On Mon 2022-02-21 08:15 +0000, Christophe Leroy wrote: > [ 36.421711] BUG: Unable to handle kernel data access on write at > 0xbe79bb40 > [ 36.428435] Faulting instruction address: 0xc008b74c > [ 36.433342] Oops: Kernel access of bad area, sig: 11 [#1] > [ 36.438672] BE PAGE_SIZE=16K PREEMPT CMPC885 > [ 36.442947] SAF3000 DIE NOTIFICATION > [ 36.446421] Modules linked in: > [ 36.449436] CPU: 0 PID: 374 Comm: insmod Not tainted > 5.17.0-rc4-s3k-dev-02274-g7d4ec8831803 #1016 > [ 36.458211] NIP: c008b74c LR: c00897ac CTR: c001145c > [ 36.463200] REGS: caf8bcf0 TRAP: 0300 Not tainted > (5.17.0-rc4-s3k-dev-02274-g7d4ec8831803) > [ 36.471633] MSR: 00009032 <EE,ME,IR,DR,RI> CR: 24002842 XER: 00000000 > [ 36.478261] DAR: be79bb40 DSISR: c2000000 > [ 36.478261] GPR00: c00899a0 caf8bdb0 c230a980 be74c000 caf8beb8 > 00000008 00000000 c035629c > [ 36.478261] GPR08: be75c000 caf9c9fc be79bb40 00000004 24002842 > 100d166a 00000290 00000000 > [ 36.478261] GPR16: c0747320 caf9c9fc c11ff918 caf9b2a7 be75c290 > 00000550 00000022 c0747210 > [ 36.478261] GPR24: c11ff8e8 be74c000 c11ff8fc 100b8820 00000000 > 00000000 be74c000 caf8beb8 > [ 36.516729] NIP [c008b74c] add_kallsyms+0x48/0x30c > [ 36.521465] LR [c00897ac] load_module+0x16f8/0x2504 > [ 36.526286] Call Trace: > [ 36.528693] [caf8bdb0] [00000208] 0x208 (unreliable) > [ 36.533598] [caf8bde0] [c00899a0] load_module+0x18ec/0x2504 > [ 36.539107] [caf8beb0] [c008a7a8] sys_finit_module+0xb4/0xf8 > [ 36.544700] [caf8bf30] [c00120a4] ret_from_syscall+0x0/0x28 > [ 36.550209] --- interrupt: c00 at 0xfd5e7c0 > [ 36.554339] NIP: 0fd5e7c0 LR: 100144e8 CTR: 10013238 > [ 36.559331] REGS: caf8bf40 TRAP: 0c00 Not tainted > (5.17.0-rc4-s3k-dev-02274-g7d4ec8831803) > [ 36.567763] MSR: 0000d032 <EE,PR,ME,IR,DR,RI> CR: 24002222 XER: > 00000000 > [ 36.574735] > [ 36.574735] GPR00: 00000161 7fc5a130 7792f4e0 00000003 100b8820 > 00000000 0fd4ded4 0000d032 > [ 36.574735] GPR08: 00000000 10013238 00000000 00000002 142d2297 > 100d166a 100a0920 00000000 > [ 36.574735] GPR16: 100cac0c 100b0000 1013c3cc 1013d685 100d0000 > 100d0000 00000000 100a0900 > [ 36.574735] GPR24: ffffffa2 ffffffff 1013c3a4 00000003 1013c3cc > 100b8820 1013c3f0 1013c3cc > [ 36.610535] NIP [0fd5e7c0] 0xfd5e7c0 > [ 36.614065] LR [100144e8] 0x100144e8 > [ 36.617593] --- interrupt: c00 > [ 36.620609] Instruction dump: > [ 36.623534] 7c7e1b78 81040038 8124003c 81430100 55082036 7d0a4214 > 1d490028 81240010 > [ 36.631365] 9103015c 7d295214 8109000c 8143015c <910a0000> 81290014 > 8143015c 5529e13e > [ 36.639376] ---[ end trace 0000000000000000 ]--- Hi Christophe, Unfortunately, I do not have the debuginfo data. Albeit, based on the stack trace, I suspect this was the result of the dereference attempt (below) due to the invalid pointer stored in mod->kallsyms i.e. mod->kallsyms = (struct mod_kallsyms __rcu *)mod->init_layout.base + info->mod_kallsyms_init_off: 177 /* The following is safe since this pointer cannot change */ 178 rcu_dereference_sched(mod->kallsyms)->symtab = (void *)symsec->sh_addr; Kind regards, -- Aaron Tomlin