| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20150306233033.GA3556@wfg-t540p.sh.intel.com>
Date: Sat, 7 Mar 2015 07:30:33 +0800
From: Fengguang Wu <fengguang.wu@...el.com>
To: Andy Lutomirski <luto@...capital.net>
Cc: fengguang.wu@...el.com, Ingo Molnar <mingo@...nel.org>,
LKP <lkp@...org>, linux-kernel@...r.kernel.org
Subject: [x86/asm/entry] BUG: unable to handle kernel paging request
Greetings,
0day kernel testing robot got the below dmesg and the first bad commit is
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git x86/asm
commit 75182b1632a89f12540baa1806a7c5c180db620c
Author: Andy Lutomirski <luto@...capital.net>
AuthorDate: Thu Mar 5 19:19:03 2015 -0800
Commit: Ingo Molnar <mingo@...nel.org>
CommitDate: Fri Mar 6 08:32:57 2015 +0100
x86/asm/entry: Switch all C consumers of kernel_stack to this_cpu_sp0()
This will make modifying the semantics of kernel_stack easier.
The change to ist_begin_non_atomic() is necessary because sp0 no
longer points to the same THREAD_SIZE-aligned region as RSP;
it's one byte too high for that. At Denys' suggestion, rather
than offsetting it, just check explicitly that we're in the
correct range ending at sp0. This has the added benefit that we
no longer assume that the thread stack is aligned to
THREAD_SIZE.
Suggested-by: Denys Vlasenko <dvlasenk@...hat.com>
Signed-off-by: Andy Lutomirski <luto@...capital.net>
Cc: Borislav Petkov <bp@...en8.de>
Cc: H. Peter Anvin <hpa@...or.com>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Oleg Nesterov <oleg@...hat.com>
Cc: Thomas Gleixner <tglx@...utronix.de>
Link: http://lkml.kernel.org/r/ef8254ad414cbb8034c9a56396eeb24f5dd5b0de.1425611534.git.luto@amacapital.net
Signed-off-by: Ingo Molnar <mingo@...nel.org>
Attached dmesg for the parent commit, too, to help confirm whether it is a noise error.
+-------------------------------------------------------+------------+------------+------------+
| | 8ef46a672a | 75182b1632 | fad99646bd |
+-------------------------------------------------------+------------+------------+------------+
| boot_successes | 89 | 0 | 0 |
| boot_failures | 1 | 30 | 12 |
| BUG:kernel_boot_hang | 1 | 7 | 1 |
| INFO:rcu_sched_detected_stalls_on_CPUs/tasks | 0 | 6 | 1 |
| backtrace:cpu_startup_entry | 0 | 7 | 1 |
| BUG:unable_to_handle_kernel | 0 | 23 | 11 |
| Oops | 0 | 23 | 11 |
| EIP_is_at_task_rq_lock | 0 | 22 | 11 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 22 | 11 |
| backtrace:do_exit | 0 | 22 | 11 |
| EIP_is_at_replenish_dl_entity | 0 | 1 | |
| Kernel_panic-not_syncing:Fatal_exception_in_interrupt | 0 | 1 | |
+-------------------------------------------------------+------------+------------+------------+
[ 0.221842] Testing tracer wakeup:
