lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:	Sat, 2 Aug 2014 13:48:39 +0800
From:	Fengguang Wu <fengguang.wu@...el.com>
To:	linux-mtd@...ts.infradead.org
Cc:	Jet Chen <jet.chen@...el.com>, Su Tao <tao.su@...el.com>,
	Yuanhan Liu <yuanhan.liu@...el.com>, LKP <lkp@...org>,
	linux-kernel@...r.kernel.org
Subject: [SBC-GXx] kernel BUG at include/linux/mtd/map.h:148!

Hello,

I hit a very old bug and it's 100% reproducible in linux-next.

+------------------------------------------+---------------+
|                                          | next-20140801 |
+------------------------------------------+---------------+
| boot_successes                           | 0             |
| boot_failures                            | 11            |
+------------------------------------------+---------------+
| kernel_BUG_at_include/linux/mtd/map.h    | 11            |
| invalid_opcode                           | 11            |
| EIP_is_at_mtd_do_chip_probe              | 11            |
| Kernel_panic-not_syncing:Fatal_exception | 11            |
| backtrace:do_map_probe                   | 11            |
| backtrace:init_sbc_gxx                   | 11            |
| backtrace:kernel_init_freeable           | 11            |
+------------------------------------------+---------------+

[   11.176775] SBC-GXx flash: IO:0x258-0x259 MEM:0xdc000-0xdffff
[   11.178043] ------------[ cut here ]------------
[   11.178043] ------------[ cut here ]------------
[   11.179055] kernel BUG at include/linux/mtd/map.h:148!
[   11.179055] kernel BUG at include/linux/mtd/map.h:148!
[   11.180013] invalid opcode: 0000 [#1] 
[   11.180013] invalid opcode: 0000 [#1] SMP SMP 

[   11.180013] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 3.11.0-rc3-00024-gaf058ab #13
[   11.180013] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 3.11.0-rc3-00024-gaf058ab #13
[   11.180013] task: c0040000 ti: c003e000 task.ti: c003e000
[   11.180013] task: c0040000 ti: c003e000 task.ti: c003e000
[   11.180013] EIP: 0060:[<c13053fa>] EFLAGS: 00010246 CPU: 0
[   11.180013] EIP: 0060:[<c13053fa>] EFLAGS: 00010246 CPU: 0
[   11.180013] EIP is at mtd_do_chip_probe+0x1a/0x20
[   11.180013] EIP is at mtd_do_chip_probe+0x1a/0x20
[   11.180013] EAX: 00000000 EBX: c1737fd0 ECX: 00000000 EDX: c003fe84
[   11.180013] EAX: 00000000 EBX: c1737fd0 ECX: 00000000 EDX: c003fe84
[   11.180013] ESI: c16b09a5 EDI: c003fec0 EBP: c003fec4 ESP: c003fe84
[   11.180013] ESI: c16b09a5 EDI: c003fec0 EBP: c003fec4 ESP: c003fe84
[   11.180013]  DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068
[   11.180013]  DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068
[   11.180013] CR0: 80050033 CR2: 00000000 CR3: 01816000 CR4: 000406b0
[   11.180013] CR0: 80050033 CR2: 00000000 CR3: 01816000 CR4: 000406b0
[   11.180013] Stack:
[   11.180013] Stack:
[   11.180013]  00000000
[   11.180013]  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000

[   11.180013]  00000000
[   11.180013]  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000 c17387e0 c17387e0

[   11.180013]  c003fecc
[   11.180013]  c003fecc c1301c62 c1301c62 c003fee0 c003fee0 c1301bfc c1301bfc 00000000 00000000 c17ce159 c17ce159 000001bf
000001bf c003ff00 c003ff00

