lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 30 Jul 2014 11:57:31 +0800 From: Fengguang Wu <fengguang.wu@...el.com> To: Dan Williams <dan.j.williams@...el.com> Cc: Jet Chen <jet.chen@...el.com>, Su Tao <tao.su@...el.com>, Yuanhan Liu <yuanhan.liu@...el.com>, LKP <lkp@...org>, linux-kernel@...r.kernel.org, linux-usb@...r.kernel.org Subject: [xhci] kernel BUG at include/linux/scatterlist.h:115! Greetings, 0day kernel testing robot got the below dmesg and the first bad commit is git://git.kernel.org/pub/scm/linux/kernel/git/djbw/usb.git td-fragments-v1 commit 61d9c2ad31b11b87c319bbc2a963040742bac77c Author: Dan Williams <dan.j.williams@...el.com> AuthorDate: Tue Jul 22 00:08:51 2014 -0700 Commit: Dan Williams <dan.j.williams@...el.com> CommitDate: Thu Jul 24 18:12:38 2014 -0700 xhci: unit test ring enqueue/dequeue routines Given the complexity of satisfying xhci 1.0+ host trb boundary constraints, provide a test case that exercises inserting mid-segment links into a ring. The linker --wrap= option is used to not pollute the global identifier space and to make it clear which standard xhci driver routines are being mocked-up. The --wrap= option does not come into play when both xhci-hcd and xhci-test are built-in to the kernel, so namespace collisions are prevented by excluding xhci-test from the build when xhci-hcd is built-in. It's unfortunate that this is an in-kernel test rather than userspace and that the infrastructure is custom rather than generic. That said, it serves its purpose of exercising the corner cases of the scatterlist parsing implementation in xhci. Signed-off-by: Dan Williams <dan.j.williams@...el.com> +-----------------------------------------------------------+------------+------------+------------------+ | | 5a87c68543 | 61d9c2ad31 | v3.16-rc6_072510 | +-----------------------------------------------------------+------------+------------+------------------+ | boot_successes | 60 | 0 | 0 | | boot_failures | 0 | 20 | 11 | | kernel_BUG_at_include/linux/scatterlist.h | 0 | 20 | 11 | | invalid_opcode | 0 | 20 | 11 | | RIP:setup_test_skip64 | 0 | 20 | 11 | | Kernel_panic-not_syncing:Attempted_to_kill_init_exitcode= | 0 | 20 | 11 | | backtrace:xhci_test_init | 0 | 20 | 11 | | backtrace:kernel_init_freeable | 0 | 20 | 11 | +-----------------------------------------------------------+------------+------------+------------------+ [ 0.661771] Silicon Labs C2 port support v. 0.51.0 - (C) 2007 Rodolfo Giometti [ 0.662899] usbcore: registered new interface driver rtsx_usb [ 0.669506] ------------[ cut here ]------------ [ 0.670014] kernel BUG at include/linux/scatterlist.h:115! [ 0.670014] invalid opcode: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC [ 0.670014] Modules linked in: [ 0.670014] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 3.16.0-rc5-00226-g61d9c2a #1 [ 0.670014] task: ffff8800116b8000 ti: ffff8800116c0000 task.ti: ffff8800116c0000 [ 0.670014] RIP: 0010:[<ffffffff81571f12>] [<ffffffff81571f12>] setup_test_skip64+0x152/0x2f0 [ 0.670014] RSP: 0000:ffff8800116c3d08 EFLAGS: 00010202 [ 0.670014] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000003 [ 0.670014] RDX: 0000000000000001 RSI: 0000000000000001 RDI: ffffffff81c51928 [ 0.670014] RBP: ffff8800116c3d68 R08: 0000000000000000 R09: 0000000000000000 [ 0.670014] R10: ffff880011437000 R11: ffff880013cda4a8 R12: 000000000000ffe0 [ 0.670014] R13: ffff8800116c3e18 R14: ffff8800116c3e0c R15: 0000000000001000 [ 0.670014] FS: 0000000000000000(0000) GS:ffff880013800000(0000) knlGS:0000000000000000 [ 0.670014] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b [ 0.670014] CR2: 0000000000000000 CR3: 0000000001b21000 CR4: 00000000000006f0 [ 0.670014] Stack: [ 0.670014] ffffffffffffffff ffffffff81f74b97 0000000000000000 ffff8800116c3e40 [ 0.670014] 000000000000ffe0 ffff880011437000 0000000000000000 0000000000000000 [ 0.670014] ffff88000f67d800 0000000000000000 ffffffff81f74b97 0000000000000000 [ 0.670014] Call Trace: [ 0.670014] [<ffffffff81f74b97>] ? mon_bin_init+0x107/0x107 [ 0.670014] [<ffffffff81f74b97>] ? mon_bin_init+0x107/0x107 [ 0.670014] [<ffffffff81f74dd5>] xhci_test_init+0x23e/0xc56 [ 0.670014] [<ffffffff81571dc0>] ? setup_test_32_248_8+0x370/0x370 [ 0.670014] [<ffffffff8127ffff>] ? migrate_vmas+0x2f/0xc0 [ 0.670014] [<ffffffff813bd246>] ? kvasprintf+0x86/0xa0 [ 0.670014] [<ffffffff81571dc0>] ? setup_test_32_248_8+0x370/0x370 [ 0.670014] [<ffffffff81571a50>] ? setup_test_wrap64+0x380/0x380 [ 0.670014] [<ffffffff815716d0>] ? setup_test_dont_trim+0x350/0x350 [ 0.670014] [<ffffffff81571380>] ? xhci_ring_free+0x1d0/0x1d0 [ 0.670014] [<ffffffff81f74b97>] ? mon_bin_init+0x107/0x107 [ 0.670014] [<ffffffff81002243>] do_one_initcall+0x1b3/0x300 [ 0.670014] [<ffffffff810f2bec>] ? parse_args+0x3fc/0x6d0 [ 0.670014] [<ffffffff81f20592>] kernel_init_freeable+0x118/0x1e1 [ 0.670014] [<ffffffff81f1f9f9>] ? do_early_param+0xc3/0xc3 [ 0.670014] [<ffffffff816bad30>] ? rest_init+0x160/0x160 [ 0.670014] [<ffffffff816bad3e>] kernel_init+0xe/0x160 [ 0.670014] [<ffffffff816d46fc>] ret_from_fork+0x7c/0xb0 [ 0.670014] [<ffffffff816bad30>] ? rest_init+0x160/0x160 [ 0.670014] Code: e8 64 5a b1 ff 83 f0 01 31 d2 48 c7 c7 28 19 c5 81 0f b6 d8 89 de e8 3e 66 c5 ff 48 63 d3 48 83 04 d5 e0 dd e7 81 01 85 db 74 02 <0f> 0b 44 89 e0 48 8b 75 c8 48 ba 00 00 00 80 ff 77 00 00 25 ff [ 0.670014] RIP [<ffffffff81571f12>] setup_test_skip64+0x152/0x2f0 [ 0.670014] RSP <ffff8800116c3d08> [ 0.705046] ---[ end trace 15557dc49fd3f925 ]--- [ 0.705639] Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b git bisect start 98e9e9efbc6c4585c23b77550cb961da1b0b8c84 9a3c4145af32125c5ee39c0272662b47307a8323 -- git bisect good 28a8d131fa8d9d65ec6bc91356caa6de030f7b44 # 12:50 20+ 0 Merge 'tty/tty-next' into devel-hourly-2014072510 git bisect good b939dd815bc66d1ec0b71ddd879e69c6f2cc5701 # 12:54 20+ 0 Merge 'battery/master' into devel-hourly-2014072510 git bisect good 3b46ae4ef1bcd6f2cebb20dd967ca6398c0ae97c # 12:57 20+ 0 Merge 'hwmon/hwmon' into devel-hourly-2014072510 git bisect good 126cd14c70323d188924acce9e969e279e0612cf # 13:05 20+ 0 Merge 'hwmon/hwmon-staging' into devel-hourly-2014072510 git bisect bad 9719ff8bbd9c4bd011d1fe4c68aeef90e61c4665 # 13:07 0- 20 Merge 'djbw-usb/td-fragments-v1' into