[ 0.221842] Testing tracer wakeup:
[ 0.222715] BUG: unable to handle kernel
[ 0.222715] BUG: unable to handle kernel paging requestpaging request at 5d711c40
at 5d711c40
[ 0.223697] IP:
[ 0.223697] IP: [<7bf28041>] task_rq_lock+0x61/0x1a0
[<7bf28041>] task_rq_lock+0x61/0x1a0
[ 0.224000] *pde = 00000000
[ 0.224000] *pde = 00000000
[ 0.224000] Oops: 0000 [#1]
[ 0.224000] Oops: 0000 [#1] PREEMPT PREEMPT SMP SMP
[ 0.224000] CPU: 0 PID: 18 Comm: ftrace-test Not tainted 4.0.0-rc2-00052-g75182b1 #5
[ 0.224000] CPU: 0 PID: 18 Comm: ftrace-test Not tainted 4.0.0-rc2-00052-g75182b1 #5
[ 0.224000] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.7.5-20140531_083030-gandalf 04/01/2014
[ 0.224000] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.7.5-20140531_083030-gandalf 04/01/2014
[ 0.224000] task: 8b636410 ti: 8b7b1ff8 task.ti: 8b7b2000
[ 0.224000] task: 8b636410 ti: 8b7b1ff8 task.ti: 8b7b2000
[ 0.224000] EIP: 0060:[<7bf28041>] EFLAGS: 00010046 CPU: 0
[ 0.224000] EIP: 0060:[<7bf28041>] EFLAGS: 00010046 CPU: 0
[ 0.224000] EIP is at task_rq_lock+0x61/0x1a0
[ 0.224000] EIP is at task_rq_lock+0x61/0x1a0
[ 0.224000] EAX: 78000000 EBX: 7d9661c0 ECX: 7bf28028 EDX: 00000000
[ 0.224000] EAX: 78000000 EBX: 7d9661c0 ECX: 7bf28028 EDX: 00000000
[ 0.224000] ESI: 8b636410 EDI: 8b7b3e84 EBP: 8b7b3e74 ESP: 8b7b3e5c
[ 0.224000] ESI: 8b636410 EDI: 8b7b3e84 EBP: 8b7b3e74 ESP: 8b7b3e5c
[ 0.224000] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
[ 0.224000] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
[ 0.224000] CR0: 8005003b CR2: 5d711c40 CR3: 0596e000 CR4: 00000690
[ 0.224000] CR0: 8005003b CR2: 5d711c40 CR3: 0596e000 CR4: 00000690
[ 0.224000] Stack:
[ 0.224000] Stack:
[ 0.224000] 7d9661c0
[ 0.224000] 7d9661c0 7d9661c0 7d9661c0 8b636848 8b636848 8b636410 8b636410 8b636410 8b636410 7bf433b0 7bf433b0 8b7b3e94 8b7b3e94 7bf430f6 7bf430f6
[ 0.224000] 00000001
[ 0.224000] 00000001 00000001 00000001 00000246 00000246 00000001 00000001 8b636410 8b636410 7bf433b0 7bf433b0 8b7b3ea0 8b7b3ea0 7bf4340c 7bf4340c
[ 0.224000] 00000000
[ 0.224000] 00000000 8b7b3ec0 8b7b3ec0 7c026cf3 7c026cf3 00000000 00000000 007b3ec0 007b3ec0 7d37d5c0 7d37d5c0 00000000 00000000 00000001 00000001
[ 0.224000] Call Trace:
[ 0.224000] Call Trace:
[ 0.224000] [<7bf433b0>] ? sched_move_task+0x2e0/0x2e0
[ 0.224000] [<7bf433b0>] ? sched_move_task+0x2e0/0x2e0
[ 0.224000] [<7bf430f6>] sched_move_task+0x26/0x2e0
[ 0.224000] [<7bf430f6>] sched_move_task+0x26/0x2e0
[ 0.224000] [<7bf433b0>] ? sched_move_task+0x2e0/0x2e0
[ 0.224000] [<7bf433b0>] ? sched_move_task+0x2e0/0x2e0
[ 0.224000] [<7bf4340c>] cpu_cgroup_exit+0x5c/0x70
[ 0.224000] [<7bf4340c>] cpu_cgroup_exit+0x5c/0x70
[ 0.224000] [<7c026cf3>] cgroup_exit+0x143/0x1f0
