Public bug reported:
On ARM, when reading from a PCI mapped address via /proc/mem/self, the
kernel crashes with the following:
[ 146.827032] [ T7089] Unable to handle kernel read from unreadable memory
at virtual address ffff800086828000
[ 146.836077] [ T7089] Mem abort info:
[ 146.838864] [ T7089] ESR = 0x000000009600000f
[ 146.842603] [ T7089] EC = 0x25: DABT (current EL), IL = 32 bits
[ 146.847906] [ T7089] SET = 0, FnV = 0
[ 146.850951] [ T7089] EA = 0, S1PTW = 0
[ 146.854083] [ T7089] FSC = 0x0f: level 3 permission fault
[ 146.858864] [ T7089] Data abort info:
[ 146.861736] [ T7089] ISV = 0, ISS = 0x0000000f, ISS2 = 0x00000000
[ 146.867212] [ T7089] CM = 0, WnR = 0, TnD = 0, TagAccess = 0
[ 146.872253] [ T7089] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
[ 146.877555] [ T7089] swapper pgtable: 4k pages, 48-bit VAs,
pgdp=0000080045751000
[ 146.884246] [ T7089] [ffff800086828000] pgd=10000800002c6003,
p4d=10000800002c6003, pud=10000800002c7003, pmd=100008001780c003,
pte=0160000010000fd3
[ 146.896759] [ T7089] Internal error: Oops: 000000009600000f [#1] SMP
[ 146.902320] [ T7089] Modules linked in: xt_CHECKSUM xt_MASQUERADE
xt_conntrack ipt_REJECT nf_reject_ipv4 xt_tcpudp nft_compat nft_chain_nat
nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nf_tables bridge qrtr bonding
cfg80211 8021q garp mrp stp llc isofs binfmt_misc nls_iso8859_1 acpi_ipmi
ipmi_ssif ipmi_devintf arm_spe_pmu hpilo i2c_algo_bit ipmi_msghandler
acpiphp_ampere_altra xgene_hwmon arm_cmn arm_dmc620_pmu dummy rdma_ucm rdma_cm
iw_cm storpool_pci(OE) ib_cm arm_dsu_pmu cppc_cpufreq storpool_rdma(OE)
sch_fq_codel dm_multipath nvme_fabrics nvme_keyring efi_pstore nfnetlink
dmi_sysfs ip_tables x_tables autofs4 btrfs blake2b_generic raid10 raid456
async_raid6_recov async_memcpy async_pq async_xor async_tx xor xor_neon
raid6_pq libcrc32c raid1 raid0 mlx5_ib ib_uverbs macsec ib_core crct10dif_ce
polyval_ce polyval_generic ghash_ce sm4 mlx5_core sha2_ce nvme mlxfw
sha256_arm64 sha1_ce psample nvme_core r8169 tls xhci_pci xhci_pci_renesas
nvme_auth realtek pci_hyperv_intf aes_
neon_bs aes_neon_blk aes_ce_blk aes_ce_cipher
[ 146.992148] [ T7089] CPU: 71 PID: 7089 Comm: repr Kdump: loaded Tainted: G
OE 6.8.0-56-generic #58-Ubuntu
[ 147.002222] [ T7089] Hardware name: HPE ProLiant RL300 Gen11/ProLiant
RL300 Gen11, BIOS 1.70 05/23/2024
[ 147.010819] [ T7089] pstate: 20400009 (nzCv daif +PAN -UAO -TCO -DIT -SSBS
BTYPE=--)
[ 147.017768] [ T7089] pc : __memcpy_fromio+0x50/0xb8
[ 147.021856] [ T7089] lr : generic_access_phys+0x1b8/0x1e8
[ 147.026463] [ T7089] sp : ffff80008ace3a70
[ 147.029764] [ T7089] x29: ffff80008ace3a90 x28: 0000000000000000 x27:
ffff07ffbfaa6000
[ 147.036887] [ T7089] x26: 0000000000000000 x25: 0000000000001000 x24:
0000000000000000
[ 147.044011] [ T7089] x23: 0000000000001000 x22: 0000f56925ac8000 x21:
ffff0801091c6540
