lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20150623030039.GA21012@wfg-t540p.sh.intel.com>
Date:	Tue, 23 Jun 2015 11:00:39 +0800
From:	Fengguang Wu <fengguang.wu@...el.com>
To:	Andy Lutomirski <luto@...nel.org>
Cc:	fengguang.wu@...el.com, linux-kernel@...r.kernel.org,
	LKP <lkp@...org>
Subject: [x86/entry/32] BUG: unable to handle kernel paging request at
 ffffe050

Greetings,

0day kernel testing robot got the below dmesg and the first bad commit is

git://git.kernel.org/pub/scm/linux/kernel/git/luto/linux.git x86/entry

commit cef2d931e1112187cea5d6c9088bb0a4ee28c2a4
Author:     Andy Lutomirski <luto@...nel.org>
AuthorDate: Wed Jun 17 11:05:08 2015 -0700
Commit:     Andy Lutomirski <luto@...nel.org>
CommitDate: Thu Jun 18 11:52:36 2015 -0700

    x86/entry/32: Use prepare_exit_to_usermode and syscall_return_slowpath
    
    This removes the hybrid asm-and-C implementation of exit work.
    
    Signed-off-by: Andy Lutomirski <luto@...nel.org>

+------------------------------------------+------------+------------+------------+
|                                          | 3f0d62a8f8 | cef2d931e1 | 3ad0cb4b37 |
+------------------------------------------+------------+------------+------------+
| boot_successes                           | 61         | 0          | 0          |
| boot_failures                            | 2          | 22         | 13         |
| BUG:kernel_test_crashed                  | 2          |            |            |
| BUG:unable_to_handle_kernel              | 0          | 22         | 13         |
| Oops                                     | 0          | 22         | 13         |
| EIP_is_at_syscall_return_slowpath        | 0          | 22         | 13         |
| Kernel_panic-not_syncing:Fatal_exception | 0          | 22         | 13         |
+------------------------------------------+------------+------------+------------+

[    5.496153] Freeing unused kernel memory: 1724K (415a5000 - 41754000)
[    5.497242] Write protecting the kernel text: 3476k
[    5.498050] Write protecting the kernel read-only data: 1972k
[    5.499030] BUG: unable to handle kernel paging request at ffffe050
[    5.499791] IP: [<41000f8d>] syscall_return_slowpath+0xb/0x106
[    5.500008] *pde = 01759063 *pte = 00000000 
[    5.500008] Oops: 0000 [#1] SMP 
[    5.500008] Modules linked in:
[    5.500008] CPU: 1 PID: 1 Comm: init Not tainted 4.1.0-rc6-00284-gcef2d93 #1
[    5.500008] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.7.5-20140531_083030-gandalf 04/01/2014
[    5.500008] task: 50850cd0 ti: 50852000 task.ti: 50852000
[    5.500008] EIP: 0060:[<41000f8d>] EFLAGS: 00010007 CPU: 1
[    5.500008] EIP is at syscall_return_slowpath+0xb/0x106
[    5.500008] EAX: 50853fb4 EBX: 00000000 ECX: 00000002 EDX: 00000000
[    5.500008] ESI: 00000000 EDI: 4156d340 EBP: 50853fac ESP: 50853f24
[    5.500008]  DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
[    5.508891] CR0: 8005003b CR2: ffffe050 CR3: 125d2000 CR4: 000006d0
[    5.508891] Stack:
[    5.508891]  508b1000 5244ab00 5113335c 50829b80 508b1000 50853f54 00000202 410dec94
[    5.508891]  00000202 508b1000 00000000 00000001 50853f60 410dec94 5244ab00 50853f8c
[    5.508891]  410d9257 415566c0 525d1d5c 508b1000 00000000 00000000 50850f34 a98ab09b
[    5.508891] Call Trace:
[    5.508891]  [<410dec94>] ? putname+0x3f/0x42
[    5.508891]  [<410dec94>] ? putname+0x3f/0x42
[    5.508891]  [<410d9257>] ? do_execveat_common+0x4c1/0x58b
[    5.508891]  [<410d9335>] ? do_execve+0x14/0x16
[    5.508891]  [<413635e7>] syscall_exit_work+0x7/0x9
[    5.508891] Code: 04 e0 ff ff fd 83 bf e0 03 00 00 00 74 05 e8 ba 45 04 00 fa 90 8d 74 26 00 eb af 5b 5e 5f 5d c3 55 89 e5 56 53 83 c4 80 8b 5d 08 <8b> b3 50 e0 ff ff 9c 58 8d 74 26 00 f6 c4 02 75 20 ff 73 2c 68
[    5.508891] EIP: [<41000f8d>] syscall_return_slowpath+0xb/0x106 SS:ESP 0068:50853f24
[    5.508891] CR2: 00000000ffffe050
[    5.508891] ---[ end trace 55b11003702d7327 ]---
[    5.508891] Kernel panic - not syncing: Fatal exception

