Skip to content

Panic on accessing MTD file descriptor after unbinding aspeed-smc driver #209

New issue
New issue
Open
Open
Panic on accessing MTD file descriptor after unbinding aspeed-smc driver#209
@zevweiss

Description

@zevweiss
zevweiss
opened on Oct 14, 2021

The following script triggers a kernel panic:

#!/bin/bash

mtddev=/dev/mtd/bmc
spidev=1e620000.spi
cp /usr/bin/{hexdump,head} /lib/{lib[cm].so.6,ld-linux.so.3} /tmp
export LD_LIBRARY_PATH=/tmp
echo opening mtd FD... > /dev/kmsg
exec {mtdfd}<$mtddev
echo unbinding aspeed-smc... > /dev/kmsg
echo $spidev > /sys/bus/platform/drivers/aspeed-smc/unbind
echo reading mtd FD... > /dev/kmsg
/tmp/ld-linux.so.3 /tmp/hexdump -C /dev/fd/$mtdfd | /tmp/ld-linux.so.3 /tmp/head

dmesg output:

[  125.768937] opening mtd FD...
[  125.776496] unbinding aspeed-smc...
[  125.781074] Deleting MTD partitions on "bmc":
[  125.785617] Deleting u-boot MTD partition
[  125.812654] Deleting u-boot-env MTD partition
[  125.856276] Deleting kernel MTD partition
[  125.886736] Deleting rofs MTD partition
[  125.947813] Deleting rwfs MTD partition
[  125.973831] Removing MTD device #5 (rwfs) with use count 1
[  125.979384] Error when deleting partition "rwfs" (-16)
[  126.033799] reading mtd FD...
[  126.126175] 8<--- cut here ---
[  126.129289] Unable to handle kernel paging request at virtual address a4000000
[  126.136537] pgd = 43c33ffc
[  126.139274] [a4000000] *pgd=00000000
[  126.142889] Internal error: Oops: 5 [#1] ARM
[  126.147188] CPU: 0 PID: 339 Comm: ld-linux.so.3 Not tainted 5.14.11-7ee2d5b-dirty-78027c9 #1
[  126.155647] Hardware name: Generic DT based system
[  126.160447] PC is at mmiocpy+0x48/0x330
[  126.164330] LR is at aspeed_smc_read+0x5c/0x214
[  126.168906] pc : [<807a6788>]    lr : [<8051fc74>]    psr: 20000013
[  126.175180] sp : 84affd0c  ip : 00000000  fp : 84affd64
[  126.180413] r10: 854b0280  r9 : 00000000  r8 : 8277d000
[  126.185647] r7 : 8277d000  r6 : 00001000  r5 : 854b0048  r4 : 854b0020
[  126.192183] r3 : ffffffff  r2 : 00000f80  r1 : a4000000  r0 : 8277d000
[  126.198718] Flags: nzCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
[  126.205864] Control: 00c5387d  Table: 84808008  DAC: 00000051
[  126.211614] Register r0 information: slab kmalloc-4k start 8277d000 pointer offset 0 size 4096
[  126.220291] Register r1 information: non-paged memory
[  126.225368] Register r2 information: non-paged memory
[  126.230438] Register r3 information: non-paged memory
[  126.235508] Register r4 information: slab kmalloc-1k start 854b0000 pointer offset 32 size 1024
[  126.244262] Register r5 information: slab kmalloc-1k start 854b0000 pointer offset 72 size 1024
[  126.253014] Register r6 information: non-paged memory
[  126.258085] Register r7 information: slab kmalloc-4k start 8277d000 pointer offset 0 size 4096
[  126.266744] Register r8 information: slab kmalloc-4k start 8277d000 pointer offset 0 size 4096
[  126.275401] Register r9 information: NULL pointer
[  126.280123] Register r10 information: slab kmalloc-1k start 854b0000 pointer offset 640 size 1024
[  126.289041] Register r11 information: non-slab/vmalloc memory
[  126.294807] Register r12 information: NULL pointer
[  126.299615] Process ld-linux.so.3 (pid: 339, stack limit = 0xec53d594)
[  126.306171] Stack: (0x84affd0c to 0x84b00000)
[  126.310558] fd00:                            854b0048 00001000 8277d000 8277d000 8277d000
[  126.318757] fd20: 854b0020 8051fc74 802a19c0 80bc1cc8 0004f040 d1696089 84989c40 00000000
[  126.326945] fd40: 854b0048 00000000 00001000 8277d000 84affe1c 854b0280 84affd9c 84affd68
[  126.335136] fd60: 80517090 8051fc24 00001000 8277d000 84affdb8 00000000 84affe1c 854b0048
[  126.343325] fd80: 00000000 00000000 84affe14 00000000 84affdc4 84affda0 8050bdcc 80517020
[  126.351516] fda0: 00001000 84affe1c 8277d000 00000000 854b0048 00000000 84affe04 84affdc8
