| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 27 May 2010 19:44:08 +0200
From: Toralf Förster <toralf.foerster@....de>
To: user-mode-linux-devel@...ts.sourceforge.net
Cc: linux-kernel@...r.kernel.org
Subject: current git kernel crashes UML system during boot
Hello,
I bisected it to this :
There are only 'skip'ped commits left to test.
The first bad commit could be any of:
4677d4a53e0d565742277e8913e91c821453e63e
d61931d89be506372d01a90d1755f6d0a9fafe2d
1527bc8b928dd1399c3d3467dd47d9ede210978a
c59bd5688299cddb71183e156e7a3c1409b90df2
cb41838bbc4403f7270a94b93a9a0d9fc9c2e7ea
We cannot bisect more!
The .config file is attached. The script which starts an UML image exits with
exit code 143:
Locating the bottom of the address space ... 0x1000
Locating the top of the address space ... 0xc0000000
Core dump limits :
soft - NONE
hard - NONE
Checking that ptrace can change system call numbers...OK
Checking syscall emulation patch for ptrace...OK
Checking advanced syscall emulation patch for ptrace...OK
Checking for tmpfs mount on /dev/shm...OK
Checking PROT_EXEC mmap in /dev/shm/...OK
Checking for the skas3 patch in the host:
- /proc/mm...not found: No such file or directory
- PTRACE_FAULTINFO...not found
- PTRACE_LDT...not found
UML running in SKAS0 mode
Adding 4325376 bytes to physical memory to account for exec-shield gap
Linux version 2.6.34-00633-g1f8caa9 (tfoerste@n22) (gcc version 4.3.4 (Gentoo
4.3.4 p1.1, pie-10.1.5) ) #18 Thu May 27 19:33:37 CEST 2010
Built 1 zonelists in Zone order, mobility grouping on. Total pages: 66071
Kernel command line: ubda=/home/tfoerste/virtual/uml/gentoo_root_fs
ubdb=/home/tfoerste/virtual/uml/swap_fs eth0=tuntap,,,192.168.0.253 mem=256M
root=98:0
PID hash table entries: 2048 (order: 1, 8192 bytes)
Dentry cache hash table entries: 65536 (order: 6, 262144 bytes)
Inode-cache hash table entries: 32768 (order: 5, 131072 bytes)
Memory: 254512k available
Hierarchical RCU implementation.
RCU-based detection of stalled CPUs is disabled.
Verbose stalled-CPUs detection is disabled.
NR_IRQS:15
Calibrating delay loop... 4731.69 BogoMIPS (lpj=23658496)
Mount-cache hash table entries: 512
Checking for host processor cmov support...Yes
Checking that host ptys support output SIGIO...Yes
Checking that host ptys support SIGIO on close...No, enabling workaround
Using 2.6 host AIO
NET: Registered protocol family 16
bio: create slab <bio-0> at 0
Switching to clocksource itimer
NET: Registered protocol family 2
IP route cache hash table entries: 4096 (order: 2, 16384 bytes)
TCP established hash table entries: 16384 (order: 5, 131072 bytes)
TCP bind hash table entries: 16384 (order: 4, 65536 bytes)
TCP: Hash tables configured (established 16384 bind 16384)
TCP reno registered
UDP hash table entries: 256 (order: 0, 4096 bytes)
UDP-Lite hash table entries: 256 (order: 0, 4096 bytes)
NET: Registered protocol family 1
RPC: Registered udp transport module.
RPC: Registered tcp transport module.
RPC: Registered tcp NFSv4.1 backchannel transport module.
IRQ 9/mconsole: IRQF_DISABLED is not guaranteed on shared IRQs
mconsole (version 2) initialized on /home/tfoerste/.uml/tfoerste/mconsole
Checking host MADV_REMOVE support...OK
UML Audio Relay (host dsp = /dev/sound/dsp, host mixer = /dev/sound/mixer)
Host TLS support detected
Detected host type: i386 (GDT indexes 6 to 9)
Installing knfsd (copyright (C) 1996 okir@...ad.swb.de).
msgmni has been set to 497
alg: No test for stdrng (krng)
io scheduler noop registered
io scheduler cfq registered (default)
tun: Universal TUN/TAP device driver, 1.6
tun: (C) 1999-2004 Max Krasnyansky <maxk@...lcomm.com>
TCP cubic registered
NET: Registered protocol family 17
Initialized stdio console driver
Console initialized on /dev/tty0
console [tty0] enabled
Initializing software serial port version 1
console [mc-1] enabled
ubda: unknown partition table
ubdb: unknown partition table
Choosing a random ethernet address for device eth0
Netdevice 0 (da:45:59:e9:7b:7e) :
TUN/TAP backend - IP = 192.168.0.253
IRQ 3/console-write: IRQF_DISABLED is not guaranteed on shared IRQs
IRQ 2/console: IRQF_DISABLED is not guaranteed on shared IRQs
IRQ 10/winch: IRQF_DISABLED is not guaranteed on shared IRQs
EIP: 0073:[<081c77c3>] CPU: 0 Not tainted ESP: 007b:1805ab04 EFLAGS: 00210293
Not tainted
EAX: 00000001 EBX: 180cb000 ECX: 00000000 EDX: 00000001
ESI: 181e2930 EDI: 181e2930 EBP: 181e2930 DS: 007b ES: 007b
082fdb34: [<0805a0d9>] _einittext+0x1f96/0x2b55
082fdb70: [<080968cc>] run_posix_cpu_timers+0x1c/0x910
082fdb8c: [<08078afa>] task_tick_fair+0x1a/0xe0
082fdba4: [<08098fbc>] hrtimer_run_pending+0x2c/0xc0
082fdbac: [<080701fd>] set_signals+0x2d/0x40
082fdbc8: [<0805f732>] segv_handler+0x52/0xe0
082fdbd8: [<081c77c3>] cfq_close_cooperator+0x53/0x180
082fdbf0: [<080a2848>] tick_nohz_stop_sched_tick+0xb8/0x410
082fdc00: [<080840d0>] __do_softirq+0xe0/0x130
082fdc40: [<0806e934>] os_waiting_for_events+0x24/0xb0
082fdc50: [<080615bd>] free_irqs+0x5d/0xd0
082fdc70: [<080700d5>] sig_handler_common+0x55/0xa0
082fdcb0: [<081c77c3>] cfq_close_cooperator+0x53/0x180
082fdce8: [<08070272>] sig_handler+0x22/0x40
082fdcf0: [<080704ed>] handle_signal+0x5d/0xa0
082fdd10: [<080728d7>] hard_handler+0x17/0x20
082fdd5c: [<081c77c3>] cfq_close_cooperator+0x53/0x180
Kernel panic - not syncing: Segfault with no mm
082fdb00: [<0827fd7d>] panic+0x4d/0xc6
082fdb18: [<0805f6ca>] segv+0x2aa/0x2c0
082fdb34: [<0805a0d9>] _einittext+0x1f96/0x2b55
082fdb70: [<080968cc>] run_posix_cpu_timers+0x1c/0x910
082fdb8c: [<08078afa>] task_tick_fair+0x1a/0xe0
082fdba4: [<08098fbc>] hrtimer_run_pending+0x2c/0xc0
082fdbac: [<080701fd>] set_signals+0x2d/0x40
082fdbc8: [<0805f732>] segv_handler+0x52/0xe0
082fdbd8: [<081c77c3>] cfq_close_cooperator+0x53/0x180
082fdbf0: [<080a2848>] tick_nohz_stop_sched_tick+0xb8/0x410
082fdc00: [<080840d0>] __do_softirq+0xe0/0x130
082fdc40: [<0806e934>] os_waiting_for_events+0x24/0xb0
082fdc50: [<080615bd>] free_irqs+0x5d/0xd0
082fdc70: [<080700d5>] sig_handler_common+0x55/0xa0
082fdcb0: [<081c77c3>] cfq_close_cooperator+0x53/0x180
082fdce8: [<08070272>] sig_handler+0x22/0x40
082fdcf0: [<080704ed>] handle_signal+0x5d/0xa0
082fdd10: [<080728d7>] hard_handler+0x17/0x20
082fdd5c: [<081c77c3>] cfq_close_cooperator+0x53/0x180
EIP: 0073:[<b7869424>] CPU: 0 Not tainted ESP: 007b:bfef268c EFLAGS: 00200246
Not tainted
EAX: 00000000 EBX: 00006783 ECX: 00000013 EDX: 00006783
ESI: 0000677f EDI: 0000003b EBP: bfef2718 DS: 007b ES: 007b
082fdadc: [<08099da4>] notifier_call_chain+0x34/0x70
082fdb00: [<0827fda5>] panic+0x75/0xc6
082fdb18: [<0805f6ca>] segv+0x2aa/0x2c0
082fdb34: [<0805a0d9>] _einittext+0x1f96/0x2b55
082fdb70: [<080968cc>] run_posix_cpu_timers+0x1c/0x910
082fdb8c: [<08078afa>] task_tick_fair+0x1a/0xe0
082fdba4: [<08098fbc>] hrtimer_run_pending+0x2c/0xc0
082fdbac: [<080701fd>] set_signals+0x2d/0x40
082fdbc8: [<0805f732>] segv_handler+0x52/0xe0
082fdbd8: [<081c77c3>] cfq_close_cooperator+0x53/0x180
082fdbf0: [<080a2848>] tick_nohz_stop_sched_tick+0xb8/0x410
082fdc00: [<080840d0>] __do_softirq+0xe0/0x130
082fdc40: [<0806e934>] os_waiting_for_events+0x24/0xb0
082fdc50: [<080615bd>] free_irqs+0x5d/0xd0
082fdc70: [<080700d5>] sig_handler_common+0x55/0xa0
082fdcb0: [<081c77c3>] cfq_close_cooperator+0x53/0x180
082fdce8: [<08070272>] sig_handler+0x22/0x40
082fdcf0: [<080704ed>] handle_signal+0x5d/0xa0
082fdd10: [<080728d7>] hard_handler+0x17/0x20
082fdd5c: [<081c77c3>] cfq_close_cooperator+0x53/0x180
Terminated
Bisecting: 4 revisions left to test after this (roughly 2 steps)
[cb41838bbc4403f7270a94b93a9a0d9fc9c2e7ea] Merge branch 'core-hweight-for-
linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip
tfoerste@n22 ~/devel/linux-2.6 $ git bisect run ~/uml_bisect.sh || git bisect
bad
running /home/tfoerste/uml_bisect.sh
scripts/kconfig/conf -o arch/um/Kconfig.x86
#
# configuration written to .config
#
scripts/kconfig/conf -s arch/um/Kconfig.x86
make[1]: `arch/um/sys-i386/user-offsets.s' is up to date.
CHK include/linux/version.h
CHK include/generated/utsrelease.h
UPD include/generated/utsrelease.h
CALL scripts/checksyscalls.sh
CHK include/generated/compile.h
CC init/version.o
QUOTE arch/um/kernel/config.tmp
LD init/built-in.o
QUOTE arch/um/kernel/config.c
CC arch/um/kernel/config.o
LD arch/um/kernel/built-in.o
GZIP kernel/config_data.gz
IKCFG kernel/config_data.h
CC kernel/configs.o
LD kernel/built-in.o
LD vmlinux.o
MODPOST vmlinux.o
GEN .version
CHK include/generated/compile.h
UPD include/generated/compile.h
CC init/version.o
LD init/built-in.o
LD .tmp_vmlinux1
KSYM .tmp_kallsyms1.S
AS .tmp_kallsyms1.o
LD .tmp_vmlinux2
KSYM .tmp_kallsyms2.S
AS .tmp_kallsyms2.o
LD .tmp_vmlinux3
KSYM .tmp_kallsyms3.S
AS .tmp_kallsyms3.o
LD vmlinux
SYSMAP System.map
SYSMAP .tmp_System.map
LINK linux
Locating the bottom of the address space ... 0x1000
Locating the top of the address space ... 0xc0000000
Core dump limits :
soft - NONE
hard - NONE
Checking that ptrace can change system call numbers...OK
Checking syscall emulation patch for ptrace...OK
Checking advanced syscall emulation patch for ptrace...OK
Checking for tmpfs mount on /dev/shm...OK
Checking PROT_EXEC mmap in /dev/shm/...OK
Checking for the skas3 patch in the host:
- /proc/mm...not found: No such file or directory
- PTRACE_FAULTINFO...not found
- PTRACE_LDT...not found
UML running in SKAS0 mode
Adding 5992448 bytes to physical memory to account for exec-shield gap
Linux version 2.6.34-00628-gcb41838 (tfoerste@n22) (gcc version 4.3.4 (Gentoo
4.3.4 p1.1, pie-10.1.5) ) #19 Thu May 27 19:34:39 CEST 2010
Built 1 zonelists in Zone order, mobility grouping on. Total pages: 66475
Kernel command line: ubda=/home/tfoerste/virtual/uml/gentoo_root_fs
ubdb=/home/tfoerste/virtual/uml/swap_fs eth0=tuntap,,,192.168.0.253 mem=256M
root=98:0
PID hash table entries: 2048 (order: 1, 8192 bytes)
Dentry cache hash table entries: 65536 (order: 6, 262144 bytes)
Inode-cache hash table entries: 32768 (order: 5, 131072 bytes)
Memory: 254500k available
Hierarchical RCU implementation.
RCU-based detection of stalled CPUs is disabled.
Verbose stalled-CPUs detection is disabled.
NR_IRQS:15
Calibrating delay loop... 4731.69 BogoMIPS (lpj=23658496)
Mount-cache hash table entries: 512
Checking for host processor cmov support...Yes
Checking that host ptys support output SIGIO...Yes
Checking that host ptys support SIGIO on close...No, enabling workaround
Using 2.6 host AIO
NET: Registered protocol family 16
bio: create slab <bio-0> at 0
Switching to clocksource itimer
NET: Registered protocol family 2
IP route cache hash table entries: 4096 (order: 2, 16384 bytes)
TCP established hash table entries: 16384 (order: 5, 131072 bytes)
TCP bind hash table entries: 16384 (order: 4, 65536 bytes)
TCP: Hash tables configured (established 16384 bind 16384)
TCP reno registered
UDP hash table entries: 256 (order: 0, 4096 bytes)
UDP-Lite hash table entries: 256 (order: 0, 4096 bytes)
NET: Registered protocol family 1
RPC: Registered udp transport module.
RPC: Registered tcp transport module.
RPC: Registered tcp NFSv4.1 backchannel transport module.
IRQ 9/mconsole: IRQF_DISABLED is not guaranteed on shared IRQs
mconsole (version 2) initialized on /home/tfoerste/.uml/tfoerste/mconsole
Checking host MADV_REMOVE support...OK
UML Audio Relay (host dsp = /dev/sound/dsp, host mixer = /dev/sound/mixer)
Host TLS support detected
Detected host type: i386 (GDT indexes 6 to 9)
Installing knfsd (copyright (C) 1996 okir@...ad.swb.de).
msgmni has been set to 497
alg: No test for stdrng (krng)
io scheduler noop registered
io scheduler cfq registered (default)
tun: Universal TUN/TAP device driver, 1.6
tun: (C) 1999-2004 Max Krasnyansky <maxk@...lcomm.com>
TCP cubic registered
NET: Registered protocol family 17
Initialized stdio console driver
Console initialized on /dev/tty0
console [tty0] enabled
Initializing software serial port version 1
console [mc-1] enabled
ubda: unknown partition table
ubdb: unknown partition table
Choosing a random ethernet address for device eth0
Netdevice 0 (9e:d2:65:a8:63:d8) :
TUN/TAP backend - IP = 192.168.0.253
IRQ 3/console-write: IRQF_DISABLED is not guaranteed on shared IRQs
IRQ 2/console: IRQF_DISABLED is not guaranteed on shared IRQs
IRQ 10/winch: IRQF_DISABLED is not guaranteed on shared IRQs
EIP: 0073:[<081c77c3>] CPU: 0 Not tainted ESP: 007b:1805ab04 EFLAGS: 00210293
Not tainted
EAX: 00000001 EBX: 180cb000 ECX: 00000000 EDX: 00000001
ESI: 181e2930 EDI: 181e2930 EBP: 181e2930 DS: 007b ES: 007b
082fdb38: [<08079aa5>] __wake_up+0x45/0x60
082fdb5c: [<080916b9>] __queue_work+0x69/0x70
082fdb7c: [<0809174b>] queue_work_on+0x2b/0x40
082fdb84: [<080d0335>] kmem_cache_free+0x95/0xe0
082fdb94: [<081bc112>] __freed_request+0xb2/0xc0
082fdbc8: [<0805f732>] segv_handler+0x52/0xe0
082fdbd8: [<081c77c3>] cfq_close_cooperator+0x53/0x180
082fdbf4: [<0806a111>] ubd_intr+0x71/0xf0
082fdc14: [<080a816d>] handle_IRQ_event+0x5d/0xf0
082fdc40: [<0806e934>] os_waiting_for_events+0x24/0xb0
082fdc50: [<080615bd>] free_irqs+0x5d/0xd0
082fdc70: [<080700d5>] sig_handler_common+0x55/0xa0
082fdcb0: [<081c77c3>] cfq_close_cooperator+0x53/0x180
082fdce8: [<08070272>] sig_handler+0x22/0x40
082fdcf0: [<080704ed>] handle_signal+0x5d/0xa0
082fdd10: [<080728d7>] hard_handler+0x17/0x20
082fdd5c: [<081c77c3>] cfq_close_cooperator+0x53/0x180
Kernel panic - not syncing: Segfault with no mm
082fdb00: [<0827fd7d>] panic+0x4d/0xc6
082fdb18: [<0805f6ca>] segv+0x2aa/0x2c0
082fdb38: [<08079aa5>] __wake_up+0x45/0x60
082fdb5c: [<080916b9>] __queue_work+0x69/0x70
082fdb7c: [<0809174b>] queue_work_on+0x2b/0x40
082fdb84: [<080d0335>] kmem_cache_free+0x95/0xe0
082fdb94: [<081bc112>] __freed_request+0xb2/0xc0
082fdbc8: [<0805f732>] segv_handler+0x52/0xe0
082fdbd8: [<081c77c3>] cfq_close_cooperator+0x53/0x180
082fdbf4: [<0806a111>] ubd_intr+0x71/0xf0
082fdc14: [<080a816d>] handle_IRQ_event+0x5d/0xf0
082fdc40: [<0806e934>] os_waiting_for_events+0x24/0xb0
082fdc50: [<080615bd>] free_irqs+0x5d/0xd0
082fdc70: [<080700d5>] sig_handler_common+0x55/0xa0
082fdcb0: [<081c77c3>] cfq_close_cooperator+0x53/0x180
082fdce8: [<08070272>] sig_handler+0x22/0x40
082fdcf0: [<080704ed>] handle_signal+0x5d/0xa0
082fdd10: [<080728d7>] hard_handler+0x17/0x20
082fdd5c: [<081c77c3>] cfq_close_cooperator+0x53/0x180
EIP: 0073:[<b77da424>] CPU: 0 Not tainted ESP: 007b:bfc851ac EFLAGS: 00200246
Not tainted
EAX: 00000000 EBX: 00006deb ECX: 00000013 EDX: 00006deb
ESI: 00006de7 EDI: 0000003b EBP: bfc85238 DS: 007b ES: 007b
082fdadc: [<08099da4>] notifier_call_chain+0x34/0x70
082fdb00: [<0827fda5>] panic+0x75/0xc6
082fdb18: [<0805f6ca>] segv+0x2aa/0x2c0
082fdb38: [<08079aa5>] __wake_up+0x45/0x60
082fdb5c: [<080916b9>] __queue_work+0x69/0x70
082fdb7c: [<0809174b>] queue_work_on+0x2b/0x40
082fdb84: [<080d0335>] kmem_cache_free+0x95/0xe0
082fdb94: [<081bc112>] __freed_request+0xb2/0xc0
082fdbc8: [<0805f732>] segv_handler+0x52/0xe0
082fdbd8: [<081c77c3>] cfq_close_cooperator+0x53/0x180
082fdbf4: [<0806a111>] ubd_intr+0x71/0xf0
082fdc14: [<080a816d>] handle_IRQ_event+0x5d/0xf0
082fdc40: [<0806e934>] os_waiting_for_events+0x24/0xb0
082fdc50: [<080615bd>] free_irqs+0x5d/0xd0
082fdc70: [<080700d5>] sig_handler_common+0x55/0xa0
082fdcb0: [<081c77c3>] cfq_close_cooperator+0x53/0x180
082fdce8: [<08070272>] sig_handler+0x22/0x40
082fdcf0: [<080704ed>] handle_signal+0x5d/0xa0
082fdd10: [<080728d7>] hard_handler+0x17/0x20
082fdd5c: [<081c77c3>] cfq_close_cooperator+0x53/0x180
Terminated
--
MfG/Sincerely
Toralf Förster
pgp finger print: 7B1A 07F4 EC82 0F90 D4C2 8936 872A E508 7DB6 9DA3
View attachment ".config" of type "text/plain" (16734 bytes)
Powered by blists - more mailing lists