : 7918c21f r2 : 0000021c r1 : 78e9bd99 r0 : 00000015
[ 21.628838] Flags: nzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none
[ 21.636025] Control: 10c5387d Table: c25a406a DAC: 00000051
[ 21.641792] Register r0 information: non-paged memory
[ 21.646762] Register r1 information: non-paged memory
[ 21.651828] Register r2 information: non-paged memory
[ 21.656895] Register r3 information: non-paged memory
[ 21.661961] Register r4 information: non-paged memory
[ 21.667027] Register r5 information: slab fsnotify_mark_connector start c21f30a8 pointer offset 0
[ 21.675852] Register r6 information: slab kmalloc-4k start c16cd000 pointer offset 3444 size 4096
[ 21.684781] Register r7 information: slab kmalloc-4k start c16cd000 pointer offset 3276 size 4096
[ 21.693608] Register r8 information: non-slab/vmalloc memory
[ 21.699281] Register r9 information: slab kmalloc-4k start c16cd000 pointer offset 3340 size 4096
[ 21.708208] Register r10 information: slab fsnotify_mark_connector start c21f30a8 pointer offset 0
[ 21.717129] Register r11 information: non-paged memory
[ 21.722296] Register r12 information: non-slab/vmalloc memory
[ 21.728070] Process mount (pid: 453, stack limit = 0x6379c0ca)
[ 21.733843] Stack: (0xc2685c88 to 0xc2686000)
[ 21.738207] 5c80: c16cd000 0000021c c16cdd74 c0679238 00000000 0000041b
[ 21.746408] 5ca0: 00000006 c0adaedc 00000870 0000000b 0000000b c16cd000 c2745000 0000000b
[ 21.754608] 5cc0: c21dbc00 c260c640 00000006 c0ce0038 00000000 c0adaedc 00000000 00001000
[ 21.762808] 5ce0: 00000004 ce273000 00000000 c16cd480 c220c000 000007ff 00000006 0000000b
[ 21.771009] 5d00: 00001000 c220c000 c260c500 0000000b 00000001 c0672800 00001000 c260c500
[ 21.779208] 5d20: 00001000 c220c000 ce273000 c03d5f00 00001000 00000001 00000000 00000000
[ 21.787407] 5d40: 00001000 ce274000 00001000 c03ee740 00001000 00000001 ffffffff ce291b04
[ 21.795505] 5d60: c260c500 00001000 ce273000 00000800 c220c000 00000001 c220c000 c260c780
[ 21.803705] 5d80: c220c890 00000000 c0ca6c8c c220c000 0000000b c03debbc 00000001 c03dda34
[ 21.811905] 5da0: 00000000 00000001 00000100 c220c000 ce273000 00000001 ce273000 c260c500
[ 21.820106] 5dc0: 00000000 00001000 c260c780 c03ddca4 00000001 00000000 c220c7dc c03eca68
[ 21.828305] 5de0: c0d3329c c220c890 00000bef 00000000 00000000 c8603012 c220c000 00000001
[ 21.836506] 5e00: c220c000 c260c780 c220c890 00000000 c0ca6c8c c0ca6978 00000000 c03dee0c
[ 21.844704] 5e20: 00000032 00000000 c03ea97c c220c000 c220c6ec 00000000 00000000 00000000
[ 21.852903] 5e40: 00000000 00008000 bec12c90 c03d3364 c220c6ec c220c000 c24d2400 c0ca5834
[ 21.861002] 5e60: c24d2c00 c24d2400 c24d2400 c0248d14 c2685e90 c8603012 00000000 00000000
[ 21.869202] 5e80: c220c000 c24d2400 c220c730 00000000 00000000 c03d4610 c247c640 00008000
[ 21.877402] 5ea0: c220c000 c24d2400 00000000 c03d4768 c220c000 00000000 c2751900 c03d46b0
[ 21.885603] 5ec0: c2685f84 00000020 c247c5c0 c02802a8 c2751900 c2751900 c2685f84 c0248b20
[ 21.893802] 5ee0: c0c8caf4 00000002 00000000 0000000b 00000000 00000000 c2751900 c026fab4
[ 21.902003] 5f00: 00000000 c8603012 00000000 00008000 00000020 c2685f84 c247c5c0 c247c580
[ 21.910201] 5f20: 00000000 00000015 bec12c90 c0270590 c247c5c0 00000000 00000000 c25c7000
[ 21.918400] 5f40: 00000000 ffffff9c c2685f84 c8603012 c2684000 c247c580 c247c5c0 00000000
[ 21.926499] 5f60: 00008000 00000000 c2684000 00000015 bec12c90 c0271154 00000000 c8603012
[ 21.934698] 5f80: 00000000 c101acd0 c1c275d8 c8603012 00000000 00000000 01877388 00000015