[   11.180013] Call Trace:
[   11.180013] Call Trace:
[   11.180013]  [<c1301c62>] cfi_probe+0x12/0x20
[   11.180013]  [<c1301c62>] cfi_probe+0x12/0x20
[   11.180013]  [<c1301bfc>] do_map_probe+0x5c/0x80
[   11.180013]  [<c1301bfc>] do_map_probe+0x5c/0x80
[   11.180013]  [<c17ce159>] ? physmap_init+0x35/0x35
[   11.180013]  [<c17ce159>] ? physmap_init+0x35/0x35
[   11.180013]  [<c17ce241>] init_sbc_gxx+0xe8/0x123
[   11.180013]  [<c17ce241>] init_sbc_gxx+0xe8/0x123
[   11.180013]  [<c179ab44>] do_one_initcall+0xac/0x13a
[   11.180013]  [<c179ab44>] do_one_initcall+0xac/0x13a
[   11.180013]  [<c11d5289>] ? strlen+0x9/0x20
[   11.180013]  [<c11d5289>] ? strlen+0x9/0x20
[   11.180013]  [<c11d5289>] ? strlen+0x9/0x20
[   11.180013]  [<c11d5289>] ? strlen+0x9/0x20
[   11.180013]  [<c179a519>] ? repair_env_string+0x12/0x51
[   11.180013]  [<c179a519>] ? repair_env_string+0x12/0x51
[   11.180013]  [<c105f285>] ? parse_args+0x2a5/0x3f0
[   11.180013]  [<c105f285>] ? parse_args+0x2a5/0x3f0
[   11.180013]  [<c179acfa>] kernel_init_freeable+0x128/0x1c2
[   11.180013]  [<c179acfa>] kernel_init_freeable+0x128/0x1c2
[   11.180013]  [<c179a507>] ? do_early_param+0x7a/0x7a
[   11.180013]  [<c179a507>] ? do_early_param+0x7a/0x7a
[   11.180013]  [<c14b5050>] kernel_init+0x10/0x150
[   11.180013]  [<c14b5050>] kernel_init+0x10/0x150
[   11.180013]  [<c14c22bb>] ret_from_kernel_thread+0x1b/0x30                                                  
[   11.180013]  [<c14c22bb>] ret_from_kernel_thread+0x1b/0x30
[   11.180013]  [<c14b5040>] ? rest_init+0xd0/0xd0
[   11.180013]  [<c14b5040>] ? rest_init+0xd0/0xd0
[   11.180013] Code:
[   11.180013] Code: 5d 5d c3 c3 66 66 90 90 66 66 90 90 66 66 90 90 66 66 90 90 66 66 90 90 66 66 90 90 66 66 90 90 90 90 55 55
89 89 e5 e5 57 57 83 83 ec ec 3c 3c e8 e8 04 04 d5 d5 1b 1b 00 00 31 31 c0 c0 b9 b9 0f 0f 00 00 00 00 00 00 8d 8d 55 55 c0 c0 89
89 d7 d7 f3 f3 ab ab <0f> <0f> 0b 0b 66 66 90 90 66 66 90 90 55 55 89 89 e5 e5 e8 e8 e8 e8 d4 d4 1b 1b 00 00 ba ba 10 10 82 82 73
73 c1 c1 e8 e8 ce ce

[   11.180013] EIP: [<c13053fa>]
[   11.180013] EIP: [<c13053fa>] mtd_do_chip_probe+0x1a/0x20mtd_do_chip_probe+0x1a/0x20 SS:ESP 0068:c003fe84
 SS:ESP 0068:c003fe84
[   11.220762] ---[ end trace 6b2355da72108a70 ]---
[   11.220762] ---[ end trace 6b2355da72108a70 ]---
[   11.221768] Kernel panic - not syncing: Fatal exception
[   11.221768] Kernel panic - not syncing: Fatal exception
[   11.222981] Rebooting in 10 seconds..
[   11.222981] Rebooting in 10 seconds..


This script may reproduce the error.

----------------------------------------------------------------------------
#!/bin/bash

kernel=$1
initrd=quantal-core-i386.cgz

wget --no-clobber https://github.com/fengguang/reproduce-kernel-bug/raw/master/initrd/$initrd

kvm=(
	qemu-system-x86_64
	-enable-kvm
	-cpu Haswell,+smep,+smap
	-kernel $kernel
	-initrd $initrd
	-m 320
	-smp 2
	-net nic,vlan=1,model=e1000
	-net user,vlan=1
	-boot order=nc
	-no-reboot
	-watchdog i6300esb
	-rtc base=localtime
	-serial stdio
	-display none
	-monitor null 
)

append=(
	hung_task_panic=1
	earlyprintk=ttyS0,115200
	debug
	apic=debug
	sysrq_always_enabled
	rcupdate.rcu_cpu_stall_timeout=100
	panic=10
	softlockup_panic=1
	nmi_watchdog=panic
	prompt_ramdisk=0
	console=ttyS0,115200
	console=tty0
	vga=normal
	root=/dev/ram0
	rw
	drbd.minor_count=8
)

"${kvm[@]}" --append "${append[*]}"
----------------------------------------------------------------------------

Thanks,
Fengguang

View attachment "dmesg-quantal-kbuild-29:20140802122123:i386-randconfig-x1-08020829:3.11.0-rc3-00024-gaf058ab:13" of type "text/plain" (54567 bytes)

Download attachment "i386-randconfig-x1-08020829-4198cf324ddea447daac3f83d3c2319ced774201-kernel-BUG-at-112284.log" of type "application/octet-stream" (95147 bytes)

View attachment "config-3.11.0-rc3-00024-gaf058ab" of type "text/plain" (71310 bytes)

_______________________________________________
LKP mailing list
LKP@...ux.intel.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