| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20140730035541.GD16537@localhost>
Date: Wed, 30 Jul 2014 11:55:41 +0800
From: Fengguang Wu <fengguang.wu@...el.com>
To: Al Viro <viro@...iv.linux.org.uk>
Cc: Jet Chen <jet.chen@...el.com>, Su Tao <tao.su@...el.com>,
Yuanhan Liu <yuanhan.liu@...el.com>, LKP <lkp@...org>,
linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [delayed_fput] BUG: unable to handle kernel paging request at
ffff8800122a0ad0
Greetings,
0day kernel testing robot got the below dmesg and the first bad commit is
git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
commit 4a9d4b024a3102fc083c925c242d98ac27b1c5f6
Author: Al Viro <viro@...iv.linux.org.uk>
AuthorDate: Sun Jun 24 09:56:45 2012 +0400
Commit: Al Viro <viro@...iv.linux.org.uk>
CommitDate: Sun Jul 22 23:57:58 2012 +0400
switch fput to task_work_add
... and schedule_work() for interrupt/kernel_thread callers
(and yes, now it *is* OK to call from interrupt).
We are guaranteed that __fput() will be done before we return
to userland (or exit). Note that for fput() from a kernel
thread we get an async behaviour; it's almost always OK, but
sometimes you might need to have __fput() completed before
you do anything else. There are two mechanisms for that -
a general barrier (flush_delayed_fput()) and explicit
__fput_sync(). Both should be used with care (as was the
case for fput() from kernel threads all along). See comments
in fs/file_table.c for details.
Signed-off-by: Al Viro <viro@...iv.linux.org.uk>
+-------------------------------------------------------+------------+------------+---------------+
| | a2d4c71d15 | 4a9d4b024a | next-20140725 |
+-------------------------------------------------------+------------+------------+---------------+
| boot_successes | 900 | 189 | 14 |
| boot_failures | 0 | 111 | 7 |
| BUG:Bad_page_state_in_process | 0 | 1 | |
| general_protection_fault | 0 | 2 | 2 |
| RIP:slob_alloc | 0 | 1 | |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 15 | 6 |
| backtrace:cryptomgr_test | 0 | 2 | 3 |
| backtrace:kmem_cache_alloc_node | 0 | 1 | |
| backtrace:__delayacct_tsk_init | 0 | 1 | |
| backtrace:do_fork | 0 | 1 | |
| BUG:kernel_boot_hang | 0 | 85 | |
| BUG:spinlock_bad_magic_on_CPU | 0 | 2 | |
| BUG:unable_to_handle_kernel_NULL_pointer_dereference | 0 | 3 | 1 |
| Oops | 0 | 23 | 5 |
| RIP:dcache_readdir | 0 | 1 | |
| RIP:kobject_get_path | 0 | 1 | |
| backtrace:acpi_bus_register_driver | 0 | 1 | |
| backtrace:acpi_button_init | 0 | 1 | |
| RIP:__d_lookup | 0 | 1 | |
| BUG:unable_to_handle_kernel_paging_request | 0 | 20 | 6 |
| RIP:slob_page_alloc | 0 | 8 | 2 |
| backtrace:subsys_system_register | 0 | 9 | |
| backtrace:init_clocksource_sysfs | 0 | 9 | |
| RIP:kzfree | 0 | 10 | 2 |
| Kernel_panic-not_syncing:Fatal_exception_in_interrupt | 0 | 10 | 1 |
| backtrace:run_ksoftirqd | 0 | 10 | |
| RIP:set_slob | 0 | 2 | |
| RIP:do_raw_spin_lock | 0 | 1 | |
| backtrace:async_schedule | 0 | 1 | |
| backtrace:acpi_battery_init | 0 | 1 | |
| RIP:__d_lookup_rcu | 0 | 0 | 1 |
| backtrace:vfs_stat | 0 | 0 | 1 |
| backtrace:SyS_newstat | 0 | 0 | 1 |
| RIP:no_context | 0 | 0 | 1 |
| RIP:crypto_ahash_setkey | 0 | 0 | 1 |
+-------------------------------------------------------+------------+------------+---------------+
[ 0.491632] microcode: CPU0 sig=0x306c1, pf=0x1, revision=0x1
[ 0.492419] microcode: Microcode Update Driver: v2.00 <tigran@...azian.fsnet.co.uk>, Peter Oruba
[ 0.495181] alg: No test for __gcm-aes-aesni (__driver-gcm-aes-aesni)
[ 0.496687] BUG: unable to handle kernel paging request at ffff8800122a0ad0
[ 0.496916] IP: [<ffffffff810b8a17>] slob_page_alloc+0x3c/0x1dc
[ 0.496916] PGD 15a0063 PUD 15a4063 PMD 13cd5067 PTE 122a0160
