lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:	Wed, 30 Jul 2014 11:57:31 +0800
From:	Fengguang Wu <fengguang.wu@...el.com>
To:	Dan Williams <dan.j.williams@...el.com>
Cc:	Jet Chen <jet.chen@...el.com>, Su Tao <tao.su@...el.com>,
	Yuanhan Liu <yuanhan.liu@...el.com>, LKP <lkp@...org>,
	linux-kernel@...r.kernel.org, linux-usb@...r.kernel.org
Subject: [xhci] kernel BUG at include/linux/scatterlist.h:115!

Greetings,

0day kernel testing robot got the below dmesg and the first bad commit is

git://git.kernel.org/pub/scm/linux/kernel/git/djbw/usb.git td-fragments-v1
commit 61d9c2ad31b11b87c319bbc2a963040742bac77c
Author:     Dan Williams <dan.j.williams@...el.com>
AuthorDate: Tue Jul 22 00:08:51 2014 -0700
Commit:     Dan Williams <dan.j.williams@...el.com>
CommitDate: Thu Jul 24 18:12:38 2014 -0700

    xhci: unit test ring enqueue/dequeue routines
    
    Given the complexity of satisfying xhci 1.0+ host trb boundary
    constraints, provide a test case that exercises inserting mid-segment
    links into a ring.
    
    The linker --wrap= option is used to not pollute the global identifier
    space and to make it clear which standard xhci driver routines are being
    mocked-up.  The --wrap= option does not come into play when both
    xhci-hcd and xhci-test are built-in to the kernel, so namespace
    collisions are prevented by excluding xhci-test from the build when
    xhci-hcd is built-in.
    
    It's unfortunate that this is an in-kernel test rather than userspace
    and that the infrastructure is custom rather than generic.  That said,
    it serves its purpose of exercising the corner cases of the scatterlist
    parsing implementation in xhci.
    
    Signed-off-by: Dan Williams <dan.j.williams@...el.com>

+-----------------------------------------------------------+------------+------------+------------------+
|                                                           | 5a87c68543 | 61d9c2ad31 | v3.16-rc6_072510 |
+-----------------------------------------------------------+------------+------------+------------------+
| boot_successes                                            | 60         | 0          | 0                |
| boot_failures                                             | 0          | 20         | 11               |
| kernel_BUG_at_include/linux/scatterlist.h                 | 0          | 20         | 11               |
| invalid_opcode                                            | 0          | 20         | 11               |
| RIP:setup_test_skip64                                     | 0          | 20         | 11               |
| Kernel_panic-not_syncing:Attempted_to_kill_init_exitcode= | 0          | 20         | 11               |
| backtrace:xhci_test_init                                  | 0          | 20         | 11               |
| backtrace:kernel_init_freeable                            | 0          | 20         | 11               |
+-----------------------------------------------------------+------------+------------+------------------+

