lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20140730141109.GO16537@localhost>
Date:	Wed, 30 Jul 2014 22:11:09 +0800
From:	Fengguang Wu <fengguang.wu@...el.com>
To:	Andy Lutomirski <luto@...capital.net>
Cc:	Jet Chen <jet.chen@...el.com>, Su Tao <tao.su@...el.com>,
	Yuanhan Liu <yuanhan.liu@...el.com>, LKP <lkp@...org>,
	linux-kernel@...r.kernel.org
Subject: [x86,kaslr] [ 0.000000] BUG: unable to handle kernel NULL pointer
 dereference at 00000000000006fc

Hi Andy,

FYI, one more BUG message for commit

commit d07c7f1ed61789e175fa975134855be32263be2c
Author:     Andy Lutomirski <luto@...capital.net>
AuthorDate: Tue Jul 15 18:34:20 2014 -0700
Commit:     Andy Lutomirski <luto@...capital.net>
CommitDate: Wed Jul 16 10:01:27 2014 -0700

    x86,kaslr: Use MSR_KVM_GET_RNG_SEED for KASLR if available
    
    It's considerably better than any of the alternatives on KVM.
    
    Rather than reinventing all of the cpu feature query code, this fixes
    native_cpuid to work in PIC objects.
    
    I haven't combined it with boot/cpuflags.c's cpuid implementation:
    including asm/processor.h from boot/cpuflags.c results in a flood of
    unrelated errors, and fixing it might be messy.
    
    Signed-off-by: Andy Lutomirski <luto@...capital.net>

===================================================
PARENT COMMIT NOT CLEAN. LOOK OUT FOR WRONG BISECT!
===================================================
Attached dmesg for the parent commit, too, to help confirm whether it is a noise error.

+----------------------------------------------------------+------------+------------+------------------+
|                                                          | c6f07a6360 | d07c7f1ed6 | v3.16-rc5_071701 |
+----------------------------------------------------------+------------+------------+------------------+
| boot_successes                                           | 1139       | 200        | 11               |
| boot_failures                                            | 61         | 100        | 10               |
| BUG:kernel_boot_hang                                     | 61         | 56         | 6                |
| BUG:unable_to_handle_kernel_NULL_pointer_dereference     | 0          | 44         | 4                |
| Oops                                                     | 0          | 44         | 4                |
| RIP:__free_pages_bootmem                                 | 0          | 44         | 4                |
| Kernel_panic-not_syncing:Attempted_to_kill_the_idle_task | 0          | 44         | 4                |
| backtrace:free_all_bootmem                               | 0          | 44         | 4                |
| backtrace:mem_init                                       | 0          | 44         | 4                |
+----------------------------------------------------------+------------+------------+------------------+

[    0.000000] Dentry cache hash table entries: 65536 (order: 7, 524288 bytes)
[    0.000000] Inode-cache hash table entries: 32768 (order: 6, 262144 bytes)
[    0.000000] xsave: enabled xstate_bv 0x7, cntxt size 0x0
[    0.000000] BUG: unable to handle kernel NULL pointer dereference at 00000000000006fc
[    0.000000] IP: [<ffffffff81cb4108>] __free_pages_bootmem+0x21/0x9d
[    0.000000] PGD 0 
[    0.000000] Oops: 0002 [#1] 
[    0.000000] Modules linked in:
[    0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 3.16.0-rc5-00004-gd07c7f1 #1
[    0.000000] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[    0.000000] task: ffffffff81a1a4c0 ti: ffffffff81a00000 task.ti: ffffffff81a00000
[    0.000000] RIP: 0010:[<ffffffff81cb4108>]  [<ffffffff81cb4108>] __free_pages_bootmem+0x21/0x9d
[    0.000000] RSP: 0000:ffffffff81a03ed8  EFLAGS: 00010012
[    0.000000] RAX: 0000000000000734 RBX: 0000000000000010 RCX: 0000000000000004
[    0.000000] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 00000000000006fc
[    0.000000] RBP: ffffffff81a03f00 R08: 000000000000000f R09: 0000000000000010
[    0.000000] R10: 000000000000001c R11: 000000000009f000 R12: 0000000000000099
[    0.000000] R13: 0000000000000020 R14: 000000000000000a R15: ffffffff81c9b120
[    0.000000] FS:  0000000000000000(0000) GS:ffffffff81a25000(0000) knlGS:0000000000000000
[    0.000000] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[    0.000000] CR2: 00000000000006fc CR3: 0000000001a15000 CR4: 00000000000406a0
[    0.000000] Stack:
[    0.000000]  ffffffff81cb6bd3 0000000000000000 ffffffff81d19940 ffff880013ffc140
[    0.000000]  ffffffff81d200a0 ffffffff81a03f38 ffffffff81cb6de3 0000000000000000
[    0.000000]  0000000000010000 0000000000099000 0000000200000000 ffffffffffffffff
[    0.000000] Call Trace:
[    0.000000]  [<ffffffff81cb6bd3>] ? __free_memory_core+0xa2/0xb9
[    0.000000]  [<ffffffff81cb6de3>] free_all_bootmem+0x51/0xd2
[    0.000000]  [<ffffffff81cab152>] mem_init+0xe/0x21
[    0.000000]  [<ffffffff81c9be28>] start_kernel+0x1eb/0x4ea
[    0.000000]  [<ffffffff81c9b98c>] ? set_init_arg+0x55/0x55
[    0.000000]  [<ffffffff81c9b5b1>] x86_64_start_reservations+0x2a/0x2c
[    0.000000]  [<ffffffff81c9b725>] x86_64_start_kernel+0x172/0x181
[    0.000000] Code: 89 e5 5d c3 55 48 89 e5 5d c3 40 88 f1 41 b9 01 00 00 00 41 d3 e1 0f 18 0f 31 d2 48 89 f8 45 8d 41 ff eb 15 48 83 c0 38 0f 18 08 <0f> ba 70 c8 0a c7 40 e4 00 00 00 00 ff c2 41 39 d0 77 e6 4d 6b 
[    0.000000] RIP  [<ffffffff81cb4108>] __free_pages_bootmem+0x21/0x9d
[    0.000000]  RSP <ffffffff81a03ed8>
[    0.000000] CR2: 00000000000006fc
[    0.000000] ---[ end trace 87d1642ee2ad5638 ]---
[    0.000000] Kernel panic - not syncing: Attempted to kill the idle task!

