kernel-packages team mailing list archive
-
kernel-packages team
-
Mailing list archive
-
Message #131668
[Bug 1487085] Re: Ubuntu 14.04.3 LTS Crash in notifier_call_chain after boot
** Package changed: ubuntu => linux (Ubuntu)
** Changed in: linux (Ubuntu)
Assignee: (unassigned) => Taco Screen team (taco-screen-team)
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1487085
Title:
Ubuntu 14.04.3 LTS Crash in notifier_call_chain after boot
Status in linux package in Ubuntu:
New
Bug description:
---Problem Description---
Installed Ubuntu 14.04.3 LTS on Palmetto and its crashing after booting to login.
This happens every time I boot Ubuntu 14.04.3 LTS. I've reinstalled Ubuntu and replaced the hard disk as well and re-installed. Still crashing.
---uname output---
Linux paul40 3.19.0-26-generic #28~14.04.1-Ubuntu SMP Wed Aug 12 14:10:52 UTC 2015 ppc64le ppc64le ppc64le GNU/Linux
Machine Type = Palmetto
---System Hang---
Ubuntu OS crashes and cannot access host. Must reboot system
---Steps to Reproduce---
Boot system
Oops output:
[ 33.132376] Unable to handle kernel paging request for data at address 0x200000000000000
[ 33.132565] Faulting instruction address: 0xc0000000000dbc60
[ 33.133422] Oops: Kernel access of bad area, sig: 11 [#1]
[ 33.134410] SMP NR_CPUS=2048 NUMA PowerNV
[ 33.134478] Modules linked in: ast ttm drm_kms_helper joydev mac_hid drm hid_generic usbhid hid syscopyarea sysfillrect sysimgblt i2c_algo_bit ofpart cmdlinepart at24 uio_pdrv_genirq powernv_flash mtd ipmi_powernv powernv_rng opal_prd ipmi_msghandler uio uas usb_storage ahci libahci
[ 33.139112] CPU: 24 PID: 0 Comm: swapper/24 Not tainted 3.19.0-26-generic #28~14.04.1-Ubuntu
[ 33.139943] task: c0000000013cccb0 ti: c000000fff700000 task.ti: c000000001448000
[ 33.141642] NIP: c0000000000dbc60 LR: c0000000000dbd94 CTR: 0000000000000000
[ 33.142605] REGS: c000000fff703980 TRAP: 0300 Not tainted (3.19.0-26-generic)
[ 33.143417] MSR: 9000000000009033 <SF,HV,EE,ME,IR,DR,RI,LE> CR: 28002888 XER: 00000000
[ 33.144244] CFAR: c000000000008468 DAR: 0200000000000000 DSISR: 40000000 SOFTE: 0
GPR00: c0000000000dbd94 c000000fff703c00 c00000000144cc00 c0000000015f03c0
GPR04: 0000000000000007 c0000000015f03b8 ffffffffffffffff 0000000000000000
GPR08: 0000000000000000 0200000000000000 c00000000006c394 9000000000001003
GPR12: 0000000000002200 c00000000fb8d800 0000000000000058 0000000000000000
GPR16: c000000001448000 c000000001448000 c000000001448080 c000000000e9a880
GPR20: c000000001448080 0000000000000001 0000000000000002 0000000000000012
GPR24: c000000f1e432200 0000000000000000 0000000000000000 c0000000015f03b8
GPR28: 0000000000000007 0000000000000000 c0000000015f03c0 ffffffffffffffff
[ 33.157013] NIP [c0000000000dbc60] notifier_call_chain+0x70/0x100
[ 33.157818] LR [c0000000000dbd94] atomic_notifier_call_chain+0x44/0x60
[ 33.162090] Call Trace:
[ 33.162845] [c000000fff703c00] [0000000000000008] 0x8 (unreliable)
[ 33.163644] [c000000fff703c50] [c0000000000dbd94] atomic_notifier_call_chain+0x44/0x60
[ 33.164647] [c000000fff703c90] [c00000000006f2a8] opal_message_notify+0xa8/0x100
[ 33.165476] [c000000fff703d00] [c0000000000dbc88] notifier_call_chain+0x98/0x100
[ 33.167007] [c000000fff703d50] [c0000000000dbd94] atomic_notifier_call_chain+0x44/0x60
[ 33.167816] [c000000fff703d90] [c00000000006f654] opal_do_notifier.part.5+0x74/0xa0
