lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20150506090850.GA30187@wfg-t540p.sh.intel.com>
Date:	Wed, 6 May 2015 17:08:50 +0800
From:	Fengguang Wu <fengguang.wu@...el.com>
To:	Iulia Manda <iulia.manda21@...il.com>
Cc:	fengguang.wu@...el.com, Josh Triplett <josh@...htriplett.org>,
	"Paul E. McKenney" <paulmck@...ux.vnet.ibm.com>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Linux Memory Management List <linux-mm@...ck.org>,
	LKP <lkp@...org>, linux-kernel@...r.kernel.org
Subject: [CONFIG_MULTIUSER] BUG: unable to handle kernel paging request at
 ffffffee

Hi Iulia,

FYI, the reported bug is still not fixed in linux-next 20150506.

git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master

commit 2813893f8b197a14f1e1ddb04d99bce46817c84a
Author:     Iulia Manda <iulia.manda21@...il.com>
AuthorDate: Wed Apr 15 16:16:41 2015 -0700
Commit:     Linus Torvalds <torvalds@...ux-foundation.org>
CommitDate: Wed Apr 15 16:35:22 2015 -0700

    kernel: conditionally support non-root users, groups and capabilities
    
    There are a lot of embedded systems that run most or all of their
    functionality in init, running as root:root.  For these systems,
    supporting multiple users is not necessary.
    
    This patch adds a new symbol, CONFIG_MULTIUSER, that makes support for
    non-root users, non-root groups, and capabilities optional.  It is enabled
    under CONFIG_EXPERT menu.
    
    When this symbol is not defined, UID and GID are zero in any possible case
    and processes always have all capabilities.
    
    The following syscalls are compiled out: setuid, setregid, setgid,
    setreuid, setresuid, getresuid, setresgid, getresgid, setgroups,
    getgroups, setfsuid, setfsgid, capget, capset.
    
    Also, groups.c is compiled out completely.
    
    In kernel/capability.c, capable function was moved in order to avoid
    adding two ifdef blocks.
    
    This change saves about 25 KB on a defconfig build.  The most minimal
    kernels have total text sizes in the high hundreds of kB rather than
    low MB.  (The 25k goes down a bit with allnoconfig, but not that much.
    
    The kernel was booted in Qemu.  All the common functionalities work.
    Adding users/groups is not possible, failing with -ENOSYS.
    
    Bloat-o-meter output:
    add/remove: 7/87 grow/shrink: 19/397 up/down: 1675/-26325 (-24650)
    
    [akpm@...ux-foundation.org: coding-style fixes]
    Signed-off-by: Iulia Manda <iulia.manda21@...il.com>
    Reviewed-by: Josh Triplett <josh@...htriplett.org>
    Acked-by: Geert Uytterhoeven <geert@...ux-m68k.org>
    Tested-by: Paul E. McKenney <paulmck@...ux.vnet.ibm.com>
    Reviewed-by: Paul E. McKenney <paulmck@...ux.vnet.ibm.com>
    Signed-off-by: Andrew Morton <akpm@...ux-foundation.org>
    Signed-off-by: Linus Torvalds <torvalds@...ux-foundation.org>

+-----------------------------------------------------------+------------+------------+------------+
|                                                           | c79574abe2 | 2813893f8b | cbdacaf0c1 |
+-----------------------------------------------------------+------------+------------+------------+
| boot_successes                                            | 60         | 0          | 0          |
| boot_failures                                             | 0          | 22         | 1064       |
| BUG:unable_to_handle_kernel                               | 0          | 22         | 1032       |
| Oops                                                      | 0          | 22         | 1032       |
| EIP_is_at_devpts_new_index                                | 0          | 22         | 1032       |
| Kernel_panic-not_syncing:Fatal_exception                  | 0          | 22         | 1032       |
| backtrace:do_sys_open                                     | 0          | 22         | 1032       |
| backtrace:SyS_open                                        | 0          | 22         | 1032       |
| WARNING:at_arch/x86/kernel/fpu/core.c:#fpu__clear()       | 0          | 0          | 32         |
| Kernel_panic-not_syncing:Attempted_to_kill_init!exitcode= | 0          | 0          | 32         |
+-----------------------------------------------------------+------------+------------+------------+

