| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20140819114738.GB18960@localhost>
Date: Tue, 19 Aug 2014 19:47:38 +0800
From: Fengguang Wu <fengguang.wu@...el.com>
To: "Eric W. Biederman" <ebiederm@...ssion.com>
Cc: Al Viro <viro@...iv.linux.org.uk>, LKP <lkp@...org>,
linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [vfs mnt_set_mountpoint] invalid opcode: 0000 [#1] DEBUG_PAGEALLOC
// Fix email address for Eric and add another oops message.
// This commit seem to generate all kinds of oops.
git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master
commit 89f7ca1af15bdfe7a6aed343032a84af2a69f736
Author: Eric W. Biederman <ebiederman@...tter.com>
AuthorDate: Sun Sep 22 19:37:01 2013 -0700
Commit: Al Viro <viro@...iv.linux.org.uk>
CommitDate: Sun Aug 17 07:02:00 2014 -0400
vfs: Keep a list of mounts on a mount point
To spot any possible problems call BUG if a mountpoint
is put when it's list of mounts is not empty.
AV: use hlist instead of list_head
Reviewed-by: Miklos Szeredi <miklos@...redi.hu>
Signed-off-by: Eric W. Biederman <ebiederman@...tter.com>
Signed-off-by: Al Viro <viro@...iv.linux.org.uk>
+-----------------------------------------------------------------------------+------------+------------+---------------+
| | de0ed92a2f | 89f7ca1af1 | next-20140818 |
+-----------------------------------------------------------------------------+------------+------------+---------------+
| boot_successes | 204 | 0 | 0 |
| boot_failures | 1696 | 900 | 11 |
| WARNING:CPU:PID:at_mm/early_ioremap.c:__early_ioremap() | 1696 | 643 | |
| backtrace:acpi_initialize_tables | 1696 | 643 | |
| backtrace:acpi_table_init | 1696 | 643 | |
| backtrace:acpi_boot_table_init | 1696 | 643 | |
| BUG:kernel_boot_hang | 542 | 150 | 1 |
| BUG:unable_to_handle_kernel_paging_request | 0 | 356 | 3 |
| Oops | 0 | 616 | 6 |
| RIP:mnt_set_mountpoint | 0 | 543 | 7 |
| BUG:sleeping_function_called_from_invalid_context_at_kernel/locking/rwsem.c | 0 | 627 | 7 |
| INFO:lockdep_is_turned_off | 0 | 629 | 7 |
| backtrace:do_mount | 0 | 543 | 7 |
| backtrace:SyS_mount | 0 | 543 | 7 |
| BUG:unable_to_handle_kernel_NULL_pointer_dereference | 0 | 260 | 3 |
| RIP:find_vma_links | 0 | 52 | 1 |
| backtrace:vm_mmap_pgoff | 0 | 55 | 2 |
| backtrace:SyS_mmap_pgoff | 0 | 55 | 2 |
| backtrace:SyS_mmap | 0 | 55 | 2 |
| invalid_opcode | 0 | 27 | 1 |
| RIP:filesystems_proc_show | 0 | 27 | 2 |
| backtrace:vfs_read | 0 | 33 | 2 |
| backtrace:SyS_read | 0 | 33 | 2 |
| RIP:anon_vma_interval_tree_insert | 0 | 30 | |
| backtrace:do_fork | 0 | 31 | |
| backtrace:SyS_clone | 0 | 31 | |
| general_protection_fault | 0 | 122 | 3 |
| Kernel_panic-not_syncing:Attempted_to_kill_init_exitcode= | 0 | 16 | |
| RIP:kmem_rcu_free | 0 | 26 | |
| Kernel_panic-not_syncing:Fatal_exception_in_interrupt | 0 | 28 | |
| backtrace:smpboot_thread_fn | 0 | 27 | |
| RIP:find_vma | 0 | 1 | |
| WARNING:CPU:PID:at_kernel/locking/lockdep.c:__bfs() | 0 | 2 | |
| RIP:__bfs | 0 | 2 | |
| backtrace:do_group_exit | 0 | 52 | |
| backtrace:SyS_exit_group | 0 | 52 | |
| RIP:tty_ioctl | 0 | 1 | |
| RIP:tty_write | 0 | 1 | |
| backtrace:do_vfs_ioctl | 0 | 1 | |
| backtrace:SyS_ioctl | 0 | 1 | |
| backtrace:vfs_write | 0 | 1 | |
| backtrace:SyS_write | 0 | 1 | |
| WARNING:CPU:PID:at_mm/page_alloc.c:__alloc_pages_nodemask() | 0 | 2 | |
| BUG:Bad_page_state_in_process | 0 | 7 | |
| RIP:free_pages_prepare | 0 | 7 | |
| backtrace:vm_munmap | 0 | 2 | |
| backtrace:SyS_munmap | 0 | 2 | |
| RIP:single_next | 0 | 1 | |
