Hi All,
We are running 6.6 kernel on NXP i.MX95 platform, and meet an issue very
hard to reproduce. Panic log in the end. I check the registers and source code.
static inline struct obj_cgroup *__folio_objcg(struct folio *folio)
{
unsigned long memcg_data = folio->memcg_data;
VM_BUG_ON_FOLIO(folio_test_slab(folio), folio);
VM_BUG_ON_FOLIO(memcg_data & MEMCG_DATA_OBJCGS, folio);
VM_BUG_ON_FOLIO(!(memcg_data & MEMCG_DATA_KMEM), folio);
return (struct obj_cgroup *)(memcg_data & ~MEMCG_DATA_FLAGS_MASK);
}
the memcg_data is 0xffff in register x1. This seems a invalid value.
Register x0 is x1 & ~3.
The panic happens in the PC: ffff800080305894, which is 'ldr x0, [x0, #16]'
I not have an good idea on how to fix the issue, please suggest if you have time
to give a look.
[ 12.843675] Unable to handle kernel paging request at virtual address 000000000001000c
[ 12.849981] audit: type=1334 audit(1709988536.322:30): prog-id=3 op=UNLOAD
[ 12.857888] Mem abort info:
[ 12.867630] ESR = 0x0000000096000004
[ 12.871368] EC = 0x25: DABT (current EL), IL = 32 bits
[ 12.876675] SET = 0, FnV = 0
[ 12.879732] EA = 0, S1PTW = 0
[ 12.882860] FSC = 0x04: level 0 translation fault
[ 12.887730] Data abort info:
[ 12.890599] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000
[ 12.896076] CM = 0, WnR = 0, TnD = 0, TagAccess = 0
[ 12.901120] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
[ 12.906424] user pgtable: 4k pages, 48-bit VAs, pgdp=00000001008de000
[ 12.912854] [000000000001000c] pgd=0000000000000000, p4d=0000000000000000
[ 12.919642] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP
[ 12.925900] Modules linked in:
[ 12.928942] CPU: 4 PID: 131 Comm: kworker/4:2 Not tainted 6.6.23-06226-g41e0f501b547-dirty #248
[ 12.937625] Hardware name: NXP i.MX95 19X19 board (DT)
[ 12.942748] Workqueue: events bpf_prog_free_deferred
[ 12.947713] pstate: 40400009 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[ 12.954663] pc : vfree+0x114/0x2e0
[ 12.958060] lr : vfree+0x78/0x2e0
[ 12.961362] sp : ffff80008459bd10
[ 12.964664] x29: ffff80008459bd10 x28: 0000000000000000 x27: 0000000000000000
[ 12.969128] watchdog: watchdog0: watchdog did not stop!
[ 12.971788] x26: 0000000000000000 x25: ffff0000808b5a00 x24: ffff000080090805
[ 12.971795] x23: ffff000084bcdc08 x22: 0000000000000000 x21: ffff00008493c6c0
[ 12.971802] x20: fffffc000100005e x19: 0000000000000000 x18: 0000000000000000
[ 12.971808] x17: ffff800084ec1000 x16: ffff00008465f208
[ 12.991063] systemd-shutdown[1]: Using hardware watchdog 'i.MX7ULP watchdog timer', version 0, device /dev/watchdog0
[ 12.991246] x15: 0000000000000000
[ 13.017453] x14: 0000000000000000 x13: ffff80008f001000 x12: ffff000084647a00
[ 13.024577] x11: ffff000080b9d1f8 x10: ffff0000846479d8 x9 : ffff8000803057f8
[ 13.031701] x8 : ffff80008459bcf0 x7 : 0000000000000001 x6 : ffff800082b84d38
[ 13.038825] x5 : 0000000000000000 x4 : 0000000080000000 x3 : ffff80008377d000
[ 13.045949] x2 : 0000000000000001 x1 : 000000000000ffff x0 : 000000000000fffc
[ 13.047210] systemd-shutdown[1]: Watchdog running with a timeout of 1min.
[ 13.053073] Call trace:
[ 13.053076] vfree+0x114/0x2e0
[ 13.053083] bpf_jit_free+0x54/0xb8
[ 13.068804] bpf_prog_free_deferred+0x16c/0x1a0
[ 13.073328] process_one_work+0x148/0x3b8
[ 13.077332] worker_thread+0x32c/0x450
[ 13.081076] kthread+0x11c/0x128
[ 13.084300] ret_from_fork+0x10/0x20
[ 13.087874] Code: a9425bf5 a8c57bfd d50323bf d65f03c0 (f9400800)
Part of the objdump code:
ffff8000803057f4: 97f8c73d bl ffff8000801374e8 <__rcu_read_lock>
ffff8000803057f8: f9400681 ldr x1, [x20, #8]
ffff8000803057fc: d1000420 sub x0, x1, #0x1
ffff800080305800: f240003f tst x1, #0x1
ffff800080305804: 9a941000 csel x0, x0, x20, ne // ne = any
ffff800080305808: f9401c01 ldr x1, [x0, #56]
ffff80008030580c: 927ef420 and x0, x1, #0xfffffffffffffffc
ffff800080305810: 37080421 tbnz w1, #1, ffff800080305894 <vfree+0x114>
ffff800080305814: b40000e0 cbz x0, ffff800080305830 <vfree+0xb0>
ffff800080305818: d53b4236 mrs x22, daif
ffff80008030581c: d50343df msr daifset, #0x3
ffff800080305820: 12800002 mov w2, #0xffffffff // #-1
ffff800080305824: 528005c1 mov w1, #0x2e // #46
ffff800080305828: 94015eac bl ffff80008035d2d8 <__mod_memcg_state>
ffff80008030582c: d51b4236 msr daif, x22
ffff800080305830: 97f8eafa bl ffff800080140418 <__rcu_read_unlock>
ffff800080305834: aa1403e0 mov x0, x20
ffff800080305838: 52800001 mov w1, #0x0 // #0
ffff80008030583c: 94001847 bl ffff80008030b958 <__free_pages>
ffff800080305840: 11000673 add w19, w19, #0x1
ffff800080305844: b9402ea0 ldr w0, [x21, #44]
ffff800080305848: f94012a1 ldr x1, [x21, #32]
......
ffff80008030588c: d50323bf autiasp
ffff800080305890: d65f03c0 ret
ffff800080305894: f9400800 ldr x0, [x0, #16]
ffff800080305898: 17ffffdf b ffff800080305814 <vfree+0x94>
ffff80008030589c: a90363f7 stp x23, x24, [sp, #48]
Thanks
Peng.
