lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20151229124059.GC4678@wfg-t540p.sh.intel.com>
Date:	Tue, 29 Dec 2015 20:40:59 +0800
From:	Fengguang Wu <fengguang.wu@...el.com>
To:	Al Viro <viro@...iv.linux.org.uk>
Cc:	LKP <lkp@...org>, Huang Ying <ying.huang@...el.com>,
	LKML <linux-kernel@...r.kernel.org>
Subject: [memdup_user_nul] BUG: unable to handle kernel paging request at
 ffffffff880009ed

https://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs.git work.misc

commit c7af9d5728bed29ef614324e67e066896d087c8f
Author:     Al Viro <viro@...iv.linux.org.uk>
AuthorDate: Thu Dec 24 00:13:10 2015 -0500
Commit:     Al Viro <viro@...iv.linux.org.uk>
CommitDate: Thu Dec 24 10:52:16 2015 -0500

    kernel/*: switch to memdup_user_nul()
    
    Signed-off-by: Al Viro <viro@...iv.linux.org.uk>

+-------------------------------------------------------+------------+------------+------------+
|                                                       | c4af5f8aed | c7af9d5728 | 212424e0f1 |
+-------------------------------------------------------+------------+------------+------------+
| boot_successes                                        | 490        | 67         | 5          |
| boot_failures                                         | 10         | 63         | 14         |
| Out_of_memory:Kill_process                            | 10         |            |            |
| BUG:unable_to_handle_kernel                           | 0          | 62         | 14         |
| Oops                                                  | 0          | 62         | 14         |
| RIP:set_next_entity                                   | 0          | 62         | 14         |
| Kernel_panic-not_syncing:Fatal_exception              | 0          | 62         | 14         |
| general_protection_fault:#[##]                        | 0          | 1          |            |
| RIP:unregister_fair_sched_group                       | 0          | 1          |            |
| Kernel_panic-not_syncing:Fatal_exception_in_interrupt | 0          | 1          |            |
| backtrace:smpboot_thread_fn                           | 0          | 1          |            |
+-------------------------------------------------------+------------+------------+------------+

[   45.855573] init: Temporary process spawn error: No such file or directory
[   45.866228] init: Failed to create pty - disabling logging for job
[   45.870281] init: Temporary process spawn error: No such file or directory
[   45.881131] BUG: unable to handle kernel paging request at ffffffff880009ed
[   45.887905] IP: [<ffffffff810e214d>] set_next_entity+0x44/0x96
[   45.889827] PGD 23e3067 PUD 23e4063 PMD 0 
[   45.891496] Oops: 0000 [#1] 
[   45.892646] CPU: 0 PID: 231 Comm: init Not tainted 4.4.0-rc4-00029-gc7af9d5 #1
[   45.894985] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Debian-1.8.2-1 04/01/2014
[   45.898698] task: ffff880009a18000 ti: ffff880009af8000 task.ti: ffff880009af8000
[   45.901092] RIP: 0010:[<ffffffff810e214d>]  [<ffffffff810e214d>] set_next_entity+0x44/0x96
[   45.903777] RSP: 0018:ffff880009afbe40  EFLAGS: 00010046
[   45.905417] RAX: ffffffff81c4b320 RBX: ffff880009a18038 RCX: ffffffff8800098d
[   45.907509] RDX: ffff8800098d1200 RSI: ffff880009a18038 RDI: ffffffff8800098d
[   45.909615] RBP: ffff880009afbe58 R08: ffff880009a18060 R09: 0000000000000004
[   45.911717] R10: ffff880009a18000 R11: ffffffff810cb930 R12: ffffffff8800098d
[   45.913822] R13: ffff880009a94400 R14: 0000000000000001 R15: ffff880009a18000
[   45.915919] FS:  00007f526b82d700(0000) GS:ffffffff823f8000(0000) knlGS:0000000000000000
[   45.918468] CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[   45.920218] CR2: ffffffff880009ed CR3: 0000000009a96000 CR4: 00000000000006b0
[   45.923274] Stack:
[   45.924083]  ffff880009a18038 ffffffff8800098d ffff880009a94400 ffff880009afbe78
[   45.926895]  ffffffff810e3054 ffff880009a18000 ffffffff8242bb80 ffff880009afbeb8
[   45.929714]  ffffffff810e07da 0000000000000082 ffff880009a18000 ffff880009a18000
[   45.932525] Call Trace:
[   45.933462]  [<ffffffff810e3054>] set_curr_task_fair+0x2e/0x5a
[   45.935249]  [<ffffffff810e07da>] sched_move_task+0xd8/0x108
[   45.937096]  [<ffffffff810e63b9>] autogroup_move_group+0xc3/0xd6
[   45.938928]  [<ffffffff810e64f3>] sched_autogroup_create_attach+0xee/0x104
[   45.949864]  [<ffffffff810d042f>] sys_setsid+0xde/0xea
[   45.951508]  [<ffffffff81c34f33>] entry_SYSCALL_64_fastpath+0x16/0x7a
[   45.953454] Code: 2a e8 20 fb ff ff 4c 8d 6b 10 4d 39 6c 24 30 75 0d 4c 89 ef e8 63 8a 31 00 49 89 44 24 30 49 8d 74 24 28 4c 89 ef e8 0e 86 31 00 <49> 8b 7c 24 60 e8 cd f9 ff ff 48 89 43 40 49 89 5c 24 38 49 8b 
[   45.979087] RIP  [<ffffffff810e214d>] set_next_entity+0x44/0x96
[   45.981004]  RSP <ffff880009afbe40>
[   45.982202] CR2: ffffffff880009ed
[   45.983352] ---[ end trace 3543be28092f7cae ]---
[   46.000361] Kernel panic - not syncing: Fatal exception