git bisect start 3ad0cb4b37691132c8cca6e6f4cd701c2fb1bcf4 539f5113650068ba221197f190267ab727296ef5 --
git bisect good a3130857dcb459a154e82e078b9fa29f9979bed2  # 05:09     20+      0  x86/asm/entry/64: Simplify irq stack pt_regs handling
git bisect good f22e4ed33333d3cbf2806d80e0eb5bb0bbb87fdf  # 05:19     21+      0  x86/entry/32: Fix an incorrect comment for work_notifysig_v86
git bisect good 3f0d62a8f8c10af6444fb96c9d1c16e1d90b3700  # 05:25     22+      0  x86/vm86: Teach handle_vm86_trap to return to 32bit mode directly
git bisect  bad cef2d931e1112187cea5d6c9088bb0a4ee28c2a4  # 05:35      0-     22  x86/entry/32: Use prepare_exit_to_usermode and syscall_return_slowpath
# first bad commit: [cef2d931e1112187cea5d6c9088bb0a4ee28c2a4] x86/entry/32: Use prepare_exit_to_usermode and syscall_return_slowpath
git bisect good 3f0d62a8f8c10af6444fb96c9d1c16e1d90b3700  # 05:37     63+      2  x86/vm86: Teach handle_vm86_trap to return to 32bit mode directly
# extra tests with DEBUG_INFO
git bisect  bad cef2d931e1112187cea5d6c9088bb0a4ee28c2a4  # 05:41      0-     66  x86/entry/32: Use prepare_exit_to_usermode and syscall_return_slowpath
# extra tests on HEAD of luto/x86/entry
git bisect  bad 3ad0cb4b37691132c8cca6e6f4cd701c2fb1bcf4  # 05:41      0-     13  x86/irq: Document how IRQ context tracking works and add an assertion
# extra tests on tree/branch luto/x86/entry
git bisect  bad 3ad0cb4b37691132c8cca6e6f4cd701c2fb1bcf4  # 05:42      0-     13  x86/irq: Document how IRQ context tracking works and add an assertion
# extra tests with first bad commit reverted
# extra tests on tree/branch linus/master
git bisect good 052b398a43a7de8c68c13e7fa05d6b3d16ce6801  # 06:19     66+      3  Merge branch 'for-linus-1' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
# extra tests on tree/branch next/master
git bisect good c9d047c4ac9b380fb97ad9bd8b066782557dc65b  # 06:23     66+      9  Add linux-next specific files for 20150622


This script may reproduce the error.

----------------------------------------------------------------------------
#!/bin/bash

kernel=$1
initrd=quantal-core-i386.cgz

wget --no-clobber https://github.com/fengguang/reproduce-kernel-bug/raw/master/initrd/$initrd

kvm=(
	qemu-system-x86_64
	-enable-kvm
	-cpu kvm64
	-kernel $kernel
	-initrd $initrd
	-m 300
	-smp 2
	-device e1000,netdev=net0
	-netdev user,id=net0
	-boot order=nc
	-no-reboot
	-watchdog i6300esb
	-rtc base=localtime
	-serial stdio
	-display none
	-monitor null 
)

append=(
	hung_task_panic=1
	earlyprintk=ttyS0,115200
	systemd.log_level=err
	debug
	apic=debug
	sysrq_always_enabled
	rcupdate.rcu_cpu_stall_timeout=100
	panic=-1
	softlockup_panic=1
	nmi_watchdog=panic
	oops=panic
	load_ramdisk=2
	prompt_ramdisk=0
	console=ttyS0,115200
	console=tty0
	vga=normal
	root=/dev/ram0
	rw
	drbd.minor_count=8
)

"${kvm[@]}" --append "${append[*]}"
----------------------------------------------------------------------------

0-DAY kernel test infrastructure                Open Source Technology Center
https://lists.01.org/pipermail/lkp                          Intel Corporation

View attachment "dmesg-quantal-ivb41-110:20150623053442:i386-randconfig-i0-201525:4.1.0-rc6-00284-gcef2d93:1" of type "text/plain" (68383 bytes)

View attachment "config-4.1.0-rc6-00284-gcef2d93" of type "text/plain" (84349 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