[ 33.172166] [c000000fff703dd0] [c00000000006f6d8] opal_interrupt+0x58/0x70
[ 33.172997] [c000000fff703e10] [c0000000001273d0] handle_irq_event_percpu+0x90/0x2b0
[ 33.174507] [c000000fff703ed0] [c000000000127658] handle_irq_event+0x68/0xd0
[ 33.175312] [c000000fff703f00] [c00000000012baf4] handle_fasteoi_irq+0xe4/0x240
[ 33.176124] [c000000fff703f30] [c0000000001265c8] generic_handle_irq+0x58/0x90
[ 33.176936] [c000000fff703f60] [c000000000010f10] __do_irq+0x80/0x190
[ 33.182406] [c000000fff703f90] [c00000000002476c] call_do_irq+0x14/0x24
[ 33.183258] [c00000000144ba30] [c0000000000110c0] do_IRQ+0xa0/0x120
[ 33.184072] [c00000000144ba90] [c0000000000025d8] hardware_interrupt_common+0x158/0x180
[ 33.184907] --- interrupt: 501 at arch_local_irq_restore+0x5c/0x90
[ 33.184907] LR = arch_local_irq_restore+0x40/0x90
[ 33.186473] [c00000000144bd80] [c000000f2ae19808] 0xc000000f2ae19808 (unreliable)
[ 33.188024] [c00000000144bda0] [c00000000085d5d8] cpuidle_enter_state+0xa8/0x260
[ 33.192695] [c00000000144be00] [c000000000108be8] cpu_startup_entry+0x488/0x4e0
[ 33.193543] [c00000000144bee0] [c00000000000bdb4] rest_init+0xa4/0xc0
[ 33.194327] [c00000000144bf00] [c000000000da3e80] start_kernel+0x53c/0x558
[ 33.195084] [c00000000144bf90] [c000000000008c6c] start_here_common+0x20/0xa8
[ 33.196569] Instruction dump:
[ 33.196619] 7cfd3b78 60000000 60000000 e93e0000 2fa90000 419e00a4 2fbf0000 419e009c
[ 33.197605] 2e3d0000 60000000 60000000 60420000 <e9490000> ebc90008 7d234b78 7f84e378
[ 33.202763] ---[ end trace 71076895a9f126ba ]---
[ 33.202836]
[ 35.203605] Kernel panic - not syncing: Fatal exception in interrupt
[ 35.203727] drm_kms_helper: panic occurred, switching back to text console
[ 35.204692] ---[ end Kernel panic - not syncing: Fatal exception in interrupt
Ah! This is due to notifier chain array overflow while handling opal message. The upstream commit 792f96e fixes this issue.. But what I see is the commit 792f96e has been partially applied to ubuntu 14.04.3 kernel sources. And hence you are seeing this issue.
commit 792f96e9a769b799a2944e9369e4ea1e467135b2
Author: Neelesh Gupta <neelegup@xxxxxxxxxxxxxxxxxx>
Date: Wed Feb 11 11:57:06 2015 +0530
powerpc/powernv: Fix the overflow of OPAL message notifiers head array
Fixes the condition check of incoming message type which can
otherwise shoot beyond the message notifiers head array.
Signed-off-by: Neelesh Gupta <neelegup@xxxxxxxxxxxxxxxxxx>
Reviewed-by: Vasant Hegde <hegdevasant@xxxxxxxxxxxxxxxxxx>
Reviewed-by: Anshuman Khandual <khandual@xxxxxxxxxxxxxxxxxx>
Signed-off-by: Benjamin Herrenschmidt <benh@xxxxxxxxxxxxxxxxxxx>
Below is the hunk from above commit, which is missing from ubuntu 14.04.3:
------------------------------------------------
@@ -354,7 +350,7 @@ static void opal_handle_message(void)
type = be32_to_cpu(msg.msg_type);
/* Sanity check */
- if (type > OPAL_MSG_TYPE_MAX) {
+ if (type >= OPAL_MSG_TYPE_MAX) {
pr_warning("%s: Unknown message type: %u\n", __func__, type);
return;
}
------------------------------------------------
I just checked. The above hunk can be cleanly applied to ubuntu
14.04.3 kernel sources. We should mirror this bug to ubuntu and ask
them to apply above hunk.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1487085/+subscriptions