| INFO:task_blocked_for_more_than_seconds | 0 | 2 | 1 |
| RIP:flat_send_IPI_mask | 0 | 2 | 1 |
| Kernel_panic-not_syncing:hung_task:blocked_tasks | 0 | 2 | 1 |
| backtrace:watchdog | 0 | 2 | 1 |
| RIP:__lock_acquire | 0 | 3 | |
| RIP:put_cred_rcu | 0 | 1 | |
| RIP:seq_vprintf | 0 | 4 | |
| INFO:trying_to_register_non-static_key | 0 | 2 | |
| RIP:down_write | 0 | 1 | |
| BUG:scheduling_while_atomic | 0 | 4 | |
| BUG:Bad_page_map_in_process | 0 | 1 | |
| kernel_BUG_at_include/linux/swapops.h | 0 | 1 | |
| RIP:unmap_single_vma | 0 | 1 | |
| RIP:unmapped_area_topdown | 0 | 1 | |
| RIP:slob_page_alloc | 0 | 1 | |
| backtrace:prepare_creds | 0 | 1 | |
| backtrace:SyS_faccessat | 0 | 1 | |
| backtrace:SyS_access | 0 | 1 | |
| BUG:sleeping_function_called_from_invalid_context_at_mm/memory.c | 0 | 1 | |
| kernel_BUG_at_fs/namespace.c | 0 | 17 | |
| RIP:put_mountpoint | 0 | 17 | |
| backtrace:umount_tree | 0 | 17 | |
| backtrace:SyS_umount | 0 | 17 | |
| is_trying_to_release_lock(file_systems_lock)at | 0 | 1 | |
| RIP:anon_vma_interval_tree_remove | 0 | 4 | |
| RIP:unlink_anon_vmas | 0 | 1 | |
| backtrace:do_execve | 0 | 1 | |
| backtrace:SyS_execve | 0 | 1 | |
| backtrace:vfs_stat | 0 | 1 | |
| backtrace:SyS_newstat | 0 | 1 | |
| backtrace:vfs_mkdir | 0 | 1 | |
| backtrace:SyS_mkdirat | 0 | 1 | |
| backtrace:SyS_mkdir | 0 | 1 | |
+-----------------------------------------------------------------------------+------------+------------+---------------+
mountall: Event failed
[ 9.750309] init: Failed to create pty - disabling logging for job
[ 9.764652] init: Temporary process spawn error: No such file or directory
[ 9.808126] invalid opcode: 0000 [#1] DEBUG_PAGEALLOC
[ 9.809013] CPU: 0 PID: 162 Comm: mount Not tainted 3.16.0-10291-g89f7ca1 #1
[ 9.809013] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 9.809013] task: ffff88000bb36000 ti: ffff88000bb50000 task.ti: ffff88000bb50000
[ 9.809013] RIP: 0010:[<ffffffff811a81d6>] [<ffffffff811a81d6>] filesystems_proc_show+0xa/0x8d
[ 9.809013] RSP: 0018:ffff88000bb53e88 EFLAGS: 00010203
[ 9.809013] RAX: ffff88000bb3f7dd RBX: 0000000000000000 RCX: 800000000bb8c060
[ 9.809013] RDX: 0000000000000001 RSI: 0000000000000001 RDI: ffff88000bb3f728
[ 9.809013] RBP: ffff88000bb53ef0 R08: 0000000000000001 R09: 000000000000bb8c
[ 9.809013] R10: 0000000000000000 R11: 0000000000000222 R12: 0000000000000400
[ 9.809013] R13: ffff88000bb53f58 R14: ffff88000bb3f728 R15: ffff88000bb9c800
[ 9.809013] FS: 00007fd52c855800(0000) GS:ffffffff81b7c000(0000) knlGS:0000000000000000
[ 9.809013] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 9.809013] CR2: 0000000000618008 CR3: 000000000bbfe000 CR4: 00000000000406b0
[ 9.809013] Stack:
[ 9.809013] ffff88000bb53ef0 ffffffff811aef31 ffff88000bb36488 0000000000000001
[ 9.809013] ffff88000bb3f768 00007fd52c85b000 0000000000000000 ffff88000bb53ee8
[ 9.809013] ffff88000c36aa50 00007fd52c85b000 ffff88000bb53f58 0000000000000000
[ 9.809013] Call Trace:
[ 9.809013] [<ffffffff811aef31>] ? seq_read+0x1dc/0x4a4
[ 9.809013] [<ffffffff811cfd6f>] proc_reg_read+0x5a/0x9b
[ 9.809013] [<ffffffff811cfd15>] ? proc_reg_write+0x9b/0x9b
[ 9.809013] [<ffffffff81182783>] vfs_read+0xad/0x129
[ 9.809013] [<ffffffff81182c07>] SyS_read+0x5e/0xcf
[ 9.809013] [<ffffffff8172e111>] tracesys+0xd3/0xd8
[ 9.809013] Code: 31 d2 48 c7 c6 cc 81 1a 81 48 ff 05 05 62 b3 01 48 89 e5 e8 ad 77 00 00 48 ff 05 fe 61 b3 01 5d c3 55 48 ff 05 bc 61 b3 01 b0 dd <60> 0d 00 88 ff ff 48 c7 c7 c0 db c0 81 53 e8 60 4e 58 00 48 8b