devel-hourly-2014072510 git bisect good 8346b33fad01cfe93f0fd0e64cd32ff40bd4ba41 # 13:16 20+ 0 Documentation: DocBook: elieminate doc build break git bisect good 1c094728b68c28e52abb64f0686aace61495a4fa # 13:19 20+ 0 usb-core: Remove Fix mes in file hcd.c git bisect good 7ebdb52e192c4d496a9b3a87d47eba3eba3e1fd4 # 13:25 20+ 0 phy: miphy365x: Represent each PHY channel as a DT subnode git bisect good 31033361d83c1b0e3b900c474d31374b63892a9e # 13:34 20+ 0 xhci: introduce xhci_to_dev git bisect good ea22a95d88bc1381888cc41556d4a92783285221 # 13:38 20+ 0 xhci: introduce struct xhci_ring_pointer git bisect good 182711c160f9a102cde5ba7e38a8e9d5156b2945 # 13:48 20+ 0 xhci: combine xhci_queue_bulk_tx() and queue_bulk_sg_tx() git bisect good 5eec677ca7e5e5ae2ec2e262f099c2cf75888f1e # 13:53 20+ 0 xhci: fix xhci_queue_ctrl_tx() ring space reservation git bisect bad 61d9c2ad31b11b87c319bbc2a963040742bac77c # 13:57 0- 20 xhci: unit test ring enqueue/dequeue routines git bisect good 5a87c68543bfd6421f3cf59a44a49b97257d606a # 14:01 20+ 0 xhci: v1.0 scatterlist enqueue support (td-fragment rework) # first bad commit: [61d9c2ad31b11b87c319bbc2a963040742bac77c] xhci: unit test ring enqueue/dequeue routines git bisect good 5a87c68543bfd6421f3cf59a44a49b97257d606a # 14:03 60+ 0 xhci: v1.0 scatterlist enqueue support (td-fragment rework) git bisect bad 98e9e9efbc6c4585c23b77550cb961da1b0b8c84 # 14:03 0- 11 0day head guard for 'devel-hourly-2014072510' git bisect good 82e13c71bc655b6dc7110da4e164079dadb44892 # 02:09 60+ 0 Merge branch 'for-3.16' of git://linux-nfs.org/~bfields/linux git bisect good 5a7439efd1c5c416f768fc550048ca130cf4bf99 # 02:41 60+ 0 Add linux-next specific files for 20140725 This script may reproduce the error. ---------------------------------------------------------------------------- #!/bin/bash kernel=$1 initrd=yocto-minimal-x86_64.cgz wget --no-clobber https://github.com/fengguang/reproduce-kernel-bug/blob/master/initrd/$initrd kvm=( qemu-system-x86_64 -cpu kvm64 -enable-kvm -kernel $kernel -initrd $initrd -m 320 -smp 1 -net nic,vlan=1,model=e1000 -net user,vlan=1 -boot order=nc -no-reboot -watchdog i6300esb -rtc base=localtime -serial stdio -display none -monitor null ) append=( hung_task_panic=1 earlyprintk=ttyS0,115200 debug apic=debug sysrq_always_enabled rcupdate.rcu_cpu_stall_timeout=100 panic=10 softlockup_panic=1 nmi_watchdog=panic prompt_ramdisk=0 console=ttyS0,115200 console=tty0 vga=normal root=/dev/ram0 rw drbd.minor_count=8 ) "${kvm[@]}" --append "${append[*]}" ---------------------------------------------------------------------------- Thanks, Fengguang View attachment "dmesg-yocto-vp-14:20140725135700:x86_64-randconfig-s0-07251232:3.16.0-rc5-00226-g61d9c2a:1" of type "text/plain" (31037 bytes) Download attachment "x86_64-randconfig-s0-07251232-98e9e9efbc6c4585c23b77550cb961da1b0b8c84-kernel-BUG-at-16196.log" of type "application/octet-stream" (40787 bytes) View attachment "config-3.16.0-rc5-00226-g61d9c2a" of type "text/plain" (76763 bytes) _______________________________________________ LKP mailing list LKP@...ux.intel.com
Powered by blists - more mailing lists