search

openbmc / qemu

Official QEMU mirror
Other
20 stars 22 forks source link

Guest kernel memory corruption #9

Open amboar opened 7 years ago

amboar commented 7 years ago

Tracking issue for memory corruption seen under qemu but not on hardware.

Qemu: pull-target-arm-20170613-381-g016b07da3ebf, Kernel: v4.12-16-g05a8a98ab0ac

[    2.440000] ftgmac100 1e660000.ethernet eth0: NCSI interface up
[    2.500000] Unable to handle kernel paging request at virtual address 12005452
[    2.500000] pgd = 80004000
[    2.500000] [12005452] *pgd=00000000
[    2.500000] Internal error: Oops: 5 [#1] ARM
[    2.500000] Modules linked in:
[    2.500000] CPU: 0 PID: 341 Comm: ifconfig Not tainted 4.12.0-00016-g05a8a98ab0ac-dirty #1003
[    2.500000] Hardware name: Generic DT based system
[    2.500000] task: 9f527820 task.stack: 88832000
[    2.500000] PC is at unlink_anon_vmas+0x60/0x1e8
[    2.500000] LR is at unlink_anon_vmas+0xa0/0x1e8
[    2.500000] pc : [<800a5114>]    lr : [<800a5154>]    psr: 60000153
[    2.500000] sp : 88833ec0  ip : 00000100  fp : 1200544a
[    2.500000] r10: 9f551820  r9 : 804b2f17  r8 : 8880fb58
[    2.500000] r7 : 804e1b2c  r6 : 8880fb94  r5 : 9f551820  r4 : 1200544a
[    2.500000] r3 : 1200544a  r2 : 9f551820  r1 : 9f78a3c0  r0 : 00000000
[    2.500000] Flags: nZCv  IRQs on  FIQs off  Mode SVC_32  ISA ARM  Segment user
[    2.500000] Control: 00c5387d  Table: 88834008  DAC: 00000055
[    2.500000] Process ifconfig (pid: 341, stack limit = 0x88832188)
[    2.500000] Stack: (0x88833ec0 to 0x88834000)
[    2.500000] 3ec0: 9f5e838c 00002000 00000000 8880fb58 8880ff20 76f56000 88833f18 00002000
[    2.500000] 3ee0: 00000000 00000000 00000000 80099ea8 76f56000 8009b230 00000000 9f790160
[    2.500000] 3f00: 9f54e1c0 88833f40 9f54e1c0 9f54e1f4 00000000 800a05e4 9f54e1c0 00000001
[    2.500000] 3f20: 00000000 00000000 ffffffff 9f035aa0 a0000153 0000009e 00000400 9f7f6000
[    2.500000] 3f40: 9f419570 9f036e20 00000008 800ac844 9f7748c0 800b2620 804b1220 9f527820
[    2.500000] 3f60: 9f54e1c0 00000000 ffffe000 80014acc 9f527820 ffffe000 ffffe000 800180f4
[    2.500000] 3f80: 7ef8ce60 8002d4b0 88832000 000000f8 00000000 8001961c 76fa4258 80019694
[    2.500000] 3fa0: 76fa4258 8000a320 76fa4258 00000000 00000000 00040308 00000000 76f7e430
[    2.500000] 3fc0: 76fa4258 00000000 7ef8ccb0 000000f8 000b5d5c 00000000 76fb5f70 00000000
[    2.500000] 3fe0: 76fa3f00 7ef8cca0 76f93018 76f63ca8 60000150 00000000 e7fddef0 e7fddef0
[    2.500000] [<800a5114>] (unlink_anon_vmas) from [<80099ea8>] (free_pgtables+0x78/0xcc)
[    2.500000] [<80099ea8>] (free_pgtables) from [<800a05e4>] (exit_mmap+0xec/0x1e8)
[    2.500000] [<800a05e4>] (exit_mmap) from [<80014acc>] (mmput+0x30/0xc8)
[    2.500000] [<80014acc>] (mmput) from [<800180f4>] (do_exit+0x264/0x97c)
[    2.500000] [<800180f4>] (do_exit) from [<8001961c>] (do_group_exit+0x3c/0xa4)
[    2.500000] [<8001961c>] (do_group_exit) from [<80019694>] (__wake_up_parent+0x0/0x18)
[    2.500000] Code: e584200c eb001dc3 e1a0300b e1a0400b (e5b3b008)
[    2.500000] ---[ end trace 0c960b21fc9b1257 ]---
[    2.500000] Fixing recursive fault but reboot is needed!
[    2.340000] ftgmac100 1e660000.ethernet eth0: NCSI interface up
[    2.340000] Unable to handle kernel NULL pointer dereference at virtual address 00000000