[    2.632019] EDD information not available.
[    2.633108] Freeing unused kernel memory: 564K (c1bc3000 - c1c50000)
[    2.642276] random: init urandom read with 4 bits of entropy available
[    2.643278] BUG: unable to handle kernel paging request at ffffffee
[    2.643807] IP: [<c11ed93e>] devpts_new_index+0x25/0x1bd
[    2.644249] *pdpt = 0000000001c50001 *pde = 0000000001c51063 *pte = 0000000000000000 
[    2.644897] Oops: 0000 [#1] 
[    2.645141] Modules linked in:
[    2.645400] CPU: 0 PID: 1 Comm: init Not tainted 4.0.0-05819-g2813893 #11
[    2.645932] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.7.5-20140531_083030-gandalf 04/01/2014
[    2.646719] task: d084c010 ti: d084e000 task.ti: d084e000
[    2.647147] EIP: 0060:[<c11ed93e>] EFLAGS: 00010246 CPU: 0
[    2.647579] EIP is at devpts_new_index+0x25/0x1bd
[    2.647964] EAX: ffffffea EBX: 00000000 ECX: c1384a75 EDX: 00000000
[    2.648455] ESI: c23afc38 EDI: cd284cc0 EBP: d084fe00 ESP: d084fdf4
[    2.648967]  DS: 007b ES: 007b FS: 0000 GS: 00e0 SS: 0068
[    2.649393] CR0: 80050033 CR2: ffffffee CR3: 124432e0 CR4: 000006b0
[    2.649891] Stack:
[    2.650047]  c1384a75 00000000 c23afc38 d084fe18 c1384a8b d0426b60 00000000 c23afc38
[    2.650047]  d0426b60 d084fe38 c1172c22 00000000 cd284cc0 00000000 cd284cc0 d0426b60
[    2.650047]  00000000 d084fe58 c1169521 00000026 cd284cc8 c11729de cd284cc0 d084ff04
[    2.650047] Call Trace:
[    2.650047]  [<c1384a75>] ? ptmx_open+0x6b/0x28b
[    2.650047]  [<c1384a8b>] ptmx_open+0x81/0x28b
[    2.650047]  [<c1172c22>] chrdev_open+0x244/0x270
[    2.650047]  [<c1169521>] do_dentry_open+0x358/0x512
[    2.650047]  [<c11729de>] ? cdev_put+0x38/0x38
[    2.650047]  [<c1169739>] vfs_open+0x5e/0x71
[    2.650047]  [<c1181c8f>] do_last+0xa34/0xde9
[    2.650047]  [<c11823b1>] path_openat+0x36d/0x89b
[    2.650047]  [<c1183c10>] do_filp_open+0x33/0xb4
[    2.650047]  [<c11981ba>] ? __alloc_fd+0x1b5/0x1cd
[    2.650047]  [<c116b2cf>] do_sys_open+0x22e/0x31e
[    2.650047]  [<c11982dd>] ? fd_install+0x28/0x39
[    2.650047]  [<c116b3e5>] SyS_open+0x26/0x44
[    2.650047]  [<c162f782>] sysenter_do_call+0x12/0x12
[    2.650047] Code: f4 5b 5e 5f 5d c3 55 89 e5 56 53 51 8b 40 14 81 78 34 d1 1c 00 00 74 16 a1 50 8e 31 c2 83 05 c0 8b 31 c2 01 83 15 c4 8b 31 c2 00 <8b> 40 04 83 05 c8 8b 31 c2 01 83 15 cc 8b 31 c2 00 8b 98 d0 02
[    2.650047] EIP: [<c11ed93e>] devpts_new_index+0x25/0x1bd SS:ESP 0068:d084fdf4
[    2.650047] CR2: 00000000ffffffee
[    2.650047] ---[ end trace e7d6454dfe4d6c7f ]---
[    2.650047] Kernel panic - not syncing: Fatal exception

