lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20140828041404.GB4252@localhost>
Date:	Thu, 28 Aug 2014 12:14:04 +0800
From:	Fengguang Wu <fengguang.wu@...el.com>
To:	Dan Williams <dan.j.williams@...el.com>
Cc:	Jet Chen <jet.chen@...el.com>, Su Tao <tao.su@...el.com>,
	Yuanhan Liu <yuanhan.liu@...el.com>, LKP <lkp@...org>,
	linux-kernel@...r.kernel.org, linux-usb@...r.kernel.org
Subject: [xhci] kernel BUG at arch/x86/mm/physaddr.c:26!

Hi Dan,

Just in case it helps, here we find a different bug message in the
same commit.

git://git.kernel.org/pub/scm/linux/kernel/git/djbw/usb.git td-fragments-v1

commit e65e21a542cab81d794db4e5fe919c4e1d624ea7
Author:     Dan Williams <dan.j.williams@...el.com>
AuthorDate: Tue Jul 22 00:08:51 2014 -0700
Commit:     Dan Williams <dan.j.williams@...el.com>
CommitDate: Fri Aug 22 10:06:50 2014 -0700

    xhci: unit test ring enqueue/dequeue routines
    
    Given the complexity of satisfying xhci 1.0+ host trb boundary
    constraints, provide a test case that exercises inserting mid-segment
    links into a ring.
    
    The linker --wrap= option is used to not pollute the global identifier
    space and to make it clear which standard xhci driver routines are being
    mocked-up.  The --wrap= option does not come into play when both
    xhci-hcd and xhci-test are built-in to the kernel, so namespace
    collisions are prevented by excluding xhci-test from the build when
    xhci-hcd is built-in.
    
    It's unfortunate that this is an in-kernel test rather than userspace
    and that the infrastructure is custom rather than generic.  That said,
    it serves its purpose of exercising the corner cases of the scatterlist
    parsing implementation in xhci.
    
    Cc: Rusty Russell <rusty@...tcorp.com.au>
    Signed-off-by: Dan Williams <dan.j.williams@...el.com>

+------------------------------------------+------------+------------+
|                                          | fb6fa3e625 | e65e21a542 |
+------------------------------------------+------------+------------+
| boot_successes                           | 60         | 0          |
| boot_failures                            | 0          | 20         |
| kernel_BUG_at_arch/x86/mm/physaddr.c     | 0          | 20         |
| invalid_opcode                           | 0          | 20         |
| RIP:__phys_addr                          | 0          | 20         |
| Kernel_panic-not_syncing:Fatal_exception | 0          | 20         |
| backtrace:setup_test_skip64              | 0          | 20         |
| backtrace:xhci_test_init                 | 0          | 20         |
| backtrace:kernel_init_freeable           | 0          | 20         |
+------------------------------------------+------------+------------+