[  126.359705] fdc0: 8050de34 8050bd34 84affe14 00000001 0000002c 00000000 00000000 854b0048
[  126.367897] fde0: 00000000 84affe14 84affe7c 8277d000 00000000 84afe000 84affe5c 84affe08
[  126.376086] fe00: 8050df64 8050ddb0 84affe14 8025b854 00000010 00000000 00001000 00000000
[  126.384275] fe20: 00000000 00000000 00000000 8277d000 00000000 d1696089 00001000 84afff68
[  126.392465] fe40: 01ae3520 854b0048 8277d000 84ade000 84affed4 84affe60 805129c4 8050df00
[  126.400657] fe60: 00001000 84affe7c 8277d000 00000000 00000000 00000000 824eb390 01ae4000
[  126.408846] fe80: 00001000 84afffb0 84affeb4 84affe98 8010defc 8010cb88 84affeb4 85dff34f
[  126.417035] fea0: 80243988 d1696089 84afff2c 00001000 84863a00 01ae3520 84afff68 00000001
[  126.425227] fec0: 80512898 00000000 84afff64 84affed8 80293664 805128a4 00000255 84808068
[  126.433415] fee0: 84808068 00000000 00000000 00000000 824eb390 84989c7c 00000000 d1696089
[  126.441605] ff00: 84afff2c 8010a62c 01ae4524 00000817 84989c40 d1696089 84afffb0 01ae4524
[  126.449795] ff20: 84afff74 84afff30 8010a62c 8014ef88 00000010 d1696089 350c5282 84863a00
[  126.457986] ff40: 84863a00 00000000 00000000 80100224 84afe000 00000000 84afff94 84afff68
[  126.466179] ff60: 802940ac 802935b8 00000000 00000000 8010aa2c d1696089 76d974a8 000005e8
[  126.474365] ff80: 76f05120 00000003 84afffa4 84afff98 80294150 80294048 00000000 84afffa8
[  126.482555] ffa0: 80100040 80294144 76d974a8 000005e8 00000000 01ae3520 00001000 00000000
[  126.490745] ffc0: 76d974a8 000005e8 76f05120 00000003 00000010 76d97ca4 01ae34f0 01ae3190
[  126.498934] ffe0: fbad2488 7ebd1b28 76c9ebbc 76d087e4 60000010 00000000 00000000 00000000
[  126.507114] Backtrace:
[  126.509583] [<8051fc18>] (aspeed_smc_read) from [<80517090>] (spi_nor_read+0x7c/0x1ac)
[  126.517583]  r10:854b0280 r9:84affe1c r8:8277d000 r7:00001000 r6:00000000 r5:854b0048
[  126.525422]  r4:00000000
[  126.527966] [<80517014>] (spi_nor_read) from [<8050bdcc>] (mtd_read_oob_std+0xa4/0xac)
[  126.535947]  r10:00000000 r9:84affe14 r8:00000000 r7:00000000 r6:854b0048 r5:84affe1c
[  126.543784]  r4:00000000
[  126.546330] [<8050bd28>] (mtd_read_oob_std) from [<8050de34>] (mtd_read_oob+0x90/0x150)
[  126.554382]  r5:00000000 r4:854b0048
[  126.557970] [<8050dda4>] (mtd_read_oob) from [<8050df64>] (mtd_read+0x70/0xa0)
[  126.565238]  r10:84afe000 r9:00000000 r8:8277d000 r7:84affe7c r6:84affe14 r5:00000000
[  126.573078]  r4:854b0048
[  126.575624] [<8050def4>] (mtd_read) from [<805129c4>] (mtdchar_read+0x12c/0x2ec)
[  126.583074]  r9:84ade000 r8:8277d000 r7:854b0048 r6:01ae3520 r5:84afff68 r4:00001000
[  126.590816] [<80512898>] (mtdchar_read) from [<80293664>] (vfs_read+0xb8/0x2e0)
[  126.598180]  r10:00000000 r9:80512898 r8:00000001 r7:84afff68 r6:01ae3520 r5:84863a00
[  126.606013]  r4:00001000
[  126.608557] [<802935ac>] (vfs_read) from [<802940ac>] (ksys_read+0x70/0xfc)
[  126.615565]  r10:00000000 r9:84afe000 r8:80100224 r7:00000000 r6:00000000 r5:84863a00
[  126.623408]  r4:84863a00
[  126.625951] [<8029403c>] (ksys_read) from [<80294150>] (sys_read+0x18/0x1c)
[  126.632957]  r7:00000003 r6:76f05120 r5:000005e8 r4:76d974a8
[  126.638621] [<80294138>] (sys_read) from [<80100040>] (ret_fast_syscall+0x0/0x58)
[  126.646137] Exception stack(0x84afffa8 to 0x84affff0)
[  126.651215] ffa0:                   76d974a8 000005e8 00000000 01ae3520 00001000 00000000
[  126.659409] ffc0: 76d974a8 000005e8 76f05120 00000003 00000010 76d97ca4 01ae34f0 01ae3190
[  126.667592] ffe0: fbad2488 7ebd1b28 76c9ebbc 76d087e4
[  126.672670] Code: ba000002 f5d1f03c f5d1f05c f5d1f07c (e8b151f8)
[  126.678787] ---[ end trace e5ac4959ebfd2398 ]---
[  126.683423] Kernel panic - not syncing: Fatal exception

I'm looking into possible fixes, but figured I'd file it here in case anyone else has any input (and so it doesn't get lost/forgotten).

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions