lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <53477D33.8030809@intel.com>
Date:	Fri, 11 Apr 2014 13:27:15 +0800
From:	Jet Chen <jet.chen@...el.com>
To:	"H. Peter Anvin" <hpa@...ux.intel.com>
CC:	LKML <linux-kernel@...r.kernel.org>,
	Fengguang Wu <fengguang.wu@...el.com>
Subject: [x86, smap]  general protection fault: fff2 [#1] PREEMPT DEBUG_PAGEALLOC

Hi Peter,

I got the below dmesg and the first bad commit is

git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
commit 4640c7ee9b8953237d05a61ea3ea93981d1bc961
Author:     H. Peter Anvin <hpa@...ux.intel.com>
AuthorDate: Thu Feb 13 07:46:04 2014 -0800
Commit:     H. Peter Anvin <hpa@...ux.intel.com>
CommitDate: Thu Feb 13 08:40:52 2014 -0800

      x86, smap: smap_violation() is bogus if CONFIG_X86_SMAP is off
          If CONFIG_X86_SMAP is disabled, smap_violation() tests for conditions
      which are incorrect (as the AC flag doesn't matter), causing spurious
      faults.
          The dynamic disabling of SMAP (nosmap on the command line) is fine
      because it disables X86_FEATURE_SMAP, therefore causing the
      static_cpu_has() to return false.
          Found by Fengguang Wu's test system.
          [ v3: move all predicates into smap_violation() ]
      [ v2: use IS_ENABLED() instead of #ifdef ]
          Reported-by: Fengguang Wu <fengguang.wu@...el.com>
      Link: http://lkml.kernel.org/r/20140213124550.GA30497@localhost
      Signed-off-by: H. Peter Anvin <hpa@...ux.intel.com>
      Cc: <stable@...r.kernel.org> # v3.7+


+------------------------------------------------+------------+------------+
|                                                | 03bbd596ac | 4640c7ee9b |
+------------------------------------------------+------------+------------+
| boot_successes                                 | 920        | 282        |
| boot_failures                                  | 280        | 18         |
| Kernel_panic-not_syncing:No_working_init_found | 248        |            |
| backtrace:panic                                | 248        |            |
| BUG:soft_lockup-CPU_stuck_for_s                | 31         |            |
| RIP:arch_local_irq_enable                      | 31         |            |
| Kernel_panic-not_syncing:softlockup:hung_tasks | 31         |            |
| backtrace:setup_IO_APIC                        | 31         |            |
| backtrace:APIC_init_uniprocessor               | 31         |            |
| backtrace:kernel_init_freeable                 | 31         |            |
| BUG:kernel_boot_hang                           | 1          | 0          |
| general_protection_fault:fff2                  | 0          | 18         |
| RIP:arch_local_irq_restore                     | 0          | 18         |
| Kernel_panic-not_syncing:Fatal_exception       | 0          | 18         |
| backtrace:SYSC_reboot                          | 0          | 18         |
| backtrace:SyS_reboot                           | 0          | 18         |
+------------------------------------------------+------------+------------+

Rebooting... [  371.058724] reboot: Restarting system
[  371.058724] reboot: machine restart
[  371.380921] general protection fault: fff2 [#1] PREEMPT DEBUG_PAGEALLOC
[  371.380921] Modules linked in:
[  371.380921] CPU: 0 PID: 230 Comm: reboot Not tainted 3.14.0-rc1-00186-g4640c7e #1
[  371.380921] task: ffff880011f54000 ti: ffff880011f66000 task.ti: ffff880011f66000
[  371.380921] RIP: 0010:[<ffffffff81016663>]  [<ffffffff81016663>] arch_local_irq_restore+0x6/0xd
[  371.380921] RSP: 0018:ffff880011f67dc8  EFLAGS: 00000202
[  371.380921] RAX: ffffffff8160a550 RBX: 0000000000000202 RCX: 0000005677d85f2c
[  371.380921] RDX: 0000000000010000 RSI: 000000000000000f RDI: 0000000000000202
[  371.380921] RBP: ffff880011f67dc8 R08: 0000000000000001 R09: 0000000000000000
[  371.380921] R10: 00000000000092dc R11: 0000000000000000 R12: 0000000028121969
[  371.380921] R13: 00007fffb011e210 R14: 00000000fee1dead R15: 0000000000000001
[  371.380921] FS:  00007f7d26ef9700(0000) GS:ffffffff81603000(0000) knlGS:0000000000000000
[  371.380921] CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[  371.380921] CR2: 00007f7d26a1f999 CR3: 0000000011f5b000 CR4: 00000000001006b0
[  371.380921] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  371.380921] DR3: 0000000000000000 DR6: 0000000000000000 DR7: 0000000000000000
[  371.380921] Stack:
[  371.380921]  ffff880011f67de0 ffffffff81017036 0000000000000000 ffff880011f67df0
[  371.380921]  ffffffff8101632f ffff880011f67e00 ffffffff8101656c ffff880011f67e10
[  371.380921]  ffffffff810165d3 ffff880011f67e20 ffffffff8101660f ffff880011f67e38
[  371.380921] Call Trace:
[  371.380921]  [<ffffffff81017036>] lapic_shutdown+0x46/0x49
[  371.380921]  [<ffffffff8101632f>] native_machine_shutdown+0x13/0x20
[  371.380921]  [<ffffffff8101656c>] machine_shutdown+0xf/0x11
[  371.380921]  [<ffffffff810165d3>] native_machine_restart+0x25/0x37
[  371.380921]  [<ffffffff8101660f>] machine_restart+0xf/0x11
[  371.380921]  [<ffffffff81057e4d>] kernel_restart+0x54/0x57
[  371.380921]  [<ffffffff81057fe7>] SYSC_reboot+0xbb/0x168
[  371.380921]  [<ffffffff810ae16f>] ? __free_pages+0x27/0x48
[  371.380921]  [<ffffffff810ae1cd>] ? free_pages+0x3d/0x41
[  371.380921]  [<ffffffff810d2f19>] ? slob_free_pages+0x36/0x38
[  371.380921]  [<ffffffff810d39fb>] ? __kmem_cache_free+0x30/0x32
[  371.380921]  [<ffffffff810d3a54>] ? kmem_cache_free+0x3a/0x7d
[  371.380921]  [<ffffffff810e1ffb>] ? final_putname+0x34/0x37
[  371.380921]  [<ffffffff810d84ed>] ? do_sys_open+0xed/0xff
[  371.380921]  [<ffffffff8123ea26>] ? lockdep_sys_exit_thunk+0x35/0x67
[  371.380921]  [<ffffffff81058125>] SyS_reboot+0xe/0x10
[  371.380921]  [<ffffffff81386deb>] system_call_fastpath+0x1a/0x1f
[  371.380921] Code: ff b9 50 00 00 00 48 89 e5 e8 fe 7f 32 00 0f b6 c4 c1 e0 19 48 98 5d c3 55 48 89 e5 e8 6a 23 ff ff 66 90 5d c3 55 48 89 e5 57 9d <66> 66 90 66 90 5d c3 55 48 89 e5 fa 66 66 90 66 66 90 5d c3 55 [  371.380921] RIP  [<ffffffff81016663>] arch_local_irq_restore+0x6/0xd
[  371.380921]  RSP <ffff880011f67dc8>
[  371.380921] ---[ end trace 345c675a0d78fd90 ]---
[  371.380921] Kernel panic - not syncing: Fatal exception

Attached dmesg for the parent commit, too, to help confirm whether it is a noise error.

