I am running into intermittent crashes with linux-next on POWER 9 PowerVM LPAR First it was against next-20200324 while running LTP tests. With next-20200325 I ran into similar crash (a different stack trace but same failure point — link_path_walk) while running sosreport command. BUG: Kernel NULL pointer dereference on read at 0x00000000 Faulting instruction address: 0xc00000000043f278 Oops: Kernel access of bad area, sig: 11 [#1] LE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=2048 NUMA pSeries Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: loop iscsi_target_mod target_core_mod macsec tcp_diag udp_diag inet_diag unix_diag af_packet_diag netlink_diag binfmt_misc overlay dm_mod nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 libcrc32c ip6_tables nft_compat ip_set rfkill nf_tables nfnetlink sunrpc sg pseries_rng uio_pdrv_genirq uio sch_fq_codel ip_tables ext4 mbcache jbd2 sr_mod sd_mod cdrom t10_pi ibmvscsi scsi_transport_srp ibmveth CPU: 26 PID: 7771 Comm: avocado Not tainted 5.6.0-rc7-next-20200324-autotest #1 NIP: c00000000043f278 LR: c00000000043f330 CTR: 00000000000001fb REGS: c00000082802f830 TRAP: 0300 Not tainted (5.6.0-rc7-next-20200324-autotest) MSR: 8000000000009033 <SF,EE,ME,IR,DR,RI,LE> CR: 28248442 XER: 20040000 CFAR: c00000000000dec4 DAR: 0000000000000000 DSISR: 40000000 IRQMASK: 0 GPR00: c00000000043f330 c00000082802fac0 c00000000155e900 0000000000000000 GPR04: 0000000000000002 0000000000000000 0000000000000002 c0000008b3400000 GPR08: 0000000000031419 0000000000000000 0000000000000000 ffffffffffff0000 GPR12: 0000000000008000 c00000001ec48600 00007fffa08a53f8 0000000000000001 GPR16: 00007fff9faf9a63 00000100073bec00 00007fff9f2493b0 0000000000000000 GPR20: 00007fffa1143bf8 00007fffa1103b18 c00000087f547cb3 2f2f2f2f2f2f2f2f GPR24: 0000000000000003 0000000000000000 c00000082802fbc8 fffffffffffff000 GPR28: 0000000000200000 ffffffffffffffff 61c8864680b583eb 0000000000000000 NIP [c00000000043f278] link_path_walk.part.49+0x228/0x400 LR [c00000000043f330] link_path_walk.part.49+0x2e0/0x400 Call Trace: [c00000082802fac0] [c00000000043f330] link_path_walk.part.49+0x2e0/0x400 (unreliable) [c00000082802fb50] [c00000000043f5a4] path_lookupat.isra.51+0x64/0x1f0 [c00000082802fba0] [c000000000441c00] filename_lookup.part.69+0xa0/0x1b0 [c00000082802fce0] [c00000000042ff38] vfs_statx+0xa8/0x190 [c00000082802fd60] [c0000000004302a0] __do_sys_newstat+0x40/0x90 [c00000082802fe20] [c00000000000b278] system_call+0x5c/0x68 Instruction dump: 3bffffff e93a0058 38800000 7f43d378 7fff07b4 1d5f0030 7d295214 eac90020 4bfffb21 2fa30000 409e00c8 e93a0008 <81290000> 55290256 7f89e000 419efecc ---[ end trace 34abf29ebd56e423 ]— Relevant snippet from obj dump: 6dc4: 20 00 c9 ea ld r22,32(r9) link = walk_component(nd, 0); 6db4: 78 d3 43 7f mr r3,r26 name = nd->stack[--depth].name; 6db8: b4 07 ff 7f extsw r31,r31 6dbc: 30 00 5f 1d mulli r10,r31,48 6dc0: 14 52 29 7d add r9,r9,r10 6dc4: 20 00 c9 ea ld r22,32(r9) link = walk_component(nd, 0); 6dc8: 01 00 00 48 bl 6dc8 <link_path_walk.part.49+0x218> if (unlikely(link)) { 6dcc: 00 00 a3 2f cmpdi cr7,r3,0 6dd0: c8 00 9e 40 bne cr7,6e98 <link_path_walk.part.49+0x2e8> return dentry->d_flags & DCACHE_ENTRY_TYPE; 6dd4: 08 00 3a e9 ld r9,8(r26) 6dd8: 00 00 29 81 lwz r9,0(r9) <<=== crashes here ?? 6ddc: 56 02 29 55 rlwinm r9,r9,0,9,11 if (unlikely(!d_can_lookup(nd->path.dentry))) { 6de0: 00 e0 89 7f cmpw cr7,r9,r28 The code in question (link_path_walk() in fs/namei.c ) was recently changed by following commit: commit 881386f7e46a: link_path_walk(): sample parent's i_uid and i_mode for the last component Thanks -Sachin
Attachment:
next-20200325.log
Description: Binary data