[ 0.224000] [<7c026cf3>] cgroup_exit+0x143/0x1f0
[ 0.224000] [<7bed1322>] do_exit+0x562/0x1cf0
[ 0.224000] [<7bed1322>] do_exit+0x562/0x1cf0
[ 0.224000] [<7ccf4c05>] ? schedule+0x5/0x110
[ 0.224000] [<7ccf4c05>] ? schedule+0x5/0x110
[ 0.224000] [<7ccf4cb5>] ? schedule+0xb5/0x110
[ 0.224000] [<7ccf4cb5>] ? schedule+0xb5/0x110
[ 0.224000] [<7c0486a1>] ? trace_wakeup_test_thread+0x1a1/0x1e0
[ 0.224000] [<7c0486a1>] ? trace_wakeup_test_thread+0x1a1/0x1e0
[ 0.224000] [<7c048500>] ? tracing_lseek+0xa0/0xa0
[ 0.224000] [<7c048500>] ? tracing_lseek+0xa0/0xa0
[ 0.224000] [<7bf18bf8>] kthread+0x158/0x1d0
[ 0.224000] [<7bf18bf8>] kthread+0x158/0x1d0
[ 0.224000] [<7c048500>] ? tracing_lseek+0xa0/0xa0
[ 0.224000] [<7c048500>] ? tracing_lseek+0xa0/0xa0
[ 0.224000] [<7bf20101>] ? __validate_process_creds+0x1e1/0x3a0
[ 0.224000] [<7bf20101>] ? __validate_process_creds+0x1e1/0x3a0
[ 0.224000] [<7bf6df6e>] ? complete+0x2e/0x90
[ 0.224000] [<7bf6df6e>] ? complete+0x2e/0x90
[ 0.224000] [<7cd07941>] ret_from_kernel_thread+0x21/0x30
[ 0.224000] [<7cd07941>] ret_from_kernel_thread+0x21/0x30
[ 0.224000] [<7bf18aa0>] ? __kthread_unpark+0xf0/0xf0
[ 0.224000] [<7bf18aa0>] ? __kthread_unpark+0xf0/0xf0
[ 0.224000] Code:
[ 0.224000] Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 8b 8b 45 45 f0 f0 e8 e8 88 88 cd cd dd dd 00 00 8b 8b 5d 5d ec ec 83 83 05 05 08 08 97 97 9d 9d 7d 7d 01 01 83 83 15 15 0c 0c 97 97 9d 9d 7d 7d 00 00 89 89 07 07 8b 8b 46 46 04 04 8b 8b 40 40 10 10 <8b> <8b> 14 14 85 85 40 40 1c 1c 71 71 7d 7d 01 01 d3 d3 89 89 d8 d8 e8 e8 1f 1f cc cc dd dd 00 00 8b 8b 46 46 04 04 8b 8b 4d 4d
[ 0.224000] EIP: [<7bf28041>]
[ 0.224000] EIP: [<7bf28041>] task_rq_lock+0x61/0x1a0task_rq_lock+0x61/0x1a0 SS:ESP 0068:8b7b3e5c
SS:ESP 0068:8b7b3e5c
[ 0.224000] CR2: 000000005d711c40
[ 0.224000] CR2: 000000005d711c40
[ 0.224000] ---[ end trace 3a65ebf13265a183 ]---
[ 0.224000] ---[ end trace 3a65ebf13265a183 ]---
git bisect start fad99646bd5e9e5cf78637701931518b8a55890e 4f671fe2f9523a1ea206f63fe60a7c7b3a56d5c7 --
git bisect good 7dfd6d85242a6790260381cb45ea407bd9b65af3 # 18:07 20+ 0 Merge branch 'linus'
git bisect good 0624492336dfd630334fb582eb3f20ee3e109293 # 18:16 20+ 0 Merge branch 'x86/asm'
git bisect good 93cbe2969a57747f291894e2331d9864034ac0a1 # 18:18 20+ 0 Merge branch 'timers/urgent'
git bisect good e0aa5c22486be95ff8b52926fcb4f0e6f01a79c6 # 18:21 20+ 0 Merge branch 'perf/urgent'
git bisect bad 74d398c3580c5cb5601028821833366dc8414a69 # 18:21 0- 2 Merge branch 'x86/asm'
git bisect bad 9d0c914c60f4d3123debb653340dc1f7cf44939d # 18:26 0- 22 x86/asm/entry/64/compat: Change the 32-bit sysenter code to use sp0
git bisect bad 75182b1632a89f12540baa1806a7c5c180db620c # 18:29 0- 23 x86/asm/entry: Switch all C consumers of kernel_stack to this_cpu_sp0()