[ 147.051134] [ T7089] x20: 0160000010000fd3 x19: ffff800086828000 x18:
ffff800085fe3070
[ 147.058257] [ T7089] x17: 0000000000000000 x16: 0000000000000000 x15:
0000000000000000
[ 147.065379] [ T7089] x14: 0000000000000000 x13: 0000000000000000 x12:
0000000000000000
[ 147.072502] [ T7089] x11: 0000000000000000 x10: 0000000000000000 x9 :
ffffd2588b73a1e0
[ 147.079624] [ T7089] x8 : 0000000000000000 x7 : 0000000000000000 x6 :
0000000000001000
[ 147.086746] [ T7089] x5 : 0000000000000000 x4 : ffff800086828000 x3 :
ffff07ffbfaa7000
[ 147.093869] [ T7089] x2 : 0000000000001000 x1 : ffff800086828000 x0 :
ffff07ffbfaa6000
[ 147.100991] [ T7089] Call trace:
[ 147.103425] [ T7089] __memcpy_fromio+0x50/0xb8
[ 147.107162] [ T7089] kernfs_vma_access+0x84/0xe8
[ 147.111074] [ T7089] __access_remote_vm+0x2d0/0x3e8
[ 147.115245] [ T7089] access_remote_vm+0x1c/0x50
[ 147.119068] [ T7089] mem_rw+0x13c/0x418
[ 147.122198] [ T7089] mem_read+0x20/0x50
[ 147.125326] [ T7089] vfs_read+0xd0/0x350
[ 147.128544] [ T7089] ksys_pread64+0xa0/0x108
[ 147.132107] [ T7089] __arm64_sys_pread64+0x2c/0x58
[ 147.136191] [ T7089] invoke_syscall+0x7c/0x130
[ 147.139928] [ T7089] el0_svc_common.constprop.0+0x4c/0x140
[ 147.144706] [ T7089] do_el0_svc+0x28/0x58
[ 147.148008] [ T7089] el0_svc+0x44/0x1a0
[ 147.151139] [ T7089] el0t_64_sync_handler+0x148/0x158
[ 147.155483] [ T7089] el0t_64_sync+0x1b0/0x1b8
[ 147.159134] [ T7089] Code: 927df0c6 910020c6 8b060003 d503201f (f9400085)
[ 147.165216] [ T7089] SMP: stopping secondary CPUs
[ 147.170632] [ T7089] Starting crashdump kernel...
[ 147.174543] [ T7089] Bye!
(it's expected to work, as reading the same memory via mmap() works fine)
ProblemType: Bug
DistroRelease: Ubuntu 24.04
Package: linux-image-6.8.0-56-generic 6.8.0-56.58+1
ProcVersionSignature: Ubuntu 6.8.0-56.58-generic 6.8.12
Uname: Linux 6.8.0-56-generic aarch64
AlsaDevices:
total 0
crw-rw---- 1 root audio 116, 1 Apr 28 12:41 seq
crw-rw---- 1 root audio 116, 33 Apr 28 12:41 timer
AplayDevices: Error: [Errno 2] No such file or directory: 'aplay'
ApportVersion: 2.28.1-0ubuntu3.5
Architecture: arm64
ArecordDevices: Error: [Errno 2] No such file or directory: 'arecord'
AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/timer',
'/dev/snd/seq'] failed with exit code 1:
CRDA: N/A
CasperMD5CheckResult: unknown
CloudBuildName: server
CloudSerial: 20250403
Date: Mon Apr 28 12:43:22 2025
IwConfig: Error: [Errno 2] No such file or directory: 'iwconfig'
MachineType: HPE ProLiant RL300 Gen11
PciMultimedia:
ProcEnviron:
LANG=en_US.UTF-8
PATH=(custom, no user)
SHELL=/bin/bash
TERM=xterm-256color
XDG_RUNTIME_DIR=<set>
ProcFB: 0 simpledrmdrmfb
ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-6.8.0-56-generic
root=UUID=601077d1-fca7-441c-b6d2-25dbce139cc5 ro no_timer_check nofb nomodeset
gfxpayload=text amd_pstate=guided iommu=pt intel_iommu=on