[    0.661771] Silicon Labs C2 port support v. 0.51.0 - (C) 2007 Rodolfo Giometti
[    0.662899] usbcore: registered new interface driver rtsx_usb
[    0.669506] ------------[ cut here ]------------
[    0.670014] kernel BUG at include/linux/scatterlist.h:115!
[    0.670014] invalid opcode: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC
[    0.670014] Modules linked in:
[    0.670014] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 3.16.0-rc5-00226-g61d9c2a #1
[    0.670014] task: ffff8800116b8000 ti: ffff8800116c0000 task.ti: ffff8800116c0000
[    0.670014] RIP: 0010:[<ffffffff81571f12>]  [<ffffffff81571f12>] setup_test_skip64+0x152/0x2f0
[    0.670014] RSP: 0000:ffff8800116c3d08  EFLAGS: 00010202
[    0.670014] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000003
[    0.670014] RDX: 0000000000000001 RSI: 0000000000000001 RDI: ffffffff81c51928
[    0.670014] RBP: ffff8800116c3d68 R08: 0000000000000000 R09: 0000000000000000
[    0.670014] R10: ffff880011437000 R11: ffff880013cda4a8 R12: 000000000000ffe0
[    0.670014] R13: ffff8800116c3e18 R14: ffff8800116c3e0c R15: 0000000000001000
[    0.670014] FS:  0000000000000000(0000) GS:ffff880013800000(0000) knlGS:0000000000000000
[    0.670014] CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[    0.670014] CR2: 0000000000000000 CR3: 0000000001b21000 CR4: 00000000000006f0
[    0.670014] Stack:
[    0.670014]  ffffffffffffffff ffffffff81f74b97 0000000000000000 ffff8800116c3e40
[    0.670014]  000000000000ffe0 ffff880011437000 0000000000000000 0000000000000000
[    0.670014]  ffff88000f67d800 0000000000000000 ffffffff81f74b97 0000000000000000
[    0.670014] Call Trace:
[    0.670014]  [<ffffffff81f74b97>] ? mon_bin_init+0x107/0x107
[    0.670014]  [<ffffffff81f74b97>] ? mon_bin_init+0x107/0x107
[    0.670014]  [<ffffffff81f74dd5>] xhci_test_init+0x23e/0xc56
[    0.670014]  [<ffffffff81571dc0>] ? setup_test_32_248_8+0x370/0x370
[    0.670014]  [<ffffffff8127ffff>] ? migrate_vmas+0x2f/0xc0
[    0.670014]  [<ffffffff813bd246>] ? kvasprintf+0x86/0xa0
[    0.670014]  [<ffffffff81571dc0>] ? setup_test_32_248_8+0x370/0x370
[    0.670014]  [<ffffffff81571a50>] ? setup_test_wrap64+0x380/0x380
[    0.670014]  [<ffffffff815716d0>] ? setup_test_dont_trim+0x350/0x350
[    0.670014]  [<ffffffff81571380>] ? xhci_ring_free+0x1d0/0x1d0
[    0.670014]  [<ffffffff81f74b97>] ? mon_bin_init+0x107/0x107
[    0.670014]  [<ffffffff81002243>] do_one_initcall+0x1b3/0x300
[    0.670014]  [<ffffffff810f2bec>] ? parse_args+0x3fc/0x6d0
[    0.670014]  [<ffffffff81f20592>] kernel_init_freeable+0x118/0x1e1
[    0.670014]  [<ffffffff81f1f9f9>] ? do_early_param+0xc3/0xc3
[    0.670014]  [<ffffffff816bad30>] ? rest_init+0x160/0x160
[    0.670014]  [<ffffffff816bad3e>] kernel_init+0xe/0x160
[    0.670014]  [<ffffffff816d46fc>] ret_from_fork+0x7c/0xb0
[    0.670014]  [<ffffffff816bad30>] ? rest_init+0x160/0x160
[    0.670014] Code: e8 64 5a b1 ff 83 f0 01 31 d2 48 c7 c7 28 19 c5 81 0f b6 d8 89 de e8 3e 66 c5 ff 48 63 d3 48 83 04 d5 e0 dd e7 81 01 85 db 74 02 <0f> 0b 44 89 e0 48 8b 75 c8 48 ba 00 00 00 80 ff 77 00 00 25 ff 
[    0.670014] RIP  [<ffffffff81571f12>] setup_test_skip64+0x152/0x2f0
[    0.670014]  RSP <ffff8800116c3d08>
[    0.705046] ---[ end trace 15557dc49fd3f925 ]---
[    0.705639] Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b

