lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 8 Apr 2015 17:20:22 +0200 (CEST)
From:	Jan Engelhardt <jengelh@...i.de>
To:	torvalds@...ux-foundation.org
cc:	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: NULL deref around xfs in v4.0-rc1–rc7

On Wednesday 2015-04-08 15:41, Jan Engelhardt wrote:

>Starting somewhere around v4.0-rc1 and persisting through commit 
>v4.0-rc7, there is a new NULL deference apparently happening in 
>conjunction with xfs. This inhibits this machine's booting,
>as xfs is used for the root filesystem.
>
>First bisection points at first-bad commit v4.0-rc1~8, and since that is 
>a merge commit, I'll be investigating some more hand-chosen commits (and 
>then people to Cc) as we speak.

I reran bisect just to be sure.
It now shows v4.0-rc1~9 is bad, v4.0-rc1~9^1 is ok, and v4.0-rc~9^2 is 
ok too. So this means that the combination of the both ~9 childs work
badly together.


# good: [2bfedd1d9f470506d98cb5662ced381c38225968] Merge branch 'for-linus' of git://git.kernel.dk/linux-block
git bisect good 2bfedd1d9f470506d98cb5662ced381c38225968
# bad: [cd50b70ccd5c87794ec28bfb87b7fba9961eb0ae] Merge tag 'pm+acpi-3.20-rc1-3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
git bisect bad cd50b70ccd5c87794ec28bfb87b7fba9961eb0ae
# good: [9d0de5a63a4a22abfd2bd70694a610d18350cf87] Merge branches 'acpi-ec', 'acpi-soc', 'acpi-video' and 'acpi-resources'
git bisect good 9d0de5a63a4a22abfd2bd70694a610d18350cf87
# good: [67fadaa2768716209ee19a8b8bf05bc3ac399445] cpufreq: s3c: remove last use of resume_clocks callback
git bisect good 67fadaa2768716209ee19a8b8bf05bc3ac399445
# good: [70734a786acfd1998e47d40df19cba5c29469bdf] cpuidle: powernv: Avoid endianness conversions while parsing DT
git bisect good 70734a786acfd1998e47d40df19cba5c29469bdf
# good: [3466b547e37b988723dc93465b7cb06b4b1f731f] Merge branches 'pnp', 'pm-cpuidle' and 'pm-cpufreq'
git bisect good 3466b547e37b988723dc93465b7cb06b4b1f731f
# first bad commit: [cd50b70ccd5c87794ec28bfb87b7fba9961eb0ae] Merge tag 'pm+acpi-3.20-rc1-3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
# good: [2bfedd1d9f470506d98cb5662ced381c38225968] Merge branch 'for-linus' of git://git.kernel.dk/linux-block
git bisect good 2bfedd1d9f470506d98cb5662ced381c38225968
# bad: [cd50b70ccd5c87794ec28bfb87b7fba9961eb0ae] Merge tag 'pm+acpi-3.20-rc1-3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
git bisect bad cd50b70ccd5c87794ec28bfb87b7fba9961eb0ae
# good: [9d0de5a63a4a22abfd2bd70694a610d18350cf87] Merge branches 'acpi-ec', 'acpi-soc', 'acpi-video' and 'acpi-resources'
git bisect good 9d0de5a63a4a22abfd2bd70694a610d18350cf87
# good: [67fadaa2768716209ee19a8b8bf05bc3ac399445] cpufreq: s3c: remove last use of resume_clocks callback
git bisect good 67fadaa2768716209ee19a8b8bf05bc3ac399445
# good: [70734a786acfd1998e47d40df19cba5c29469bdf] cpuidle: powernv: Avoid endianness conversions while parsing DT
git bisect good 70734a786acfd1998e47d40df19cba5c29469bdf
# good: [3466b547e37b988723dc93465b7cb06b4b1f731f] Merge branches 'pnp', 'pm-cpuidle' and 'pm-cpufreq'
git bisect good 3466b547e37b988723dc93465b7cb06b4b1f731f
# first bad commit: [cd50b70ccd5c87794ec28bfb87b7fba9961eb0ae] Merge tag 'pm+acpi-3.20-rc1-3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm



 BUG: unable to handle kernel paging request at 0000000000001000
 IP: [<ffffffff81269d9e>] scsi_init_cmd_errh+0x26/0x5d
 PGD 0 
 Oops: 0002 [#1] SMP 
 Modules linked in: xfs crc32c_generic libcrc32c dm_crypt xts gf128mul algif_skcipher af_alg sd_mod mptsas scsi_transport_sas mptscsih mptbase dm_mod sg ipv6
 CPU: 0 PID: 406 Comm: kworker/u2:0 Not tainted 3.19.0+ #53
 Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006
 task: ffff88007bf73c60 ti: ffff88007cb20000 task.ti: ffff88007cb20000
 RIP: 0010:[<ffffffff81269d9e>]  [<ffffffff81269d9e>] scsi_init_cmd_errh+0x26/0x5d
 RSP: 0018:ffff88007cb23870  EFLAGS: 00010246
 RAX: 0000000000000000 RBX: ffff88007bfa6800 RCX: 0000000000000018
 RDX: ffff88007bfec970 RSI: 0000000000000000 RDI: 0000000000001000
 RBP: ffff88007bfec970 R08: ffff88007be345c0 R09: 00000000000000fa
 R10: 0000000000000001 R11: ffffea0001ec8c40 R12: 0000000000000000
 R13: ffff88007bfa6800 R14: ffff88007bc04000 R15: ffff88007bfec800
 FS:  0000000000000000(0000) GS:ffff88007fc00000(0000) knlGS:0000000000000000
 CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
 CR2: 0000000000001000 CR3: 000000007bc9b000 CR4: 00000000000007f0
 Stack:
  ffffffff8126b67a ffff88007bf73c60 ffff88007bc04000 ffff88007bf13400
  ffff88007bfa6968 ffff88007bfec978 ffff88007fc18e48 ffff88007bfb4f20
  ffff88007cb23900 ffff88007bf13408 0000000000000000 0000000000000000
 Call Trace:
  [<ffffffff8126b67a>] ? scsi_queue_rq+0x2e5/0x3d3
  [<ffffffff8118d840>] ? __blk_mq_run_hw_queue+0x19a/0x29f
  [<ffffffff8118da01>] ? blk_mq_alloc_request+0xbc/0x102
  [<ffffffffa00f974b>] ? __xfs_get_blocks+0x321/0x321 [xfs]
  [<ffffffff8118df89>] ? blk_mq_run_hw_queue+0x4a/0x93
  [<ffffffff8118ec07>] ? blk_sq_make_request+0x166/0x171
  [<ffffffff8118639b>] ? generic_make_request+0x8f/0xcc
  [<ffffffff811864db>] ? submit_bio+0x103/0x121
  [<ffffffff810cc0ae>] ? get_page+0x9/0x25
  [<ffffffff810cc49f>] ? __lru_cache_add+0x1a/0x3a
  [<ffffffff81136312>] ? mpage_bio_submit+0x1f/0x25
  [<ffffffff81136f7f>] ? mpage_readpages+0xe2/0xf6
  [<ffffffffa00f974b>] ? __xfs_get_blocks+0x321/0x321 [xfs]
  [<ffffffff810f85f9>] ? alloc_pages_current+0xad/0xca
  [<ffffffff810cb5f9>] ? __do_page_cache_readahead+0x116/0x1af
  [<ffffffff811a8a21>] ? radix_tree_lookup_slot+0x10/0x23
  [<ffffffff810cb88b>] ? ondemand_readahead+0x1f9/0x20a
  [<ffffffff810c3231>] ? pagecache_get_page+0x22/0x138
  [<ffffffff810c3dab>] ? generic_file_read_iter+0x17a/0x4d4
  [<ffffffffa00d430e>] ? xfs_attr_get+0x52/0x113 [xfs]
  [<ffffffffa01013d8>] ? xfs_file_read_iter+0x1bb/0x20d [xfs]
  [<ffffffff8110e8c9>] ? new_sync_read+0x67/0x8b
  [<ffffffff8110f539>] ? vfs_read+0x6d/0xb7
  [<ffffffff81112ff7>] ? kernel_read+0x39/0x47
  [<ffffffff811146f3>] ? do_execveat_common.isra.31+0x3b7/0x5dd
  [<ffffffff8111493c>] ? do_execve+0x23/0x28
  [<ffffffff8104d4f7>] ? ____call_usermodehelper+0x100/0x128
  [<ffffffff8104d3f7>] ? call_usermodehelper+0x47/0x47
  [<ffffffff813188fc>] ? ret_from_fork+0x7c/0xb0
  [<ffffffff8104d3f7>] ? call_usermodehelper+0x47/0x47
 Code: c2 89 d0 5b c3 48 c7 87 b0 00 00 00 00 00 00 00 c7 87 f4 00 00 00 00 00 00 00 48 89 fa 48 8b bf 10 01 00 00 31 c0 b9 18 00 00 00 <f3> ab 66 83 ba cc 00 00 00 00 75 2a 48 8b 8a d8 00 00 00 8a 01 
 RIP  [<ffffffff81269d9e>] scsi_init_cmd_errh+0x26/0x5d
  RSP <ffff88007cb23870>
 CR2: 0000000000001000
 ---[ end trace 54414923d584f14b ]---
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