Ubuntu 18.04 Machine crashed while running ltp.
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
The Ubuntu-power-systems project |
Invalid
|
Critical
|
Canonical Kernel Team | ||
linux (Ubuntu) |
Invalid
|
Critical
|
Unassigned | ||
Bionic |
Invalid
|
Critical
|
Unassigned |
Bug Description
---Problem Description---
Ubuntu 18.04 [ Briggs P8 ]: Machine crashed while running ltp.
---Environment--
Kernel Build: Ubuntu 18.04
System Name : ltc-briggs2
Model/Type : P8
Platform : BML
---Uname output---
root@ltc-briggs2:~# uname -a
Linux ltc-briggs2 4.15.0-13-generic #14-Ubuntu SMP Sat Mar 17 13:43:15 UTC 2018 ppc64le ppc64le ppc64le GNU/Linux
---Steps to reproduce--
$ git clone https:/
$ cd ltp
$ make autotools
$ ./configure
$ make
$ make install
ltp
=====
root@ltc-briggs2:~#
root@ltc-briggs2:~# [10781.098337] LTP: starting fs_inod01 (fs_inod $TMPDIR 10 10 10)
[10782.837910] LTP: starting linker01 (linktest.sh 1000 1000)
[10784.504474] LTP: starting openfile01 (openfile -f10 -t10)
[10784.534953] LTP: starting inode01
[10784.550767] LTP: starting inode02
[10784.739104] LTP: starting stream01
[10784.740840] LTP: starting stream02
[10784.742487] LTP: starting stream03
[10784.744532] LTP: starting stream04
[10784.746087] LTP: starting stream05
[10784.747722] LTP: starting ftest01
[10785.142054] LTP: starting ftest02
[10785.158852] LTP: starting ftest03
[10785.404760] LTP: starting ftest04
[10785.527197] LTP: starting ftest05
[10785.937164] LTP: starting ftest06
[10785.958360] LTP: starting ftest07
[10786.463382] LTP: starting ftest08
[10786.592998] LTP: starting lftest01 (lftest 100)
[10786.672707] LTP: starting writetest01 (writetest)
[10786.774292] LTP: starting fs_di (fs_di -d $TMPDIR)
[10792.973510] LTP: starting proc01 (proc01 -m 128)
[10793.865686] ICMPv6: process `proc01' is using deprecated sysctl (syscall) net.ipv6.
[10795.785593] LTP: starting read_all_dev (read_all -d /dev -e '/dev/watchdog?(0)' -q -r 10)
[10795.895774] NET: Registered protocol family 40
[10795.918763] Bluetooth: Core ver 2.22
[10795.918866] NET: Registered protocol family 31
[10795.918909] Bluetooth: HCI device and connection manager initialized
[10795.918955] Bluetooth: HCI socket layer initialized
[10795.918991] Bluetooth: L2CAP socket layer initialized
[10795.919032] Bluetooth: SCO socket layer initialized
[10798.374850] usercopy: kernel memory exposure attempt detected from 0000000029431ea4 (<kernel text>) (1023 bytes)
[10798.374952] ------------[ cut here ]------------
[10798.374988] kernel BUG at /build/
[10798.375041] Oops: Exception in kernel mode, sig: 5 [#1]
[10798.375080] LE SMP NR_CPUS=2048 [10871.343999650,5] OPAL: Switch to big-endian OS
NUMA PowerNV
[10798.375117] [10876.190849323,5] OPAL: Switch to little-endian OS
Modules linked in: hci_vhci bluetooth ecdh_generic vhost_vsock cuse vmw_vsock_
[10798.375636] libiscsi_tcp libiscsi sunrpc scsi_transport_
[10798.375961] CPU: 87 PID: 4085 Comm: read_all Not tainted 4.15.0-13-generic #14-Ubuntu
[10798.376013] NIP: c0000000003c76f0 LR: c0000000003c76ec CTR: 00000000300378e8
[10798.376068] REGS: c0000076c63aba00 TRAP: 0700 Not tainted (4.15.0-13-generic)