systemd.legacy_systemd_cgroup_controller=1 swapaccount=1 i915.modeset=0
libata.fua=1 video=vesafb:off systemd.unified_cgroup_hierarchy=0 vga=normal
crashkernel=1024M
RelatedPackageVersions:
linux-restricted-modules-6.8.0-56-generic N/A
linux-backports-modules-6.8.0-56-generic N/A
linux-firmware N/A
RfKill: Error: [Errno 2] No such file or directory: 'rfkill'
SourcePackage: linux
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 05/23/2024
dmi.bios.release: 1.70
dmi.bios.vendor: HPE
dmi.bios.version: 1.70
dmi.board.name: ProLiant RL300 Gen11
dmi.board.vendor: HPE
dmi.chassis.type: 23
dmi.chassis.vendor: HPE
dmi.ec.firmware.release: 1.62
dmi.modalias:
dmi:bvnHPE:bvr1.70:bd05/23/2024:br1.70:efr1.62:svnHPE:pnProLiantRL300Gen11:pvr:rvnHPE:rnProLiantRL300Gen11:rvr:cvnHPE:ct23:cvr:skuP59870-B21:
dmi.product.family: ProLiant
dmi.product.name: ProLiant RL300 Gen11
dmi.product.sku: P59870-B21
dmi.sys.vendor: HPE
** Affects: linux (Ubuntu)
Importance: Undecided
Status: New
** Tags: apport-bug arm64 cloud-image noble
** Attachment added: "Small C program to reproduce the problem"
https://bugs.launchpad.net/bugs/2109501/+attachment/5874610/+files/repr.c
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/2109501
Title:
Kernel crash on reading PCI mapped memory via /proc/self/mem
Status in linux package in Ubuntu:
New
Bug description:
On ARM, when reading from a PCI mapped address via /proc/mem/self, the
kernel crashes with the following:
[ 146.827032] [ T7089] Unable to handle kernel read from unreadable memory
at virtual address ffff800086828000
[ 146.836077] [ T7089] Mem abort info:
[ 146.838864] [ T7089] ESR = 0x000000009600000f
[ 146.842603] [ T7089] EC = 0x25: DABT (current EL), IL = 32 bits
[ 146.847906] [ T7089] SET = 0, FnV = 0
[ 146.850951] [ T7089] EA = 0, S1PTW = 0
[ 146.854083] [ T7089] FSC = 0x0f: level 3 permission fault
[ 146.858864] [ T7089] Data abort info:
[ 146.861736] [ T7089] ISV = 0, ISS = 0x0000000f, ISS2 = 0x00000000
[ 146.867212] [ T7089] CM = 0, WnR = 0, TnD = 0, TagAccess = 0
[ 146.872253] [ T7089] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
[ 146.877555] [ T7089] swapper pgtable: 4k pages, 48-bit VAs,
pgdp=0000080045751000
[ 146.884246] [ T7089] [ffff800086828000] pgd=10000800002c6003,
p4d=10000800002c6003, pud=10000800002c7003, pmd=100008001780c003,
pte=0160000010000fd3
[ 146.896759] [ T7089] Internal error: Oops: 000000009600000f [#1] SMP
[ 146.902320] [ T7089] Modules linked in: xt_CHECKSUM xt_MASQUERADE
xt_conntrack ipt_REJECT nf_reject_ipv4 xt_tcpudp nft_compat nft_chain_nat
nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nf_tables bridge qrtr bonding
cfg80211 8021q garp mrp stp llc isofs binfmt_misc nls_iso8859_1 acpi_ipmi
ipmi_ssif ipmi_devintf arm_spe_pmu hpilo i2c_algo_bit ipmi_msghandler
acpiphp_ampere_altra xgene_hwmon arm_cmn arm_dmc620_pmu dummy rdma_ucm rdma_cm