git bisect start 98e9e9efbc6c4585c23b77550cb961da1b0b8c84 9a3c4145af32125c5ee39c0272662b47307a8323 --
git bisect good 28a8d131fa8d9d65ec6bc91356caa6de030f7b44  # 12:50     20+      0  Merge 'tty/tty-next' into devel-hourly-2014072510
git bisect good b939dd815bc66d1ec0b71ddd879e69c6f2cc5701  # 12:54     20+      0  Merge 'battery/master' into devel-hourly-2014072510
git bisect good 3b46ae4ef1bcd6f2cebb20dd967ca6398c0ae97c  # 12:57     20+      0  Merge 'hwmon/hwmon' into devel-hourly-2014072510
git bisect good 126cd14c70323d188924acce9e969e279e0612cf  # 13:05     20+      0  Merge 'hwmon/hwmon-staging' into devel-hourly-2014072510
git bisect  bad 9719ff8bbd9c4bd011d1fe4c68aeef90e61c4665  # 13:07      0-     20  Merge 'djbw-usb/td-fragments-v1' into devel-hourly-2014072510
git bisect good 8346b33fad01cfe93f0fd0e64cd32ff40bd4ba41  # 13:16     20+      0  Documentation: DocBook: elieminate doc build break
git bisect good 1c094728b68c28e52abb64f0686aace61495a4fa  # 13:19     20+      0  usb-core: Remove Fix mes in file hcd.c
git bisect good 7ebdb52e192c4d496a9b3a87d47eba3eba3e1fd4  # 13:25     20+      0  phy: miphy365x: Represent each PHY channel as a DT subnode
git bisect good 31033361d83c1b0e3b900c474d31374b63892a9e  # 13:34     20+      0  xhci: introduce xhci_to_dev
git bisect good ea22a95d88bc1381888cc41556d4a92783285221  # 13:38     20+      0  xhci: introduce struct xhci_ring_pointer
git bisect good 182711c160f9a102cde5ba7e38a8e9d5156b2945  # 13:48     20+      0  xhci: combine xhci_queue_bulk_tx() and queue_bulk_sg_tx()
git bisect good 5eec677ca7e5e5ae2ec2e262f099c2cf75888f1e  # 13:53     20+      0  xhci: fix xhci_queue_ctrl_tx() ring space reservation
git bisect  bad 61d9c2ad31b11b87c319bbc2a963040742bac77c  # 13:57      0-     20  xhci: unit test ring enqueue/dequeue routines
git bisect good 5a87c68543bfd6421f3cf59a44a49b97257d606a  # 14:01     20+      0  xhci: v1.0 scatterlist enqueue support (td-fragment rework)
# first bad commit: [61d9c2ad31b11b87c319bbc2a963040742bac77c] xhci: unit test ring enqueue/dequeue routines
git bisect good 5a87c68543bfd6421f3cf59a44a49b97257d606a  # 14:03     60+      0  xhci: v1.0 scatterlist enqueue support (td-fragment rework)
git bisect  bad 98e9e9efbc6c4585c23b77550cb961da1b0b8c84  # 14:03      0-     11  0day head guard for 'devel-hourly-2014072510'
git bisect good 82e13c71bc655b6dc7110da4e164079dadb44892  # 02:09     60+      0  Merge branch 'for-3.16' of git://linux-nfs.org/~bfields/linux
git bisect good 5a7439efd1c5c416f768fc550048ca130cf4bf99  # 02:41     60+      0  Add linux-next specific files for 20140725


This script may reproduce the error.

----------------------------------------------------------------------------
#!/bin/bash

kernel=$1
initrd=yocto-minimal-x86_64.cgz

wget --no-clobber https://github.com/fengguang/reproduce-kernel-bug/blob/master/initrd/$initrd

kvm=(
	qemu-system-x86_64
	-cpu kvm64
	-enable-kvm
	-kernel $kernel
	-initrd $initrd
	-m 320
	-smp 1
	-net nic,vlan=1,model=e1000
	-net user,vlan=1
	-boot order=nc
	-no-reboot
	-watchdog i6300esb
	-rtc base=localtime
	-serial stdio
	-display none
	-monitor null 
)

append=(
	hung_task_panic=1
	earlyprintk=ttyS0,115200
	debug
	apic=debug
	sysrq_always_enabled
	rcupdate.rcu_cpu_stall_timeout=100
	panic=10
	softlockup_panic=1
	nmi_watchdog=panic
	prompt_ramdisk=0
	console=ttyS0,115200
	console=tty0
	vga=normal
	root=/dev/ram0
	rw
	drbd.minor_count=8
)

"${kvm[@]}" --append "${append[*]}"
----------------------------------------------------------------------------

Thanks,
Fengguang

View attachment "dmesg-yocto-vp-14:20140725135700:x86_64-randconfig-s0-07251232:3.16.0-rc5-00226-g61d9c2a:1" of type "text/plain" (31037 bytes)

Download attachment "x86_64-randconfig-s0-07251232-98e9e9efbc6c4585c23b77550cb961da1b0b8c84-kernel-BUG-at-16196.log" of type "application/octet-stream" (40787 bytes)

View attachment "config-3.16.0-rc5-00226-g61d9c2a" of type "text/plain" (76763 bytes)

_______________________________________________
LKP mailing list
LKP@...ux.intel.com

Powered by blists - more mailing lists