[10798.376120] MSR: 9000000000029033 <SF,HV,
[10798.376176] CFAR: c00000000018cce4 SOFTE: 1
[10798.376176] GPR00: c0000000003c76ec c0000076c63abc80 c0000000016eaf00 0000000000000064
[10798.376176] GPR04: c000007ffc1cce18 c000007ffc1e4368 9000000000009033 000000000000040f
[10798.376176] GPR08: 0000000000000007 c0000000011c3a74 0000007ffb010000 9000000000001003
[10798.376176] GPR12: 0000000000002200 c000000007a8bd00 0000000000000000 0000000000000000
[10798.376176] GPR16: 0000000000000000 0000000000000000 0000000000000006 00007ffff7a0a018
[10798.376176] GPR20: 000008bb551c8908 000008bb551c88f8 000008bb551c88c8 c0000076c63abe00
[10798.376176] GPR24: 0000000000010000 0000000000000000 00007ffff7a0a018 c0000076c63abe00
[10798.376176] GPR28: c0000000000003ff 0000000000000001 00000000000003ff c000000000000000
[10798.376619] NIP [c0000000003c76f0] __check_
[10798.376662] LR [c0000000003c76ec] __check_
[10798.376706] Call Trace:
[10798.376724] [c0000076c63abc80] [c0000000003c76ec] __check_
[10798.376787] [c0000076c63abd00] [c0000000008268a4] read_mem+0x84/0x220
[10798.376835] [c0000076c63abd70] [c0000000003d109c] __vfs_read+
[10798.376880] [c0000076c63abd90] [c0000000003d118c] vfs_read+0xbc/0x1b0
[10798.376925] [c0000076c63abde0] [c0000000003d1788] SyS_read+0x68/0x110
[10798.377012] [c0000076c63abe30] [c00000000000b184] system_
[10798.377057] Instruction dump:
[10798.377086] 2fbd0000 419e010c 3c82ff8b 3ca2ff94 3884c360 38a5ad68 3c62ff8b 7fc8f378
[10798.377140] 7fe6fb78 3863c370 4bdc55b5 60000000 <0fe00000> 60000000 60000000 60420000
[10798.377195] ---[ end trace 21abd4753a69334c ]---
[10798.445038]
[10798.445135] Sending IPI to other CPUs
[10798.446688] IPI complete
[10798.449081] kexec: waiting for cpu 0 (physical 16) to enter OPAL
[10798.450224] kexec: waiting for cpu 23 (physical 47) to enter OPAL
[10798.451396] kexec: waiting for cpu 54 (physical 94) to enter OPAL
[10800.049202] kexec: Starting switchover sequence.
[ 1.078053] integrity: Unable to open file: /etc/keys/
[ 1.078057] integrity: Unable to open file: /etc/keys/
[ 1.165219] vio vio: uevent: failed to send synthetic uevent
/dev/nvme0n1p2: recovering journal
/dev/nvme0n1p2: clean, 14017353/122101760 files, 57953106/488376576 blocks
-.mount
sys-kernel-
setvtrgb.service
dev-hugepages.mount
dev-mqueue.mount
kmod-static-
lvm2-lvmetad.
systemd-
systemd-
systemd-
lvm2-monitor.
systemd-
systemd-
sys-fs-
sys-kernel-
systemd-
systemd-
swapfile.swap
[ 5.177490] vio vio: uevent: failed to send synthetic uevent
systemd-
keyboard-
systemd-
[ 5.458352] qla2xxx [0020:01:
apparmor.service
systemd-
systemd-
systemd-
[ 6.119284] qla2xxx [0020:01:
systemd-
[ 10.052141] megaraid_sas 0001:03:00.0: Init cmd return status SUCCESS for SCSI host 1
systemd-
iscsid.service
blk-availabilit
[ 10.675964] kdump-tools[2222]: Starting kdump-tools: * running makedumpfile -c -d 31 /proc/vmcore /var/crash/
lvm2-pvscan@
lvm2-pvscan@
Copying data : [100.0 %] / eta: 0s
[ 55.227083] kdump-tools[2222]: The kernel version is not supported.
[ 55.227300] kdump-tools[2222]: The makedumpfile operation may be incomplete.