iw_cm storpool_pci(OE) ib_cm arm_dsu_pmu cppc_cpufreq storpool_rdma(OE)
sch_fq_codel dm_multipath nvme_fabrics nvme_keyring efi_pstore nfnetlink
dmi_sysfs ip_tables x_tables autofs4 btrfs blake2b_generic raid10 raid456
async_raid6_recov async_memcpy async_pq async_xor async_tx xor xor_neon
raid6_pq libcrc32c raid1 raid0 mlx5_ib ib_uverbs macsec ib_core crct10dif_ce
polyval_ce polyval_generic ghash_ce sm4 mlx5_core sha2_ce nvme mlxfw
sha256_arm64 sha1_ce psample nvme_core r8169 tls xhci_pci xhci_pci_renesas
nvme_auth realtek pci_hyperv_intf ae
s_neon_bs aes_neon_blk aes_ce_blk aes_ce_cipher
[ 146.992148] [ T7089] CPU: 71 PID: 7089 Comm: repr Kdump: loaded Tainted:
G OE 6.8.0-56-generic #58-Ubuntu
[ 147.002222] [ T7089] Hardware name: HPE ProLiant RL300 Gen11/ProLiant
RL300 Gen11, BIOS 1.70 05/23/2024
[ 147.010819] [ T7089] pstate: 20400009 (nzCv daif +PAN -UAO -TCO -DIT
-SSBS BTYPE=--)
[ 147.017768] [ T7089] pc : __memcpy_fromio+0x50/0xb8
[ 147.021856] [ T7089] lr : generic_access_phys+0x1b8/0x1e8
[ 147.026463] [ T7089] sp : ffff80008ace3a70
[ 147.029764] [ T7089] x29: ffff80008ace3a90 x28: 0000000000000000 x27:
ffff07ffbfaa6000
[ 147.036887] [ T7089] x26: 0000000000000000 x25: 0000000000001000 x24:
0000000000000000
[ 147.044011] [ T7089] x23: 0000000000001000 x22: 0000f56925ac8000 x21:
ffff0801091c6540
[ 147.051134] [ T7089] x20: 0160000010000fd3 x19: ffff800086828000 x18:
ffff800085fe3070
[ 147.058257] [ T7089] x17: 0000000000000000 x16: 0000000000000000 x15:
0000000000000000
[ 147.065379] [ T7089] x14: 0000000000000000 x13: 0000000000000000 x12:
0000000000000000
[ 147.072502] [ T7089] x11: 0000000000000000 x10: 0000000000000000 x9 :
ffffd2588b73a1e0
[ 147.079624] [ T7089] x8 : 0000000000000000 x7 : 0000000000000000 x6 :
0000000000001000
[ 147.086746] [ T7089] x5 : 0000000000000000 x4 : ffff800086828000 x3 :
ffff07ffbfaa7000
[ 147.093869] [ T7089] x2 : 0000000000001000 x1 : ffff800086828000 x0 :
ffff07ffbfaa6000
[ 147.100991] [ T7089] Call trace:
[ 147.103425] [ T7089] __memcpy_fromio+0x50/0xb8
[ 147.107162] [ T7089] kernfs_vma_access+0x84/0xe8
[ 147.111074] [ T7089] __access_remote_vm+0x2d0/0x3e8
[ 147.115245] [ T7089] access_remote_vm+0x1c/0x50
[ 147.119068] [ T7089] mem_rw+0x13c/0x418
[ 147.122198] [ T7089] mem_read+0x20/0x50
[ 147.125326] [ T7089] vfs_read+0xd0/0x350
[ 147.128544] [ T7089] ksys_pread64+0xa0/0x108
[ 147.132107] [ T7089] __arm64_sys_pread64+0x2c/0x58
[ 147.136191] [ T7089] invoke_syscall+0x7c/0x130
[ 147.139928] [ T7089] el0_svc_common.constprop.0+0x4c/0x140
[ 147.144706] [ T7089] do_el0_svc+0x28/0x58
[ 147.148008] [ T7089] el0_svc+0x44/0x1a0
[ 147.151139] [ T7089] el0t_64_sync_handler+0x148/0x158
[ 147.155483] [ T7089] el0t_64_sync+0x1b0/0x1b8
[ 147.159134] [ T7089] Code: 927df0c6 910020c6 8b060003 d503201f
(f9400085)
[ 147.165216] [ T7089] SMP: stopping secondary CPUs
[ 147.170632] [ T7089] Starting crashdump kernel...