[    4.350603] ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver
[    4.351690] ohci-pci: OHCI PCI platform driver
[    4.353334] ------------[ cut here ]------------
[    4.353963] kernel BUG at arch/x86/mm/physaddr.c:26!
[    4.354861] invalid opcode: 0000 [#1] 
[    4.355395] CPU: 0 PID: 1 Comm: swapper Not tainted 3.16.0-rc5-00225-ge65e21a #6
[    4.356374] task: ffff880000160000 ti: ffff880000168000 task.ti: ffff880000168000
[    4.357360] RIP: 0010:[<ffffffff810709e7>]  [<ffffffff810709e7>] __phys_addr+0x51/0x7c
[    4.358429] RSP: 0000:ffff88000016bce0  EFLAGS: 00010206
[    4.359135] RAX: 000078000000ffe0 RBX: ffff880010328000 RCX: 0000000000000040
[    4.360029] RDX: 000000008000ffe0 RSI: 000000000000ffe0 RDI: 000000000000ffe0
[    4.360029] RBP: ffff88000016bce0 R08: ffffffff8164a813 R09: 00000001000d0001
[    4.360029] R10: 0000000000000040 R11: 0000000000000018 R12: 000000000000ffe0
[    4.360029] R13: 0000000000000040 R14: 000000000000ffe0 R15: 000000000000ffe0
[    4.360029] FS:  0000000000000000(0000) GS:ffffffff8287b000(0000) knlGS:0000000000000000
[    4.360029] CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[    4.360029] CR2: 0000000000000000 CR3: 0000000002841000 CR4: 00000000000006b0
[    4.360029] Stack:
[    4.360029]  ffff88000016bd08 ffffffff819c1ca5 ffff88000016be38 0000000000000000
[    4.360029]  0000000000000001 ffff88000016bd70 ffffffff819c5fd0 000000400016bd70
[    4.360029]  ffff880010328000 ffff88000016be04 ffff88000016be10 ffff880010260820
[    4.360029] Call Trace:
[    4.360029]  [<ffffffff819c1ca5>] sg_set_buf+0x21/0xb5
[    4.360029]  [<ffffffff819c5fd0>] setup_test_skip64+0x126/0x1b3
[    4.360029]  [<ffffffff830f6e5d>] xhci_test_init+0x229/0x862
[    4.360029]  [<ffffffff810ff671>] ? trace_hardirqs_on_caller+0x211/0x2cd
[    4.360029]  [<ffffffff819c5eaa>] ? setup_test_wrap64+0x21a/0x21a
[    4.360029]  [<ffffffff81efe6c0>] ? __slab_free+0x216/0x401
[    4.360029]  [<ffffffff810ff671>] ? trace_hardirqs_on_caller+0x211/0x2cd
[    4.360029]  [<ffffffff819c5eaa>] ? setup_test_wrap64+0x21a/0x21a
[    4.360029]  [<ffffffff819c605d>] ? setup_test_skip64+0x1b3/0x1b3
[    4.360029]  [<ffffffff819c5c90>] ? setup_test_dont_trim+0x200/0x200
[    4.360029]  [<ffffffff819c5a90>] ? xhci_ring_alloc+0x100/0x100
[    4.360029]  [<ffffffff830f6c34>] ? ohci_pci_init+0x7d/0x7d
[    4.360029]  [<ffffffff830b071d>] do_one_initcall+0x17c/0x26d
[    4.360029]  [<ffffffff810dd5db>] ? parameq+0x24/0x2d
[    4.360029]  [<ffffffff810dd875>] ? parse_args+0x291/0x3e4
[    4.360029]  [<ffffffff830b0b63>] kernel_init_freeable+0x355/0x461
[    4.360029]  [<ffffffff830af92a>] ? do_early_param+0xd7/0xd7
[    4.360029]  [<ffffffff81ef5194>] ? rest_init+0x218/0x218
[    4.360029]  [<ffffffff81ef51a4>] kernel_init+0x10/0x169
[    4.360029]  [<ffffffff81f16ffa>] ret_from_fork+0x7a/0xb0
[    4.360029]  [<ffffffff81ef5194>] ? rest_init+0x218/0x218
[    4.360029] Code: 76 52 48 ff 05 4b e2 19 02 0f 0b 48 ff 05 4a e2 19 02 48 b8 00 00 00 00 00 78 00 00 48 ff 05 29 e2 19 02 48 01 f8 48 39 d0 76 09 <0f> 0b 48 ff 05 40 e2 19 02 0f b6 0d d2 27 03 02 48 89 c2 48 ff 
[    4.360029] RIP  [<ffffffff810709e7>] __phys_addr+0x51/0x7c
[    4.360029]  RSP <ffff88000016bce0>
[    4.392028] ---[ end trace 68ef4c4340f54dcf ]---
[    4.392651] Kernel panic - not syncing: Fatal exception