[ 55.227471] kdump-tools[2222]: The dumpfile is saved to /var/crash/
[ 55.227583] kdump-tools[2222]: makedumpfile Completed.
[ 55.230250] kdump-tools[2222]: * kdump-tools: saved vmcore in /var/crash/
[ 55.311695] kdump-tools[2222]: * running makedumpfile --dump-dmesg /proc/vmcore /var/crash/
[ 55.330032] kdump-tools[2222]: The kernel version is not supported.
[ 55.330206] kdump-tools[2222]: The makedumpfile operation may be incomplete.
[ 55.330302] kdump-tools[2222]: The dmesg log is saved to /var/crash/
[ 55.330416] kdump-tools[2222]: makedumpfile Completed.
[ 55.330533] kdump-tools[2222]: * kdump-tools: saved dmesg content in /var/crash/
[ 55.334722] kdump-tools[2222]: Thu, 05 Apr 2018 03:40:44 -0500
[ 55.338419] kdump-tools[2222]: Rebooting.
[ 55.546343] mlx5_core 0021:01:00.1: mlx5_enter_
[ 55.546414] mlx5_core 0021:01:00.1: mlx5_enter_
[ 55.942498] mlx5_core 0021:01:00.0: mlx5_enter_
[ 55.942631] mlx5_core 0021:01:00.0: mlx5_enter_
[ 59.836381] reboot: Restarting system
[10963.485916127,5] OPAL: Reboot request...
5.31149|Ignoring boot flags, incorrect version 0x0
5.52090|ISTEP 6. 3
6.16670|ISTEP 6. 4
6.16957|ISTEP 6. 5
8.74865|
8.74865|
8.74866|
14.03690|ISTEP 6. 6
14.11948|ISTEP 6. 7
16.75478|ISTEP 6. 8
16.91585|ISTEP 6. 9
17.47534|ISTEP 6.10
17.55249|ISTEP 6.11
19.29629|ISTEP 6.12
19.29926|ISTEP 6.13
19.30139|ISTEP 7. 1
19.51889|ISTEP 7. 2
== Comment: #7 - Vaishnavi Bhat <email address hidden> - 2018-04-06 04:52:31 ==
kernel memory exposure attempt detected and the BUG() is called from the below code snippet:
mm/usercopy.c:72
KERNEL: /usr/lib/
DUMPFILE: dump.201804050340 [PARTIAL DUMP]
CPUS: 160
DATE: Thu Apr 5 03:39:16 2018
UPTIME: 00:48:44
LOAD AVERAGE: 2.78, 11.61, 106.19
TASKS: 1748
NODENAME: ltc-briggs2
RELEASE: 4.15.0-13-generic
VERSION: #14-Ubuntu SMP Sat Mar 17 13:43:15 UTC 2018
MACHINE: ppc64le (2926 Mhz)
MEMORY: 512 GB
PANIC: "kernel BUG at /build/
PID: 4085
COMMAND: "read_all"
TASK: c000007659f23f00 [THREAD_INFO: c0000076c63a8000]
CPU: 87
STATE: TASK_RUNNING (PANIC)
crash> bt
PID: 4085 TASK: c000007659f23f00 CPU: 87 COMMAND: "read_all"
#0 [c0000076c63ab740] crash_kexec at c0000000001e22b0
#1 [c0000076c63ab780] oops_end at c000000000025888
#2 [c0000076c63ab800] _exception at c000000000026684
#3 [c0000076c63ab990] program_
Program Check [700] exception frame:
R0: c0000000003c76ec R1: c0000076c63abc80 R2: c0000000016eaf00
R3: 0000000000000064 R4: c000007ffc1cce18 R5: c000007ffc1e4368
R6: 9000000000009033 R7: 000000000000040f R8: 0000000000000007
R9: c0000000011c3a74 R10: 0000007ffb010000 R11: 9000000000001003
R12: 0000000000002200 R13: c000000007a8bd00 R14: 0000000000000000
R15: 0000000000000000 R16: 0000000000000000 R17: 0000000000000000
R18: 0000000000000006 R19: 00007ffff7a0a018 R20: 000008bb551c8908
R21: 000008bb551c88f8 R22: 000008bb551c88c8 R23: c0000076c63abe00
R24: 0000000000010000 R25: 0000000000000000 R26: 00007ffff7a0a018
R27: c0000076c63abe00 R28: c0000000000003ff R29: 0000000000000001
R30: 00000000000003ff R31: c000000000000000
NIP: c0000000003c76f0 MSR: 9000000000029033 OR3: c00000000018cce4