git bisect good 8ef46a672a7d852709561d10672b6eaa8a4acd82 # 18:34 30+ 0 x86/asm/entry: Add this_cpu_sp0() to read sp0 for the current cpu
# first bad commit: [75182b1632a89f12540baa1806a7c5c180db620c] x86/asm/entry: Switch all C consumers of kernel_stack to this_cpu_sp0()
git bisect good 8ef46a672a7d852709561d10672b6eaa8a4acd82 # 18:41 90+ 1 x86/asm/entry: Add this_cpu_sp0() to read sp0 for the current cpu
# extra tests with DEBUG_INFO
git bisect bad 75182b1632a89f12540baa1806a7c5c180db620c # 18:52 0- 32 x86/asm/entry: Switch all C consumers of kernel_stack to this_cpu_sp0()
# extra tests on HEAD of tip/master
git bisect bad fad99646bd5e9e5cf78637701931518b8a55890e # 18:52 0- 12 Merge branch 'x86/urgent'
# extra tests on tree/branch tip/x86/asm
git bisect good 9b47668843d800ed57f6f6bfd6f5c4cffdf201c6 # 19:12 90+ 90 x86/asm/entry: Rename 'INIT_TSS_IST' to 'CPU_TSS_IST'
# extra tests with first bad commit reverted
# extra tests on tree/branch tip/master
git bisect bad fad99646bd5e9e5cf78637701931518b8a55890e # 19:14 0- 12 Merge branch 'x86/urgent'
# extra tests on tree/branch linus/master
git bisect good 99aedde0869ce194539166ac5a4d2e1a20995348 # 19:18 90+ 0 Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
# extra tests on tree/branch next/master
git bisect good 28855005be1d6a0a041de46fd2e61da2b796abff # 19:24 90+ 0 Add linux-next specific files for 20150306
This script may reproduce the error.
----------------------------------------------------------------------------
#!/bin/bash
kernel=$1
kvm=(
qemu-system-x86_64
-cpu kvm64
-enable-kvm
-kernel $kernel
-m 320
-smp 1
-net nic,vlan=1,model=e1000
-net user,vlan=1
-boot order=nc
-no-reboot
-watchdog i6300esb
-rtc base=localtime
-serial stdio
-display none
-monitor null
)
append=(
hung_task_panic=1
earlyprintk=ttyS0,115200
rd.udev.log-priority=err
systemd.log_target=journal
systemd.log_level=warning
debug
apic=debug
sysrq_always_enabled
rcupdate.rcu_cpu_stall_timeout=100
panic=-1
softlockup_panic=1
nmi_watchdog=panic
oops=panic
load_ramdisk=2
prompt_ramdisk=0
console=ttyS0,115200
console=tty0
vga=normal
root=/dev/ram0
rw
drbd.minor_count=8
)
"${kvm[@]}" --append "${append[*]}"
----------------------------------------------------------------------------
Thanks,
Fengguang
View attachment "dmesg-yocto-client9-40:20150306182726:i386-randconfig-r0-0305:4.0.0-rc2-00052-g75182b1:5" of type "text/plain" (53246 bytes)
View attachment "dmesg-quantal-client1-19:20150306183734:i386-randconfig-r0-0305:4.0.0-rc2-00051-g8ef46a6:6" of type "text/plain" (49605 bytes)
View attachment "config-4.0.0-rc2-00052-g75182b1" of type "text/plain" (79690 bytes)
Powered by blists - more mailing lists