git bisect start 87e45e9aee6e16808da24d42620c30e62ef78f72 52addcf9d6669fa439387610bc65c92fa0980cef --
git bisect good 21e7954c90927f091ef81611f7f186d8f2f068a7  # 02:54     20+      0  Merge 'ipvs/master' into devel-hourly-2014082801
git bisect good db76ed1b63ae17ebfbbcac90a25e9b15d7c81593  # 03:02     20+      0  Merge 'robclark/msm-fixes-3.17' into devel-hourly-2014082801
git bisect  bad d742d6a6a9ba64655ff7c57b5995f5e88e417c4d  # 03:06      0-     20  Merge 'xen-tip/devel/for-linus-3.18' into devel-hourly-2014082801
git bisect good b590845ddf136fab351e0fbed14e3d1b1e655d56  # 03:13     20+      1  Merge 'regulator/for-next' into devel-hourly-2014082801
git bisect  bad a768419190a3acf1db12e2e27d3589035d2ca713  # 03:24      0-     20  Merge 'djbw-usb/td-fragments-v1' into devel-hourly-2014082801
git bisect good e705f1f3500d34055a829cec1178012108c2b5aa  # 03:28     20+      0  Merge 'stericsson/tcm' into devel-hourly-2014082801
git bisect good a75ef911cf100b8cf7d25baf6dac8052328a96e7  # 03:39     20+      0  xhci: clarify "ring valid" checks
git bisect good 652b7ee36207f186f3d701675483df43b4845c5c  # 03:45     20+      0  xhci: kill ->num_trbs_free_temp in struct xhci_ring
git bisect good 1c11eb8545a3321e7ca27fc7ba8c56b6e6df2b57  # 03:51     20+      0  xhci: add xhci_ring_reap_td() helper
git bisect  bad e65e21a542cab81d794db4e5fe919c4e1d624ea7  # 03:56      0-     20  xhci: unit test ring enqueue/dequeue routines
git bisect good fb6fa3e625e1e453aea9eeb97d58bee30e1c0781  # 04:07     20+      0  xhci: v1.0 scatterlist enqueue support (td-fragment rework)
# first bad commit: [e65e21a542cab81d794db4e5fe919c4e1d624ea7] xhci: unit test ring enqueue/dequeue routines
git bisect good fb6fa3e625e1e453aea9eeb97d58bee30e1c0781  # 04:10     60+      0  xhci: v1.0 scatterlist enqueue support (td-fragment rework)
git bisect  bad 87e45e9aee6e16808da24d42620c30e62ef78f72  # 04:10      0-     11  0day head guard for 'devel-hourly-2014082801'
git bisect good ff0c57ac70434bc936cb0110eaf033a0a1a62e52  # 04:19     60+      5  Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid
git bisect good d05446ae2128064a4bb8f74c84f6901ffb5c94bc  # 04:22     60+      0  Add linux-next specific files for 20140827


This script may reproduce the error.

----------------------------------------------------------------------------
#!/bin/bash

kernel=$1
initrd=yocto-minimal-x86_64.cgz

wget --no-clobber https://github.com/fengguang/reproduce-kernel-bug/raw/master/initrd/$initrd

kvm=(
	qemu-system-x86_64
	-cpu kvm64
	-enable-kvm
	-kernel $kernel
	-initrd $initrd
	-m 320
	-smp 1
	-net nic,vlan=1,model=e1000
	-net user,vlan=1
	-boot order=nc
	-no-reboot
	-watchdog i6300esb
	-rtc base=localtime
	-serial stdio
	-display none
	-monitor null 
)

append=(
	hung_task_panic=1
	earlyprintk=ttyS0,115200
	debug
	apic=debug
	sysrq_always_enabled
	rcupdate.rcu_cpu_stall_timeout=100
	panic=-1
	softlockup_panic=1
	nmi_watchdog=panic
	oops=panic
	load_ramdisk=2
	prompt_ramdisk=0
	console=ttyS0,115200
	console=tty0
	vga=normal
	root=/dev/ram0
	rw
	drbd.minor_count=8
)

"${kvm[@]}" --append "${append[*]}"
----------------------------------------------------------------------------

Thanks,
Fengguang

View attachment "dmesg-yocto-vp-51:20140828035557:x86_64-randconfig-hsxa2-08281025:3.16.0-rc5-00225-ge65e21a:6" of type "text/plain" (30146 bytes)

_______________________________________________
LKP mailing list
LKP@...ux.intel.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