[ 21.942898] 5fa0: c01002a4 c0100060 00000000 00000000 01877388 01877398 01877358 00008000
[ 21.951098] 5fc0: 00000000 00000000 01877388 00000015 b6f5d138 00000001 b6f4450c bec12c90
[ 21.959298] 5fe0: b6f5cfc4 bec12af8 b6f2c8cb b6e9eb5a 600f0030 01877388 00000000 00000000
[ 21.967498] [<c0adafa8>] (in_wl_tree) from [<c0679238>] (ubi_wl_put_peb+0x224/0x3e4)
[ 21.975216] [<c0679238>] (ubi_wl_put_peb) from [<c0adaedc>] (ubi_eba_atomic_leb_change+0x198/0x234)
[ 21.984240] [<c0adaedc>] (ubi_eba_atomic_leb_change) from [<c0672800>] (ubi_leb_change+0xbc/0xd4)
[ 21.993170] [<c0672800>] (ubi_leb_change) from [<c03d5f00>] (ubifs_leb_change+0x64/0xf0)
[ 22.001287] [<c03d5f00>] (ubifs_leb_change) from [<c03ee740>] (ubifs_recover_leb+0x2c4/0x558)
[ 22.009801] [<c03ee740>] (ubifs_recover_leb) from [<c03debbc>] (replay_bud+0x508/0x600)
[ 22.017812] [<c03debbc>] (replay_bud) from [<c03dee0c>] (ubifs_replay_journal+0x158/0x3c8)
[ 22.026024] [<c03dee0c>] (ubifs_replay_journal) from [<c03d3364>] (mount_ubifs+0x430/0x944)
[ 22.034439] [<c03d3364>] (mount_ubifs) from [<c03d4610>] (ubifs_fill_super.constprop.0+0x110/0x1b0)
[ 22.043456] [<c03d4610>] (ubifs_fill_super.constprop.0) from [<c03d4768>] (ubifs_mount+0xb8/0x160)
[ 22.052473] [<c03d4768>] (ubifs_mount) from [<c02802a8>] (legacy_get_tree+0x24/0x48)
[ 22.060185] [<c02802a8>] (legacy_get_tree) from [<c0248b20>] (vfs_get_tree+0x24/0xe4)
[ 22.068101] [<c0248b20>] (vfs_get_tree) from [<c026fab4>] (do_new_mount+0x164/0x2f8)
[ 22.075813] [<c026fab4>] (do_new_mount) from [<c0270590>] (path_mount+0x154/0x814)
[ 22.083418] [<c0270590>] (path_mount) from [<c0271154>] (sys_mount+0xf8/0x118)
[ 22.090620] [<c0271154>] (sys_mount) from [<c0100060>] (ret_fast_syscall+0x0/0x48)
[ 22.098224] Exception stack(0xc2685fa8 to 0xc2685ff0)
[ 22.103194] 5fa0: 00000000 00000000 01877388 01877398 01877358 00008000
[ 22.111394] 5fc0: 00000000 00000000 01877388 00000015 b6f5d138 00000001 b6f4450c bec12c90
[ 22.119590] 5fe0: b6f5cfc4 bec12af8 b6f2c8cb b6e9eb5a
[ 22.124662] Code: e5944000 ebffe4c3 e3540000 0a00001e (e5943010)
[ 22.130821] ---[ end trace 2c44dae2ebc3130e ]---
After investigate the issue, we found that this error is related with the UBI Fastmap support (CONFIG_MTD_UBI_FASTMAP)
and happens when the function ubi_wl_put_peb() is called twice with the same parameters, below you can find a debug messages when it fails:
[ 18.473879] DBG: drivers/mtd/ubi/eba.c on Line 534, check_mapping(): before ubi_wl_put_peb() Called from ubi_eba_read_leb+0x7c/0x478
[ 18.621978] DBG: drivers/mtd/ubi/wl.c on Line 1253, ubi_wl_put_peb(): INIT --- PEB 897, lnum = 4, vol_id = 4 --- Called from check_mapping.part.0+0x1d0/0x298
[ 18.636282] DBG: drivers/mtd/ubi/wl.c on Line 1253, ubi_wl_put_peb(): INIT --- PEB 897, lnum = 4, vol_id = 4 --- Called from check_mapping.part.0+0x1d0/0x298
[ 18.773852] DBG: drivers/mtd/ubi/wl.c on Line 1296, ubi_wl_put_peb(): inside else, erroneous_peb_count=0, free_count=1048
[ 18.807695] DBG: drivers/mtd/ubi/wl.c on Line 1296, ubi_wl_put_peb(): inside else, erroneous_peb_count=0, free_count=1048
These are the UBI volumes:
# cat /proc/mtd
dev: size erasesize name
mtd0: 00080000 00020000 "fsbl1"
mtd1: 00080000 00020000 "fsbl2"
mtd2: 00080000 00020000 "metadata1"
mtd3: 00080000 00020000 "metadata2"
mtd4: 00300000 00020000 "fip-a"
mtd5: 00300000 00020000 "fip-b"
mtd6: 0f800000 00020000 "UBI"
#
We also try to backport several fixes for newer kernel versions, but no patch fixes the problem.
Do you have any clue about the root cause?
Thanks,
Arturo.
More information about the linux-mtd
mailing list