git bisect start 5e60c2af7a8bde5cfaee8ffd77cfc5b62db0a04e 1795cd9b3a91d4b5473c97f491d63892442212ab --
git bisect good bc1f2f93f68bccd988af7e6f73384860ac241b78  # 07:33    300+    123  Merge 'socfpga-nex/nios2-upstream' into devel-hourly-2014071701
git bisect  bad 0d7e1ca40ef16fce5297579121717fc793761b38  # 07:33      0-    123  Merge 'dynticks/nohz/sysidle' into devel-hourly-2014071701
git bisect good 33c13bf2487a42efa1ac9bcce5623ab74a375c93  # 07:37    300+     30  Merge 'ubifs/linux-next' into devel-hourly-2014071701
git bisect good 1032f73a32951d7f14ed7fdadedb0fef3c6d0f49  # 07:43    300+      0  Merge 'spi/for-next' into devel-hourly-2014071701
git bisect  bad 1f2859f0786338fe4c2a18ea518a5b2a2f1b5491  # 08:01     16-     82  Merge 'shawnguo/for-next' into devel-hourly-2014071701
git bisect good 73c47688a039158a6d395629d3ab32e606e13d1a  # 08:27    300+     26  Merge 'regulator/for-next' into devel-hourly-2014071701
git bisect  bad b973fdf5e6e6fe84b51f79919e5dc8574ae859da  # 08:38      1-     32  Merge 'luto/sync_rand_seed' into devel-hourly-2014071701
git bisect good 5778e65d5ca52bebbaa023e177d863e44f098e96  # 08:44    300+      0  random,x86: Add arch_get_slow_rng_u64
git bisect  bad d07c7f1ed61789e175fa975134855be32263be2c  # 08:52      0-      1  x86,kaslr: Use MSR_KVM_GET_RNG_SEED for KASLR if available
git bisect good c6f07a63601fbb36c09bf250b5538abb47b51e44  # 09:04    300+     58  random: Seed pools from arch_get_slow_rng_u64 at startup
# first bad commit: [d07c7f1ed61789e175fa975134855be32263be2c] x86,kaslr: Use MSR_KVM_GET_RNG_SEED for KASLR if available
git bisect good c6f07a63601fbb36c09bf250b5538abb47b51e44  # 09:10    900+     61  random: Seed pools from arch_get_slow_rng_u64 at startup
git bisect  bad 5e60c2af7a8bde5cfaee8ffd77cfc5b62db0a04e  # 09:10      0-     10  0day head guard for 'devel-hourly-2014071701'
git bisect good b6603fe574af289dbe9eb9fb4c540bca04f5a053  # 09:49    900+    104  Merge tag 'for-linus-20140716' of git://git.infradead.org/linux-mtd
git bisect good d4f4d1d45cd1b9aa60e61c2eab25a5d9a79a26f3  # 10:06    900+      5  Add linux-next specific files for 20140716


This script may reproduce the error.

----------------------------------------------------------------------------
#!/bin/bash

kernel=$1

kvm=(
	qemu-system-x86_64
	-enable-kvm
	-cpu Haswell,+smep,+smap
	-kernel $kernel
	-m 320
	-smp 2
	-net nic,vlan=1,model=e1000
	-net user,vlan=1
	-boot order=nc
	-no-reboot
	-watchdog i6300esb
	-rtc base=localtime
	-serial stdio
	-display none
	-monitor null 
)

append=(
	hung_task_panic=1
	earlyprintk=ttyS0,115200
	debug
	apic=debug
	sysrq_always_enabled
	rcupdate.rcu_cpu_stall_timeout=100
	panic=10
	softlockup_panic=1
	nmi_watchdog=panic
	prompt_ramdisk=0
	console=ttyS0,115200
	console=tty0
	vga=normal
	root=/dev/ram0
	rw
	drbd.minor_count=8
)

"${kvm[@]}" --append "${append[*]}"
----------------------------------------------------------------------------

Thanks,
Fengguang

View attachment "dmesg-quantal-kbuild-30:20140717085020:x86_64-randconfig-s1-07170206:3.16.0-rc5-00004-gd07c7f1:1" of type "text/plain" (12217 bytes)

View attachment "dmesg-quantal-ivb41-100:20140717090131:x86_64-randconfig-s1-07170206::" of type "text/plain" (75054 bytes)

Download attachment "x86_64-randconfig-s1-07170206-5e60c2af7a8bde5cfaee8ffd77cfc5b62db0a04e-BUG:-unable-to-handle-kernel-NULL-pointer-dereference-86592.log" of type "application/octet-stream" (73634 bytes)

View attachment "config-3.16.0-rc5-00004-gd07c7f1" of type "text/plain" (75977 bytes)

_______________________________________________
LKP mailing list
LKP@...ux.intel.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