https://bugzilla.kernel.org/show_bug.cgi?id=209341
Bug ID: 209341
Summary: BUG: kernel NULL pointer dereference
(acpi_os_read_port/pci_conf1_read)
Product: ACPI
Version: 2.5
Kernel Version: 5.8.10
Hardware: All
OS: Linux
Tree: Mainline
Status: NEW
Severity: high
Priority: P1
Component: Other
Assignee: [email protected]
Reporter: [email protected]
Regression: No
Hello,
In attempts to update our systemd CI Arch Linux machines to kernel 5.8.x I've
encountered several issues which make the kernel unusable in the test VMs (see
[0] for a rough timeline). Since kernel 5.8.6 there are two NULL pointer
dereference issues which kill the QEMU/KVM VMs basically right after startup:
```
�c�[?7l�[2J�[0mSeaBIOS (version ArchLinux 1.14.0-1)
Booting from ROM...
Probing EDD (edd=off to disable)... ok
�c�[?7l�[2J[ 4.646738] BUG: kernel NULL pointer dereference, address:
00000000000000fb
[ 4.649314] #PF: supervisor write access in kernel mode
[ 4.649314] #PF: error_code(0x0002) - not-present page
[ 4.649314] PGD 0 P4D 0
[ 4.649314] Oops: 0002 [#1] PREEMPT SMP NOPTI
[ 4.649314] CPU: 3 PID: 1 Comm: swapper/0 Not tainted 5.8.10-arch1-1 #1
[ 4.649314] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
ArchLinux 1.14.0-1 04/01/2014
[ 4.649314] RIP: 0010:acpi_os_read_port+0x61/0x70
[ 4.649314] Code: 44 24 08 65 48 2b 04 25 28 00 00 00 75 21 31 c0 48 83 c4
10 c3 83 fa 10 76 0c 83 fa 20 77 15 89 fa ed 89 06 eb d8 89 fa 66 ed <66> 89 06
eb cf e8 75 23 45 00 0f 0b 0f 1f 00 0f 1f 44 00 00 83 fa
[ 4.649314] RSP: 0018:ffffa760c0013d38 EFLAGS: 00010056
[ 4.649314] RAX: 00000000000000fb RBX: ffff8a7e3cdd1e80 RCX:
0000000000000830
[ 4.649314] RDX: 0000000000000000 RSI: 00000000000000fb RDI:
0000000000000830
[ 4.649314] RBP: 0000000000000000 R08: 0000000114f6770e R09:
0000000000000000
[ 4.649314] R10: 0000000000000007 R11: 0000000000000200 R12:
0000000000000000
[ 4.649314] R13: 0000000000000000 R14: ffff8a7e3cdd262c R15:
000000000002c340
[ 4.649314] FS: 0000000000000000(0000) GS:ffff8a7e3d380000(0000)
knlGS:0000000000000000
[ 4.649314] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 4.649314] CR2: 00000000000000fb CR3: 000000003b40a000 CR4:
00000000000406e0
[ 4.649314] Call Trace:
[ 4.649314] ? x2apic_send_IPI+0x46/0x50
[ 4.649314] ? ttwu_queue_wakelist+0xb6/0xd0
[ 4.649314] ? try_to_wake_up+0x1b2/0x620
[ 4.649314] ? pcpu_alloc+0x345/0x6f0
[ 4.649314] ? pwq_adjust_max_active+0x95/0xe0
[ 4.649314] ? alloc_workqueue+0x289/0x478
[ 4.649314] ? acpi_container_init+0x11/0x11
[ 4.649314] ? acpi_thermal_init+0x46/0x82
[ 4.649314] ? do_one_initcall+0x59/0x240
[ 4.649314] ? kernel_init_freeable+0x1b0/0x214
[ 4.649314] ? rest_init+0xbf/0xbf
[ 4.649314] ? kernel_init+0xa/0x101
[ 4.649314] ? ret_from_fork+0x22/0x30