CTR: 00000000300378e8 LR: c0000000003c76ec XER: 0000000020000000
CCR: 0000000028002222 MQ: 0000000000000001 DAR: 0000000000000000
DSISR: 0000000000000000 Syscall Result: 0000000000000000
#4 [c0000076c63abc80] __check_object_size at c0000000003c76f0
[Link Register] [c0000076c63abc80] __check_object_size at c0000000003c76ec (unreliable)
#5 [c0000076c63abd00] read_mem at c0000000008268a4
#6 [c0000076c63abd70] __vfs_read at c0000000003d109c
#7 [c0000076c63abd90] vfs_read at c0000000003d118c
#8 [c0000076c63abde0] sys_read at c0000000003d1788
#9 [c0000076c63abe30] system_call at c00000000000b184
System Call [c01] exception frame:
R0: 0000000000000003 R1: 00007ffff7a09ae0 R2: 0000753ec21b7f00
R3: 0000000000000006 R4: 00007ffff7a0a018 R5: 00000000000003ff
R6: 0000000000004000 R7: 0000753ec21898c4 R8: 900000010000d033
R9: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000
R12: 0000000000000000 R13: 0000753ec224a8d0
NIP: 0000753ec2188580 MSR: 900000010000d033 OR3: 0000000000000006
CTR: 0000000000000000 LR: 000008bb551b5f20 XER: 0000000000000000
CCR: 0000000042002244 MQ: 0000000000000001 DAR: 0000753ec21affa8
DSISR: 0000000040000000 Syscall Result: 0000000000000006
crash> dis -s c0000000003c76f0
FILE: /build/
LINE: 72
static void report_
{
/*
* For greater effect, it would be nice to do do_group_exit(),
* but BUG() actually hooks all the lock-breaking and per-arch
* Oops code, so that is used here instead.
*/
BUG();
}
From the logs, I see that the memory exposure happens after the bluetooth driver is initialized. This might be an issue with the default bluetooth driver provided by the distro.
[10795.918866] NET: Registered protocol family 31
[10795.918909] Bluetooth: HCI device and connection manager initialized
[10795.918955] Bluetooth: HCI socket layer initialized
[10795.918991] Bluetooth: L2CAP socket layer initialized
[10795.919032] Bluetooth: SCO socket layer initialized
[10798.374850] usercopy: kernel memory exposure attempt detected from 0000000029431ea4 (<kernel text>) (1023 bytes)
[10798.374952] ------------[ cut here ]------------
[10798.374988] kernel BUG at /build/
Changed in ubuntu-power-systems: | |
status: | New → Triaged |
importance: | Undecided → Critical |
tags: | added: triage-g |
Changed in ubuntu-power-systems: | |
assignee: | nobody → Canonical Kernel Team (canonical-kernel-team) |
Changed in ubuntu-power-systems: | |
status: | Triaged → Incomplete |
tags: |
added: targetmilestone-inin1804 removed: targetmilestone-inin--- |
Changed in ubuntu-power-systems: | |
status: | Incomplete → Triaged |
Changed in ubuntu-power-systems: | |
status: | Triaged → Confirmed |
Changed in linux (Ubuntu Bionic): | |
status: | Incomplete → Confirmed |
Changed in ubuntu-power-systems: | |
status: | Confirmed → Incomplete |
Changed in linux (Ubuntu Bionic): | |
status: | Confirmed → Incomplete |
Changed in linux (Ubuntu Bionic): | |
status: | Incomplete → Invalid |
Changed in linux (Ubuntu): | |
status: | Incomplete → Invalid |
Changed in ubuntu-power-systems: | |
status: | Incomplete → Invalid |
tags: | removed: triage-g |
Default Comment by Bridge