[ 9.809013] RIP [<ffffffff811a81d6>] filesystems_proc_show+0xa/0x8d
[ 9.809013] RSP <ffff88000bb53e88>
[ 9.883837] ---[ end trace 4f22e95511a0a94c ]---
mountall: mount /dev/pts [162] killed by SEGV signal
git bisect start f68f82364938548b58b51d4b926642b0a3cf4c27 7d1311b93e58ed55f3a31cc8f94c4b8fe988a2b9 --
git bisect bad 473f9639819684765e78d298f192b8030fe1290c # 17:45 0- 55 Merge remote-tracking branch 'block/for-next'
git bisect good 9a9d24bbcb7185700286b300e1db132a481d0e1f # 18:06 900+ 422 Merge remote-tracking branch 'tile/master'
git bisect bad c0698b7d9847e0cbc46881368ec9c72474968ad8 # 18:06 0- 298 Merge remote-tracking branch 'hid/for-next'
git bisect good f55058463a57a59e8b5a59f8b4ae1875c7a91a44 # 18:16 900+ 435 Merge remote-tracking branch 'fscache/fscache'
git bisect good 76bb1241bec5f597b025b997d6ae7e193dab8289 # 18:32 900+ 448 Merge remote-tracking branch 'logfs/master'
git bisect bad 9016ceb4b3699bc95ffaeed371e5fd0745bab224 # 18:32 0- 1197 Merge remote-tracking branch 'vfs/for-next'
git bisect bad 76a8a45241be2aff38944e74811e23d1024a71fa # 18:39 44- 47 vfs: Make d_invalidate return void
git bisect bad 89f7ca1af15bdfe7a6aed343032a84af2a69f736 # 18:41 70- 72 vfs: Keep a list of mounts on a mount point
git bisect good 7fed866b5ce6f45fb0c226c6ff897d7af3a1176a # 19:00 900+ 680 vfs: Document the effect of d_revalidate on d_find_alias
git bisect good de0ed92a2fbb9eb93a97da7612363c8c3130ec20 # 19:08 900+ 784 vfs: Don't allow overwriting mounts in the current mount namespace
# first bad commit: [89f7ca1af15bdfe7a6aed343032a84af2a69f736] vfs: Keep a list of mounts on a mount point
git bisect good de0ed92a2fbb9eb93a97da7612363c8c3130ec20 # 19:12 1000+ 1696 vfs: Don't allow overwriting mounts in the current mount namespace
git bisect bad f68f82364938548b58b51d4b926642b0a3cf4c27 # 19:14 0- 11 Add linux-next specific files for 20140818
git bisect good 7d1311b93e58ed55f3a31cc8f94c4b8fe988a2b9 # 19:19 1000+ 1377 Linux 3.17-rc1
git bisect bad f68f82364938548b58b51d4b926642b0a3cf4c27 # 19:19 0- 11 Add linux-next specific files for 20140818
This script may reproduce the error.
----------------------------------------------------------------------------
#!/bin/bash
kernel=$1
initrd=quantal-core-x86_64.cgz
wget --no-clobber https://github.com/fengguang/reproduce-kernel-bug/raw/master/initrd/$initrd
kvm=(
qemu-system-x86_64
-enable-kvm
-cpu Haswell,+smep,+smap
-kernel $kernel
-initrd $initrd
-m 320
-smp 2
-net nic,vlan=1,model=e1000
-net user,vlan=1
-boot order=nc
-no-reboot
-watchdog i6300esb
-rtc base=localtime
-serial stdio
-display none
-monitor null
)
append=(
hung_task_panic=1
earlyprintk=ttyS0,115200
debug
apic=debug
sysrq_always_enabled
rcupdate.rcu_cpu_stall_timeout=100
panic=10
softlockup_panic=1
nmi_watchdog=panic
load_ramdisk=2
prompt_ramdisk=0
console=ttyS0,115200
console=tty0
vga=normal
root=/dev/ram0
rw
drbd.minor_count=8
)
"${kvm[@]}" --append "${append[*]}"
----------------------------------------------------------------------------
Thanks,
Fengguang
View attachment "dmesg-quantal-kbuild-5:20140819183934:x86_64-randconfig-ib1-08181713:3.16.0-10291-g89f7ca1:1" of type "text/plain" (115685 bytes)
Download attachment "x86_64-randconfig-ib1-08181713-f68f82364938548b58b51d4b926642b0a3cf4c27-filesystems_proc_show+-x-29154.log" of type "application/octet-stream" (64408 bytes)
View attachment "config-3.16.0-10291-g89f7ca1" of type "text/plain" (70713 bytes)
Powered by blists - more mailing lists