[ 4.649314] Modules linked in:
[ 4.649314] CR2: 00000000000000fb
[ 4.649314] ---[ end trace 5b92b8567582453a ]---
[ 4.649314] RIP: 0010:acpi_os_read_port+0x61/0x70
[ 4.649314] Code: 44 24 08 65 48 2b 04 25 28 00 00 00 75 21 31 c0 48 83 c4
10 c3 83 fa 10 76 0c 83 fa 20 77 15 89 fa ed 89 06 eb d8 89 fa 66 ed <66> 89 06
eb cf e8 75 23 45 00 0f 0b 0f 1f 00 0f 1f 44 00 00 83 fa
[ 4.649314] RSP: 0018:ffffa760c0013d38 EFLAGS: 00010056
[ 4.649314] RAX: 00000000000000fb RBX: ffff8a7e3cdd1e80 RCX:
0000000000000830
[ 4.649314] RDX: 0000000000000000 RSI: 00000000000000fb RDI:
0000000000000830
[ 4.649314] RBP: 0000000000000000 R08: 0000000114f6770e R09:
0000000000000000
[ 4.649314] R10: 0000000000000007 R11: 0000000000000200 R12:
0000000000000000
[ 4.649314] R13: 0000000000000000 R14: ffff8a7e3cdd262c R15:
000000000002c340
[ 4.649314] FS: 0000000000000000(0000) GS:ffff8a7e3d380000(0000)
knlGS:0000000000000000
[ 4.649314] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 4.649314] CR2: 00000000000000fb CR3: 000000003b40a000 CR4:
00000000000406e0
[ 4.649314] note: swapper/0[1] exited with preempt_count 3
[ 4.649314] Kernel panic - not syncing: Attempted to kill init!
exitcode=0x00000009
[ 4.649314] Shutting down cpus with NMI
[ 4.649314] Kernel Offset: 0x17800000 from 0xffffffff81000000 (relocation
range: 0xffffffff80000000-0xffffffffbfffffff)
[ 4.649314] ---[ end Kernel panic - not syncing: Attempted to kill init!
exitcode=0x00000009 ]---
```
```
�c�[?7l�[2J�[0mSeaBIOS (version ArchLinux 1.14.0-1)
Booting from ROM...
Probing EDD (edd=off to disable)... ok
�c�[?7l�[2J[ 3.505002] BUG: kernel NULL pointer dereference, address:
0000000000000000
[ 3.507748] #PF: supervisor write access in kernel mode
[ 3.507748] #PF: error_code(0x0002) - not-present page
[ 3.507748] PGD 0 P4D 0
[ 3.507748] Oops: 0002 [#1] PREEMPT SMP NOPTI
[ 3.507748] CPU: 3 PID: 1 Comm: swapper/0 Not tainted 5.8.10-arch1-1 #1
[ 3.507748] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
ArchLinux 1.14.0-1 04/01/2014
[ 3.507748] RIP: 0010:pci_conf1_read+0xd5/0x100
[ 3.507748] Code: 5d 41 5e c3 41 83 e4 02 41 8d 94 24 fc 0c 00 00 66 ed 0f
b7 c0 89 45 00 eb d3 41 83 e4 03 41 8d 94 24 fc 0c 00 00 ec 0f b6 c0 <89> 45 00
eb be ba fc 0c 00 00 ed 89 45 00 eb b3 c7 45 00 ff ff ff
[ 3.507748] RSP: 0018:ffffb1aa40013c50 EFLAGS: 00010012
[ 3.507748] RAX: 00000000000000fb RBX: ffff9acf3cef0000 RCX:
0000000000000830
[ 3.507748] RDX: 0000000000000001 RSI: 00000000000000fb RDI:
0000000000000830
[ 3.507748] RBP: 0000000000000000 R08: 00000000d0e8f583 R09:
ffff9acf3cd1a0d0
[ 3.507748] R10: ffff9acf3bc16b80 R11: 0000000000000000 R12:
0000000000000001
[ 3.507748] R13: 0000000000000001 R14: ffff9acf3cef07ac R15:
000000000002c340
