Bug 2108633 - RPi4 oops with "kbdrate -d 500"
Summary: RPi4 oops with "kbdrate -d 500"
Keywords:
Status: NEW
Alias: None
Product: Fedora
Classification: Fedora
Component: kernel
Version: rawhide
Hardware: aarch64
OS: Linux
unspecified
medium
Target Milestone: ---
Assignee: Kernel Maintainer List
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2022-07-19 14:49 UTC by Steven A. Falco
Modified: 2022-07-19 19:30 UTC (History)
18 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Type: Bug


Attachments (Terms of Use)
dmesg output (83.18 KB, text/plain)
2022-07-19 14:49 UTC, Steven A. Falco
no flags Details

Description Steven A. Falco 2022-07-19 14:49:46 UTC
Created attachment 1898127 [details]
dmesg output

1. Please describe the problem:

I've installed Fedora Rawhide KDE edition on a Raspberry Pi 4.  When I ssh into the Pi as root, I get a kernel oops.  This doesn't happen when I ssh into the Pi as an unprivileged user.  It also doesn't happen if I scp a file as root from the Pi.


2. What is the Version-Release number of the kernel:

Linux pib.home.arpa 5.19.0-0.rc6.20220714git4a57a8400075.49.fc37.aarch64 #1 SMP PREEMPT_DYNAMIC Thu Jul 14 14:14:26 UTC 2022 aarch64 aarch64 aarch64 GNU/Linux


3. Did it work previously in Fedora? If so, what kernel version did the issue
   *first* appear?  Old kernels are available for download at
   https://koji.fedoraproject.org/koji/packageinfo?packageID=8 :

N/A


4. Can you reproduce this issue? If so, please provide the steps to reproduce
   the issue below:

100% reproducible

I used this image: Fedora-KDE-Rawhide-20220717.n.0.aarch64.raw.xz

Write it to a USB flash drive, boot and configure the Pi, enable ssh for root login.

Then ssh into the Pi from another system.  I use an ssh key file rather than a password, but the same thing happens when using the root password.


5. Does this problem occur with the latest Rawhide kernel?

Yes.


6. Are you running any modules that not shipped with directly Fedora's kernel?:

No.


7. Please attach the kernel logs. You can get the complete kernel log
   for a boot with ``journalctl --no-hostname -k > dmesg.txt``. If the
   issue occurred on a previous boot, use the journalctl ``-b`` flag.

Comment 1 Steven A. Falco 2022-07-19 14:51:28 UTC
The following appeared on the console during the oops.  This is probably the same thing as in the attached dmesg file, but I'm including it for completeness.