git bisect start v3.14 v3.13 --
git bisect good 494479038d97f1b9f76fc633a360a681acdf035c  # 21:34    300+     80  Merge tag 'pinctrl-v3.14-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl
git bisect  bad 751a03c3728ed393287374078b98c3094a0b3bd2  # 21:53    229-      3  Merge tag 'pm+acpi-3.14-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
git bisect  bad 87eeff7974ae665f6d4d74c2f97c04d4b180b5d6  # 22:18    252-     11  Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client
git bisect  bad 161aa772f972ec75b292f25d65816a6f1cd285cf  # 22:51    281-      1  Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
git bisect good 641f832c73babf0405c7afb41c8bfed999ebbad7  # 23:25    300+    121  Merge branch 'drm-fixes' of git://people.freedesktop.org/~airlied/linux
git bisect good 85643586677c877f28891200e0cb9514547af589  # 23:51    300+     70  Merge tag 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging
git bisect good 5e57dc81106b942786f5db8e7ab8788bb9319933  # 00:28    300+     84  Merge branch 'for-linus' of git://git.kernel.dk/linux-block
git bisect good 3bd354abe17f2c8aa426ef84b78f14e505f0a920  # 00:58    300+     86  Merge tag 'edac_for_3.14' of git://git.kernel.org/pub/scm/linux/kernel/git/bp/bp
git bisect good eef445eedcd80aa4f3646cecf285cf934d264eb6  # 01:52    300+     92  Merge tag 'pm+acpi-3.14-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
git bisect good a9f180345f5378ac87d80ed0bea55ba421d83859  # 02:36    300+     90  compiler/gcc4: Make quirk for asm_volatile_goto() unconditional
git bisect  bad 4640c7ee9b8953237d05a61ea3ea93981d1bc961  # 02:49    240-      1  x86, smap: smap_violation() is bogus if CONFIG_X86_SMAP is off
git bisect good 03bbd596ac04fef47ce93a730b8f086d797c3021  # 03:03    300+     94  x86, smap: Don't enable SMAP if CONFIG_X86_SMAP is disabled
# first bad commit: [4640c7ee9b8953237d05a61ea3ea93981d1bc961] x86, smap: smap_violation() is bogus if CONFIG_X86_SMAP is off
git bisect good 03bbd596ac04fef47ce93a730b8f086d797c3021  # 03:17    900+    280  x86, smap: Don't enable SMAP if CONFIG_X86_SMAP is disabled
git bisect  bad 21d162b9c6aef0e9bea24f97fe2edefb5965e95c  # 03:17      0-      4  0day head guard for 'devel-hourly-2014040912'
git bisect  bad 4ba85265790ba3681deeaf73f018c0eb829a7341  # 03:37    756-     27  Merge branch 'for_linus' of git://cavan.codon.org.uk/platform-drivers-x86
git bisect  bad 53101f8be33d9dab12a5994b154c2029fadaaab4  # 03:46    215-     19  Add linux-next specific files for 20140410


This script may reproduce the error.

-----------------------------------------------------------------------------
#!/bin/bash

kernel=$1
initrd=yocto-minimal-x86_64.cgz

wget --no-clobber https://github.com/fengguang/reproduce-kernel-bug/blob/master/initrd/$initrd

kvm=(
	qemu-system-x86_64 -cpu Haswell,+smep,+smap 	-kernel $kernel
	-initrd $initrd
	-smp 2
	-m 256M
	-net nic,vlan=0,macaddr=00:00:00:00:00:00,model=virtio
	-net user,vlan=0
	-net nic,vlan=1,model=e1000
	-net user,vlan=1
	-boot order=nc
	-no-reboot
	-watchdog i6300esb
	-serial stdio
	-display none
	-monitor null
)

append=(
	debug
	sched_debug
	apic=debug
	ignore_loglevel
	sysrq_always_enabled
	panic=10
	prompt_ramdisk=0
	earlyprintk=ttyS0,115200
	console=ttyS0,115200
	console=tty0
	vga=normal
	root=/dev/ram0
	rw
)

"${kvm[@]}" --append "${append[*]}"
-----------------------------------------------------------------------------

Thanks,
Jet



View attachment "dmesg-yocto-brickland3-173:20140411025202:x86_64-randconfig-i0-04091721:3.14.0-rc1-00186-g4640c7e:1" of type "text/plain" (42157 bytes)

View attachment "dmesg-quantal-brickland3-102:20140411031611:x86_64-randconfig-i0-04091721:3.14.0-rc1-00171-g03bbd59:1" of type "text/plain" (37658 bytes)

Download attachment "x86_64-randconfig-i0-04091721-21d162b9c6aef0e9bea24f97fe2edefb5965e95c-general-protection-fault:-fff--20451.log" of type "application/octet-stream" (54003 bytes)

View attachment "config-3.14.0-rc1-00186-g4640c7e" of type "text/plain" (74063 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