[ 3.507748] FS: 0000000000000000(0000) GS:ffff9acf3d380000(0000)
knlGS:0000000000000000
[ 3.507748] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 3.507748] CR2: 0000000000000000 CR3: 000000005ec0a000 CR4:
00000000000406e0
[ 3.507748] Call Trace:
[ 3.507748] ? x2apic_send_IPI+0x46/0x50
[ 3.507748] ? ttwu_queue_wakelist+0xb6/0xd0
[ 3.507748] ? try_to_wake_up+0x1b2/0x620
[ 3.507748] ? devtmpfs_submit_req+0x66/0x80
[ 3.507748] ? devtmpfs_create_node+0x9c/0xd0
[ 3.507748] ? device_add+0x6e5/0x7f0
[ 3.507748] ? device_create_groups_vargs+0xd3/0xf0
[ 3.507748] ? device_create+0x51/0x70
[ 3.507748] ? chr_dev_init+0x127/0x146
[ 3.507748] ? serdev_init+0x1d/0x1d
[ 3.507748] ? do_one_initcall+0x59/0x240
[ 3.507748] ? kernel_init_freeable+0x1b0/0x214
[ 3.507748] ? rest_init+0xbf/0xbf
[ 3.507748] ? kernel_init+0xa/0x101
[ 3.507748] ? ret_from_fork+0x22/0x30
[ 3.507748] Modules linked in:
[ 3.507748] CR2: 0000000000000000
[ 3.507748] ---[ end trace 80141c373e8a535f ]---
[ 3.507748] RIP: 0010:pci_conf1_read+0xd5/0x100
[ 3.507748] Code: 5d 41 5e c3 41 83 e4 02 41 8d 94 24 fc 0c 00 00 66 ed 0f
b7 c0 89 45 00 eb d3 41 83 e4 03 41 8d 94 24 fc 0c 00 00 ec 0f b6 c0 <89> 45 00
eb be ba fc 0c 00 00 ed 89 45 00 eb b3 c7 45 00 ff ff ff
[ 3.507748] RSP: 0018:ffffb1aa40013c50 EFLAGS: 00010012
[ 3.507748] RAX: 00000000000000fb RBX: ffff9acf3cef0000 RCX:
0000000000000830
[ 3.507748] RDX: 0000000000000001 RSI: 00000000000000fb RDI:
0000000000000830
[ 3.507748] RBP: 0000000000000000 R08: 00000000d0e8f583 R09:
ffff9acf3cd1a0d0
[ 3.507748] R10: ffff9acf3bc16b80 R11: 0000000000000000 R12:
0000000000000001
[ 3.507748] R13: 0000000000000001 R14: ffff9acf3cef07ac R15:
000000000002c340
[ 3.507748] FS: 0000000000000000(0000) GS:ffff9acf3d380000(0000)
knlGS:0000000000000000
[ 3.507748] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 3.507748] CR2: 0000000000000000 CR3: 000000005ec0a000 CR4:
00000000000406e0
[ 3.507748] note: swapper/0[1] exited with preempt_count 2
[ 3.507748] Kernel panic - not syncing: Attempted to kill init!
exitcode=0x00000009
[ 3.507748] ---[ end Kernel panic - not syncing: Attempted to kill init!
exitcode=0x00000009 ]---
```
I'm not how to debug this further or if it's a misconfiguration on our side,
but the issue is reproducible quite reliably when running a specific part of
the testsuite. If there's anything I could do to provide more information,
please let me know.
Also, my apologies if I filed this in a wrong category, I'm not entirely sure
which subsystem/category this falls into.
[0]
https://github.com/systemd/systemd-centos-ci/pull/295#issuecomment-682519585
--
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
acpi-bugzilla mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/acpi-bugzilla
