> Subject: RE: [Oops] vfree abort in bpf_jit_free with memcg_data value 0xffff > > Hi Roman, > > > Subject: Re: [Oops] vfree abort in bpf_jit_free with memcg_data value > > 0xffff > > > > On Mon, Jun 03, 2024 at 09:10:43AM +0000, Peng Fan wrote: > > > Hi All, > > > > > > We are running 6.6 kernel on NXP i.MX95 platform, and meet an issue > > > very hard to reproduce. Panic log in the end. I check the registers > > > and > > source code. > > > > Hi! > > > > Do you know by a chance if the issue is reproducible on newer kernels? > > > > From a very first glance, I doubt it's a generic memory accounting > > issue, otherwise we'd see a lot more instances of it. So my guess it > > something related to bpf jit code. It seems like there were heavy > > changes since 6.6, this is why I'm asking about newer kernels. > > I not have a full test environment with newer kernel, the i.MX95 platform has > not been landed in upstream repo. > > After I enable DEBUG_VM, I have a new dump in virt_to_phys: I am thinking > whether the dma corrupt memory. And with disabling DPU, I am redoing the > test, and see how it goes. After address the virt_to_phys issue, I could still see bpt_jit_free trigger kernel panic. Is there any suggestion that how I could reproduce this issue sooner? Currently I am doing linux reboot test, but needs several hours or more to reproduce this issue. Thanks, Peng. > > [ 2.992655] ------------[ cut here ]------------ > [ 3.003764] virt_to_phys used for non-linear address: 00000000897eac93 > (0xffff800086001000) > [ 3.004944] sysctr_timer_read_write:10024 retry: 1 > [ 3.012196] WARNING: CPU: 0 PID: 11 at arch/arm64/mm/physaddr.c:12 > __virt_to_phys+0x68/0x98 > [ 3.025243] Modules linked in: > [ 3.028312] CPU: 0 PID: 11 Comm: kworker/u12:0 Not tainted 6.6.23- > 06226-g4986cc3e1b75-dirty #251 > [ 3.037098] Hardware name: NXP i.MX95 19X19 board (DT) > [ 3.042239] Workqueue: events_unbound deferred_probe_work_func > [ 3.044953] sysctr_timer_read_write:10024 retry: 1 > [ 3.048079] pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS > BTYPE=--) > [ 3.059796] pc : __virt_to_phys+0x68/0x98 > [ 3.063809] lr : __virt_to_phys+0x68/0x98 > [ 3.067839] sp : ffff800082de3990 > [ 3.071141] x29: ffff800082de3990 x28: 0000000000000000 x27: > 0000000034325258 > [ 3.078282] x26: ffff000084748000 x25: ffff0000818ba800 x24: > ffff00008471dc00 > [ 3.084954] sysctr_timer_read_write:10024 retry: 1 > [ 3.085423] x23: 0000000000000000 x22: ffff0000818ba200 x21: > ffff00008080bc00 > [ 3.097323] x20: ffff0000847345c0 x19: ffff800086001000 x18: > 0000000000000006 > [ 3.104447] x17: 6666783028203339 x16: 6361653739383030 x15: > 303030303030203a > [ 3.111588] x14: 7373657264646120 x13: 2930303031303036 x12: > 3830303038666666 > [ 3.118712] x11: 6678302820333963 x10: 0000000000000a90 x9 : > ffff8000800e04a0 > [ 3.120954] sysctr_timer_read_write:10024 retry: 1 > [ 3.125836] x8 : ffff0000803d28f0 x7 : 000000006273d88e x6 : > 0000000000000400 > [ 3.137736] x5 : 00000000410fd050 x4 : 0000000000f0000f x3 : > 0000000000200000 > [ 3.144894] x2 : 0000000000000000 x1 : 0000000000000000 x0 : > ffff0000803d1e00 > [ 3.152036] Call trace: > [ 3.154489] __virt_to_phys+0x68/0x98 > [ 3.158163] drm_fbdev_dma_helper_fb_probe+0x138/0x238 > [ 3.163294] __drm_fb_helper_initial_config_and_unlock+0x2b0/0x4c0 > [ 3.169012] sysctr_timer_read_write:10024 retry: 1 > [ 3.169498] drm_fb_helper_initial_config+0x4c/0x68 > [ 3.177000] sysctr_timer_read_write:10024 retry: 1 > [ 3.179136] drm_fbdev_dma_client_hotplug+0x8c/0xe0 > [ 3.188773] drm_client_register+0x60/0xb0 > [ 3.192881] drm_fbdev_dma_setup+0x94/0x148 > [ 3.197059] dpu95_probe+0xc4/0x130 > [ 3.200577] platform_probe+0x70/0xd0 > [ 3.204252] really_probe+0x150/0x2c0 > > Thanks > Peng > > > > Thanks!