git bisect start 5ebe6afaf0057ac3eaeb98defd5456894b446d22 v4.0 --
git bisect  bad 96b90f27bcf22f1d06cc16d9475cefa6ea4c4718  # 10:06      0-     22  Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
git bisect good 1dcf58d6e6e6eb7ec10e9abc56887b040205b06f  # 10:14     20+      0  Merge branch 'akpm' (patches from Andrew)
git bisect  bad 497a5df7bf6ffd136ae21c49d1a01292930d7ca2  # 10:22      0-     20  Merge tag 'stable/for-linus-4.1-rc0-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip
git bisect good b422b75875a3663f08a9ab5aeb265ed2383cbe2f  # 10:31     20+      0  Merge branch 'kbuild' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild
git bisect good 6d50ff91d9780263160262daeb6adfdda8ddbc6c  # 10:40     20+      0  Merge tag 'locks-v4.1-1' of git://git.samba.org/jlayton/linux
git bisect  bad eea3a00264cf243a28e4331566ce67b86059339d  # 10:47      0-     20  Merge branch 'akpm' (patches from Andrew)
git bisect good d0a3997c0c3f9351e24029349dee65dd1d9e8d84  # 10:55     20+      0  Merge tag 'sound-4.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound
git bisect good e7c82412433a8039616c7314533a0a1c025d99bf  # 11:08     20+      0  Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/cooloney/linux-leds
git bisect good 248ca1b053c82fa22427d22b33ac51a24c88a86d  # 11:22     20+      0  zsmalloc: add fullness into stat
git bisect  bad 3ea8d440a86b85c63c2bb7f73988626e682db5f0  # 11:29      0-     22  lib/vsprintf.c: eliminate duplicate hex string array
git bisect good 160a117f0864871ae1bab26554a985a1d2861afd  # 11:38     20+      0  zsmalloc: remove extra cond_resched() in __zs_compact
git bisect  bad 96831c0a6738f88f89e7012f4df0a747514af0a0  # 11:45      0-     22  kernel/resource.c: remove deprecated __check_region() and friends
git bisect good 23f40a94d860449f39f00c3350bf850d15983e63  # 11:56     20+      0  include/linux: remove empty conditionals
git bisect good c79574abe2baddf569532e7e430e4977771dd25c  # 12:27     20+      0  lib/test-hexdump.c: fix initconst confusion
git bisect  bad 2813893f8b197a14f1e1ddb04d99bce46817c84a  # 12:34      0-      6  kernel: conditionally support non-root users, groups and capabilities
# first bad commit: [2813893f8b197a14f1e1ddb04d99bce46817c84a] kernel: conditionally support non-root users, groups and capabilities
git bisect good c79574abe2baddf569532e7e430e4977771dd25c  # 12:42     60+      0  lib/test-hexdump.c: fix initconst confusion
# extra tests with DEBUG_INFO
# extra tests on HEAD of tip/tmp.fpu
git bisect  bad a9a0b36aa770f32a191bd415b23971db5cdeb93b  # 12:48      0-    132  x86/fpu: Reorganize fpu/internal.h
# extra tests on tree/branch linus/master
git bisect  bad 5198b44374adb3f6143459a03c37f103f8a09548  # 12:52      0-     60  Merge tag 'for-linus-4.1-1' of git://git.code.sf.net/p/openipmi/linux-ipmi
# extra tests with first bad commit reverted
# extra tests on tree/branch linus/master
git bisect  bad 5198b44374adb3f6143459a03c37f103f8a09548  # 12:55      0-     62  Merge tag 'for-linus-4.1-1' of git://git.code.sf.net/p/openipmi/linux-ipmi
# extra tests on tree/branch next/master
git bisect  bad cab98a65216d98e631fd7209210b1275cc7e6ef9  # 13:17      0-     60  Add linux-next specific files for 20150506


This script may reproduce the error.

----------------------------------------------------------------------------
#!/bin/bash

kernel=$1
initrd=quantal-core-i386.cgz

wget --no-clobber https://github.com/fengguang/reproduce-kernel-bug/raw/master/initrd/$initrd

kvm=(
	qemu-system-x86_64
	-enable-kvm
	-cpu kvm64
	-kernel $kernel
	-initrd $initrd
	-m 300
	-smp 2
	-device e1000,netdev=net0
	-netdev user,id=net0
	-boot order=nc
	-no-reboot
	-watchdog i6300esb
	-rtc base=localtime
	-serial stdio
	-display none
	-monitor null 
)

append=(
	hung_task_panic=1
	earlyprintk=ttyS0,115200
	rd.udev.log-priority=err
	systemd.log_target=journal
	systemd.log_level=warning
	debug
	apic=debug
	sysrq_always_enabled
	rcupdate.rcu_cpu_stall_timeout=100
	panic=-1
	softlockup_panic=1
	nmi_watchdog=panic
	oops=panic
	load_ramdisk=2
	prompt_ramdisk=0
	console=ttyS0,115200
	console=tty0
	vga=normal
	root=/dev/ram0
	rw
	drbd.minor_count=8
)

"${kvm[@]}" --append "${append[*]}"
----------------------------------------------------------------------------

Thanks,
Fengguang

View attachment "dmesg-quantal-ivb41-96:20150506123446:i386-randconfig-r1-0505:4.0.0-05819-g2813893:11" of type "text/plain" (70835 bytes)

View attachment "config-4.0.0-05819-g2813893" of type "text/plain" (86913 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