[    2.340000] pgd = 88808000
[    2.340000] [00000000] *pgd=88818831, *pte=00000000, *ppte=00000000
[    2.340000] Internal error: Oops: 17 [#1] ARM
[    2.340000] Modules linked in:
[    2.340000] CPU: 0 PID: 339 Comm: default.script Not tainted 4.12.0-00016-g05a8a98ab0ac-dirty #1003
[    2.340000] Hardware name: Generic DT based system
[    2.340000] task: 9f577ba0 task.stack: 8882a000
[    2.340000] PC is at anon_vma_clone+0x58/0x1b8
[    2.340000] LR is at anon_vma_clone+0x4c/0x1b8
[    2.340000] pc : [<800a52f4>]    lr : [<800a52e8>]    psr: a0000153
[    2.340000] sp : 8882beb0  ip : 9f764b30  fp : 9f55b220
[    2.340000] r10: 00000000  r9 : 9f78f1f4  r8 : 804e1b2c
[    2.340000] r7 : 9f55b220  r6 : 8881ed10  r5 : 9f78562c  r4 : 888623a0
[    2.340000] r3 : 0000001d  r2 : 9fbdd61c  r1 : 00000021  r0 : 888623a0
[    2.340000] Flags: NzCv  IRQs on  FIQs off  Mode SVC_32  ISA ARM  Segment user
[    2.340000] Control: 00c5387d  Table: 88808008  DAC: 00000055
[    2.340000] Process default.script (pid: 339, stack limit = 0x8882a188)
[    2.340000] Stack: (0x8882beb0 to 0x8882c000)
[    2.340000] bea0:                                     76f04000 9f78f1b8 8881640c 8881ed10
[    2.340000] bec0: 9f78f1b8 8881ed10 9f5581c0 9f78f1b8 00000000 00000000 804d4340 800a5478
[    2.340000] bee0: 00000001 01200011 8881ed10 9f5581c0 9f78f1b8 8001577c 00000000 00000000
[    2.340000] bf00: 9f558020 9f5299f0 9f529840 00000001 8881edd4 8881edc8 8881edc0 8881edd0
[    2.340000] bf20: 9f558054 9f5581f4 8882bf28 8882bf28 000007ff 01200011 00000000 00000000
[    2.340000] bf40: 00000000 00000000 8882a000 00000000 7eb672dc 80016358 00000000 00000000
[    2.340000] bf60: ffffffff 00000000 00000000 00000000 000a617c 00000000 76f17068 76f04630
[    2.340000] bf80: 00000000 00000078 8000a4c4 8882a000 00000000 800166b8 76f17068 00000000
[    2.340000] bfa0: 00000001 8000a320 76f17068 76f04630 01200011 00000000 00000000 00000000
[    2.340000] bfc0: 76f17068 76f04630 00000000 00000078 019ff008 76f17490 76f03ef0 7eb672dc
[    2.340000] bfe0: 76f03f00 7eb672b0 76ef571c 76ef5770 60000150 01200011 e7fddef0 e7fddef0
[    2.340000] [<800a52f4>] (anon_vma_clone) from [<800a5478>] (anon_vma_fork+0x24/0x150)
[    2.340000] [<800a5478>] (anon_vma_fork) from [<8001577c>] (copy_process.part.3+0x980/0x1428)
[    2.340000] [<8001577c>] (copy_process.part.3) from [<80016358>] (_do_fork+0x94/0x320)
[    2.340000] [<80016358>] (_do_fork) from [<800166b8>] (SyS_clone+0x20/0x28)
[    2.340000] [<800166b8>] (SyS_clone) from [<8000a320>] (ret_fast_syscall+0x0/0x34)
[    2.340000] Code: eb001c51 e2504000 0a00002e e595a004 (e59ab000)
[    2.340000] ---[ end trace 09c7b1238c91347e ]---
legoater commented 7 years ago

this looks like https://github.com/openbmc/linux/issues/102. Did it ever occur on a real system ? I

Also, may be we should move a couple of issues to the openbmc/qemu repository. :

https://github.com/openbmc/linux/issues/134 https://github.com/openbmc/linux/issues/123 https://github.com/openbmc/linux/issues/104 https://github.com/openbmc/linux/issues/103 https://github.com/openbmc/linux/issues/102 https://github.com/openbmc/linux/issues/101

amboar commented 7 years ago

I haven't seen them occur on a real system, and yeah, we should probably move those issues across, but I'm not sure how to do that.