[ 0.496916] Oops: 0000 [#1] DEBUG_PAGEALLOC
[ 0.496916] CPU 0
[ 0.496916] Modules linked in:
[ 0.496916]
[ 0.496916] Pid: 1, comm: swapper Not tainted 3.5.0-rc6-00262-g4a9d4b0 #7 Bochs Bochs
[ 0.496916] RIP: 0010:[<ffffffff810b8a17>] [<ffffffff810b8a17>] slob_page_alloc+0x3c/0x1dc
[ 0.496916] RSP: 0018:ffff880012823bd8 EFLAGS: 00010002
[ 0.496916] RAX: ffff8800122a0ad0 RBX: ffff88001229df88 RCX: 0000000000000038
[ 0.496916] RDX: 0000000000000008 RSI: 0000000000000070 RDI: ffff88001229df88
[ 0.496916] RBP: ffff880012823c20 R08: ffff88001229dbc8 R09: ffffffff815c3410
[ 0.496916] R10: 0000000000000007 R11: 0000000000000008 R12: ffff8800132ce740
[ 0.496916] R13: 0000000000000000 R14: 0000000000000008 R15: ffff8800122a0ad0
[ 0.496916] FS: 0000000000000000(0000) GS:ffffffff815b0000(0000) knlGS:0000000000000000
[ 0.496916] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[ 0.496916] CR2: ffff8800122a0ad0 CR3: 000000000159f000 CR4: 00000000000406f0
[ 0.496916] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 0.496916] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 0.496916] Process swapper (pid: 1, threadinfo ffff880012822000, task ffff88001280e810)
[ 0.496916] Stack:
[ 0.496916] 0000000000000007 0000003800000008 fffffffffffffff8 0000000000000038
[ 0.496916] ffffffff815c3410 0000000000000070 ffff8800132ce740 0000000000000008
[ 0.496916] 0000000000000038 ffff880012823c80 ffffffff810b8c42 0000000000000297
[ 0.496916] Call Trace:
[ 0.496916] [<ffffffff810b8c42>] slob_alloc.isra.15+0x8b/0x208
[ 0.496916] [<ffffffff810b8ea7>] kmem_cache_alloc_node+0x28/0x5f
[ 0.496916] [<ffffffff810a1419>] ? kstrdup+0x28/0x41
[ 0.496916] [<ffffffff81100d99>] sysfs_new_dirent+0x51/0x101
[ 0.496916] [<ffffffff81101120>] create_dir+0x33/0xa9
[ 0.496916] [<ffffffff81101462>] sysfs_create_dir+0x95/0xb3
[ 0.496916] [<ffffffff811813f3>] kobject_add_internal+0xca/0x1c1
[ 0.496916] [<ffffffff8118171c>] ? kobject_set_name+0x38/0x3a
[ 0.496916] [<ffffffff81181a66>] kset_register+0x20/0x3e
[ 0.496916] [<ffffffff81181ae7>] kset_create_and_add+0x63/0x7d
[ 0.496916] [<ffffffff81216835>] __bus_register+0x102/0x27b
[ 0.496916] [<ffffffff8164ea8c>] ? clocksource_done_booting+0x5a/0x5a
[ 0.496916] [<ffffffff81216dea>] subsys_system_register+0x1d/0xc1
[ 0.496916] [<ffffffff8164ea8c>] ? clocksource_done_booting+0x5a/0x5a
[ 0.496916] [<ffffffff8164ea9e>] init_clocksource_sysfs+0x12/0x52
[ 0.496916] [<ffffffff81002078>] do_one_initcall+0x78/0x131
[ 0.496916] [<ffffffff8163cca5>] kernel_init+0x14a/0x1c2
[ 0.496916] [<ffffffff8163c502>] ? do_early_param+0x8a/0x8a
[ 0.496916] [<ffffffff813e50d4>] kernel_thread_helper+0x4/0x10
[ 0.496916] [<ffffffff8163cb5b>] ? start_kernel+0x40a/0x40a
[ 0.496916] [<ffffffff813e50d0>] ? gs_change+0x13/0x13
[ 0.496916] Code: 41 54 49 89 fc 53 31 db 48 83 ec 20 48 89 45 d0 48 d1 6d d0 48 63 c2 8b 4d d0 4c 8b 7f 20 4c 8d 50 ff 48 f7 d8 31 ff 48 89 45 c8 <66> 45 8b 37 b8 01 00 00 00 66 45 85 f6 44 0f 4e f0 85 d2 74 11
[ 0.496916] RIP [<ffffffff810b8a17>] slob_page_alloc+0x3c/0x1dc
[ 0.496916] RSP <ffff880012823bd8>
[ 0.496916] CR2: ffff8800122a0ad0
[ 0.496916] ---[ end trace 4eaa2a86a8e2da22 ]---
[ 0.496916] Kernel panic - not syncing: Fatal exception
git bisect start v3.6 v3.5 --
git bisect bad 1dd8372d350583b0acc8d7cfd7a1dee05e1942dc # 00:14 10- 12 MAINTAINERS: update address for Dan Williams
git bisect bad a410963ba4c0c768302f0298e258b1ee940e8316 # 00:19 169- 7 Merge branch 'i2c-embedded/for-next' of git://git.pengutronix.de/git/wsa/linux
git bisect bad e8ff13b0bf88b5e696323a1eec877783d965b3c6 # 00:25 59- 24 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid
git bisect bad e66d637134b7045ea6f14bdd416cd3695f73ed42 # 00:28 7- 13 Merge tag 'dma' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc
git bisect good 7cd58b0a3b33ca9e1f1dd15b30c708ef77ba6d3e # 00:44 300+ 13 Merge tag 'regmap-3.6' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regmap
git bisect bad a66d2c8f7ec1284206ca7c14569e2a607583f1e3 # 00:54 218- 7 Merge branch 'for-linus-2' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
git bisect good 7100e505b76b4e2efd88b2459d1a932214e29f8a # 01:11 300+ 0 Merge tag 'pm-for-3.6-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
git bisect good 5b160bd426946c85f32b15e5d34d62d2618a5a87 # 01:19 300+ 0 Merge branch 'x86-mce-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
git bisect good a6be1fcbc57f95bb47ef3c8e4ee3d83731b8f21e # 01:31 300+ 0 Merge tag 'mmc-merge-for-3.6-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/cjb/mmc
git bisect good 79714f72d3b964611997de512cb29198c9f2dbbb # 01:43 300+ 0 get rid of kern_path_parent()
git bisect bad 715189d836ab276b3d0fc114681f12b423686ffa # 01:52 67- 2 hfs: push lock_super down
git bisect good 0bdaea9017b9d2b9996e153a71ee03555969b80e # 02:12 300+ 1 VFS: Split inode_permission()
git bisect bad 4a9d4b024a3102fc083c925c242d98ac27b1c5f6 # 02:20 43- 35 switch fput to task_work_add
git bisect good 158e1645e07f3e9f7e4962d7a0997f5c3b98311b # 02:35 300+ 74 trim task_work: get rid of hlist
git bisect good ed3e694d78cc75fa79bf29698631b146fd27aa35 # 02:47 300+ 0 move exit_task_work() past exit_files() et.al.
git bisect good a2d4c71d1559426155e5da8db3265bfa0d8d398d # 02:57 300+ 0 deal with task_work callbacks adding more work
# first bad commit: [4a9d4b024a3102fc083c925c242d98ac27b1c5f6] switch fput to task_work_add
git bisect good a2d4c71d1559426155e5da8db3265bfa0d8d398d # 03:04 900+ 0 deal with task_work callbacks adding more work
git bisect bad 5a7439efd1c5c416f768fc550048ca130cf4bf99 # 03:04 0- 7 Add linux-next specific files for 20140725
git bisect bad 9c5502189fa00ad623aed7ff006d5c2a16b121c0 # 03:11 12- 18 Merge tag 'sound-3.16-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound
git bisect bad 5a7439efd1c5c416f768fc550048ca130cf4bf99 # 03:11 0- 7 Add linux-next specific files for 20140725
This script may reproduce the error.
----------------------------------------------------------------------------
#!/bin/bash
kernel=$1
initrd=yocto-minimal-x86_64.cgz
wget --no-clobber https://github.com/fengguang/reproduce-kernel-bug/blob/master/initrd/$initrd
kvm=(
qemu-system-x86_64
-enable-kvm
-cpu Haswell,+smep,+smap
-kernel $kernel
-initrd $initrd
-m 320
-smp 1
-net nic,vlan=1,model=e1000
-net user,vlan=1
-boot order=nc
-no-reboot
-watchdog i6300esb
-rtc base=localtime
-serial stdio
-display none
-monitor null
)
append=(
hung_task_panic=1
earlyprintk=ttyS0,115200
debug
apic=debug
sysrq_always_enabled
rcupdate.rcu_cpu_stall_timeout=100
panic=10
softlockup_panic=1
nmi_watchdog=panic
prompt_ramdisk=0
console=ttyS0,115200
console=tty0
vga=normal
root=/dev/ram0
rw
drbd.minor_count=8
)
"${kvm[@]}" --append "${append[*]}"
----------------------------------------------------------------------------
Thanks,
Fengguang
View attachment "dmesg-yocto-kbuild-7:20140727021945:x86_64-randconfig-r1-07262119:3.5.0-rc6-00262-g4a9d4b0:7" of type "text/plain" (30469 bytes)
Download attachment "x86_64-randconfig-r1-07262119-5a7439efd1c5c416f768fc550048ca130cf4bf99-BUG:-unable-to-handle-kernel-paging-request-3032.log" of type "application/octet-stream" (95914 bytes)
View attachment "config-3.5.0-rc6-00262-g4a9d4b0" of type "text/plain" (74881 bytes)
_______________________________________________
LKP mailing list
LKP@...ux.intel.com
Powered by blists - more mailing lists