[ 147.174543] [ T7089] Bye!
(it's expected to work, as reading the same memory via mmap() works fine)
ProblemType: Bug
DistroRelease: Ubuntu 24.04
Package: linux-image-6.8.0-56-generic 6.8.0-56.58+1
ProcVersionSignature: Ubuntu 6.8.0-56.58-generic 6.8.12
Uname: Linux 6.8.0-56-generic aarch64
AlsaDevices:
total 0
crw-rw---- 1 root audio 116, 1 Apr 28 12:41 seq
crw-rw---- 1 root audio 116, 33 Apr 28 12:41 timer
AplayDevices: Error: [Errno 2] No such file or directory: 'aplay'
ApportVersion: 2.28.1-0ubuntu3.5
Architecture: arm64
ArecordDevices: Error: [Errno 2] No such file or directory: 'arecord'
AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/timer',
'/dev/snd/seq'] failed with exit code 1:
CRDA: N/A
CasperMD5CheckResult: unknown
CloudBuildName: server
CloudSerial: 20250403
Date: Mon Apr 28 12:43:22 2025
IwConfig: Error: [Errno 2] No such file or directory: 'iwconfig'
MachineType: HPE ProLiant RL300 Gen11
PciMultimedia:
ProcEnviron:
LANG=en_US.UTF-8
PATH=(custom, no user)
SHELL=/bin/bash
TERM=xterm-256color
XDG_RUNTIME_DIR=<set>
ProcFB: 0 simpledrmdrmfb
ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-6.8.0-56-generic
root=UUID=601077d1-fca7-441c-b6d2-25dbce139cc5 ro no_timer_check nofb nomodeset
gfxpayload=text amd_pstate=guided iommu=pt intel_iommu=on
systemd.legacy_systemd_cgroup_controller=1 swapaccount=1 i915.modeset=0
libata.fua=1 video=vesafb:off systemd.unified_cgroup_hierarchy=0 vga=normal
crashkernel=1024M
RelatedPackageVersions:
linux-restricted-modules-6.8.0-56-generic N/A
linux-backports-modules-6.8.0-56-generic N/A
linux-firmware N/A
RfKill: Error: [Errno 2] No such file or directory: 'rfkill'
SourcePackage: linux
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 05/23/2024
dmi.bios.release: 1.70
dmi.bios.vendor: HPE
dmi.bios.version: 1.70
dmi.board.name: ProLiant RL300 Gen11
dmi.board.vendor: HPE
dmi.chassis.type: 23
dmi.chassis.vendor: HPE
dmi.ec.firmware.release: 1.62
dmi.modalias:
dmi:bvnHPE:bvr1.70:bd05/23/2024:br1.70:efr1.62:svnHPE:pnProLiantRL300Gen11:pvr:rvnHPE:rnProLiantRL300Gen11:rvr:cvnHPE:ct23:cvr:skuP59870-B21:
dmi.product.family: ProLiant
dmi.product.name: ProLiant RL300 Gen11
dmi.product.sku: P59870-B21
dmi.sys.vendor: HPE
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2109501/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