[root@fedora system]# [ 1907.572507] Unable to handle kernel paging request at virtual address fffffbfffe800064
[ 1907.581112] Mem abort info:
[ 1907.583955]   ESR = 0x0000000096000006
[ 1907.587763]   EC = 0x25: DABT (current EL), IL = 32 bits
[ 1907.593242]   SET = 0, FnV = 0
[ 1907.596347]   EA = 0, S1PTW = 0
[ 1907.599539]   FSC = 0x06: level 2 translation fault
[ 1907.604542] Data abort info:
[ 1907.607472]   ISV = 0, ISS = 0x00000006
[ 1907.611410]   CM = 0, WnR = 0
[ 1907.614426] swapper pgtable: 4k pages, 48-bit VAs, pgdp=000000001d8d0000
[ 1907.621273] [fffffbfffe800064] pgd=000000001e6e1003, p4d=000000001e6e1003, pud=000000001e6e2003, pmd=0000000000000000
[ 1907.632326] Internal error: Oops: 96000006 [#1] SMP
[ 1907.637279] Modules linked in: ufs hfsplus hfs minix msdos jfs xfs tls snd_seq_dummy snd_hrtimer snd_seq rfcomm snd_seq_device nft_objref nf_conntrack_netbios_ns nf_conntrack_broadcast nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables nfnetlink qrtr bnep bcm2835_v4l2(C) bcm2835_mmal_vchiq(C) videobuf2_vmalloc videobuf2_memops videobuf2_v4l2 videobuf2_common videodev snd_soc_hdmi_codec snd_bcm2835(C) mc cpufreq_dt btsdio brcmfmac brcmutil vfat joydev fat hci_uart cfg80211 raspberrypi_cpufreq btqca btrtl btbcm btintel bluetooth rfkill vchiq(C) iproc_rng200 vc4 bcm2711_thermal snd_soc_core snd_compress ac97_bus snd_pcm_dmaengine leds_gpio fuse zram uas usb_storage snd_pcm broadcom dwc2 snd_timer crct10dif_ce raspberrypi_hwmon gpio_raspberrypi_exp bcm_phy_lib clk_bcm2711_dvp snd udc_core pwm_bcm2835 soundcore genet drm_display_helper bcm2835_wdt
[ 1907.637451]  i2c_bcm2835 pcie_brcmstb cec mdio_bcm_unimac bcm2835_dma sdhci_iproc sdhci_pltfm sdhci phy_generic drm_cma_helper sunrpc scsi_dh_rdac scsi_dh_emc scsi_dh_alua dm_multipath aes_neon_bs
[ 1907.743334] CPU: 2 PID: 2979 Comm: kbdrate Tainted: G         C       --------  ---  5.19.0-0.rc6.20220714git4a57a8400075.49.fc37.aarch64 #1
[ 1907.756124] Hardware name: Unknown Unknown Product/Unknown Product, BIOS 2022.07-rc6 07/01/2022
[ 1907.764945] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[ 1907.772003] pc : logic_inb+0x80/0xb4
[ 1907.775631] lr : read_port+0x124/0x190
[ 1907.779428] sp : ffff800009c9baf0
[ 1907.782782] x29: ffff800009c9baf0 x28: ffff3c6aeaca4000 x27: 0000000000000000
[ 1907.790021] x26: 0000000000000000 x25: 0000ffffcc27e05f x24: ffff3c6aeaca4000
[ 1907.797258] x23: 0000ffffcc27e060 x22: 0000ffffffffffff x21: 00ffffcc27e05f00
[ 1907.804496] x20: 0000000000000064 x19: 0000000000000064 x18: 0000000000000000
[ 1907.811733] x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000
[ 1907.818970] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000
[ 1907.826206] x11: 0000000000000000 x10: 0000000000000000 x9 : ffffa9eca18a7dcc
[ 1907.833443] x8 : ffff3c6b0b388c28 x7 : 00000000e37a5742 x6 : 00000000637c0136
[ 1907.840680] x5 : 00ffffffffffffff x4 : 0000000000000000 x3 : 00000000000000c0
[ 1907.847917] x2 : 0000ffffcc27e05f x1 : 0000000000ffbffe x0 : fffffbfffe800064
[ 1907.855156] Call trace:
[ 1907.857629]  logic_inb+0x80/0xb4
[ 1907.860898]  read_port+0x124/0x190
[ 1907.864342]  vfs_read+0xbc/0x1e4
[ 1907.867612]  ksys_read+0x68/0xec
[ 1907.870879]  __arm64_sys_read+0x28/0x34
[ 1907.874764]  invoke_syscall+0x78/0x100
[ 1907.878560]  el0_svc_common.constprop.0+0x68/0x124
[ 1907.883414]  do_el0_svc+0x38/0x4c
[ 1907.886769]  el0_svc+0x60/0x180
[ 1907.889951]  el0t_64_sync_handler+0x11c/0x150
[ 1907.894365]  el0t_64_sync+0x190/0x194
[ 1907.898076] Code: d2bfd000 f2df7fe0 f2ffffe0 8b000260 (39400000) 
[ 1907.904254] ---[ end trace 0000000000000000 ]---

Message from syslogd@fedora at Jul 18 15:38:38 ...
 kernel:Internal error: Oops: 96000006 [#1] SMP

Message from syslogd@fedora at Jul 18 15:38:39 ...
 kernel:Code: d2bfd000 f2df7fe0 f2ffffe0 8b000260 (39400000)

Comment 2 Steven A. Falco 2022-07-19 19:30:05 UTC
Ok - this is not what I thought it was.  I had added:

kbdrate -d 500

in my .bash_profile, because the default kbdrate repeat-rate was too fast.  So, it doesn't have anything to do with root or ssh.

Still generating a kernel oops is bad behavior.

So the method to reproduce is simply to execute the above command as root.

If I try this as a regular user, I get:

kbdrate: Cannot open /dev/port: Permission denied

Apparently root can open the device, and generates the oops.


Note You need to log in before you can comment on or make changes to this bug.