git bisect start 212424e0f12362219dc6f53bb13f4af726825044 4ef7675344d687a0ef5b0d7c0cee12da005870c0 --
git bisect  bad 45e82e90e5e7072b4e304d19f84d2c1c4b3c7b41  # 16:55      0-      3  Merge 'linux-review/Jann-Horn/android-binder-fix-fput-comment/20151226-045614' into devel-spot-201512261608
git bisect  bad 9605f52d2f60ff9d808e3aae3b06651af8748e2b  # 17:02     10-      1  Merge 'linux-review/changbin-du-intel-com/usb-gadget-acm-set-notify_req-to-NULL-after-freed-to-avoid-double-free/20151226-120759' into devel-spot-201512261608
git bisect good e4faee14fcf2744599b3774b14c27eb8a1b24cd7  # 17:13    127+      6  Merge 'linux-review/SF-Markus-Elfring/i2c-core-One-function-call-less-in-acpi_i2c_space_handler-after-error-detection/20151226-151227' into devel-spot-201512261608
git bisect  bad cdac7c82b1842fa38e8b877ee841d813b26ae841  # 17:25     18-      3  Merge 'vfs/work.misc' into devel-spot-201512261608
git bisect good 9e6697e26f9888cdb6088664d31c3772b0dff0a4  # 17:38    129+      4  namei.c: fold set_root_rcu() into set_root()
git bisect good a98e80b2b86d1489d56859c948248738ad932be9  # 17:47    126+      1  switch wireless debugfs ->write() instances to memdup_user_nul()
git bisect  bad 9e38a427c41702e177f7691c6023adde7e6c711e  # 18:00      0-     19  put the remnants of ..._user_ret() to rest
git bisect  bad c7af9d5728bed29ef614324e67e066896d087c8f  # 18:06      0-     22  kernel/*: switch to memdup_user_nul()
git bisect good c4af5f8aed82ef30f6cf91bc3478b52c61cecd18  # 18:14    124+      4  cciss: switch to memdup_user_nul()
# first bad commit: [c7af9d5728bed29ef614324e67e066896d087c8f] kernel/*: switch to memdup_user_nul()
git bisect good c4af5f8aed82ef30f6cf91bc3478b52c61cecd18  # 18:24    366+      9  cciss: switch to memdup_user_nul()
# extra tests with DEBUG_INFO
git bisect  bad c7af9d5728bed29ef614324e67e066896d087c8f  # 18:30      0-      1  kernel/*: switch to memdup_user_nul()
# extra tests on HEAD of linux-devel/devel-spot-201512261608
git bisect  bad 212424e0f12362219dc6f53bb13f4af726825044  # 18:31      0-     14  0day head guard for 'devel-spot-201512261608'
# extra tests on tree/branch vfs/work.misc
git bisect  bad 15d8d69accf88da38aac73dd873ce56fd39b358a  # 18:42      0-      2  saner calling conventions for copy_mount_options()
# extra tests with first bad commit reverted
git bisect good 241dc6cc888af8cc59a6e1c3ddd4ee2e0da6d00d  # 19:05    370+      8  Revert "kernel/*: switch to memdup_user_nul()"
# extra tests on tree/branch linus/master
git bisect good 8db7b3c54401d83a4dc370a59b8692854000ea03  # 19:30    361+      5  Merge branch 'parisc-4.4-4' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux
# extra tests on tree/branch linux-next/master
git bisect good 80c75a0f1d81922bf322c0634d1e1a15825a89e6  # 19:40    366+      2  Add linux-next specific files for 20151223


This script may reproduce the error.

----------------------------------------------------------------------------
#!/bin/bash

kernel=$1
initrd=quantal-core-x86_64.cgz

wget --no-clobber https://github.com/fengguang/reproduce-kernel-bug/raw/master/initrd/$initrd

kvm=(
	qemu-system-x86_64
	-enable-kvm
	-cpu kvm64
	-kernel $kernel
	-initrd $initrd
	-m 300
	-smp 2
	-device e1000,netdev=net0
	-netdev user,id=net0
	-boot order=nc
	-no-reboot
	-watchdog i6300esb
	-rtc base=localtime
	-serial stdio
	-display none
	-monitor null 
)

append=(
	hung_task_panic=1
	earlyprintk=ttyS0,115200
	systemd.log_level=err
	debug
	apic=debug
	sysrq_always_enabled
	rcupdate.rcu_cpu_stall_timeout=100
	panic=-1
	softlockup_panic=1
	nmi_watchdog=panic
	oops=panic
	load_ramdisk=2
	prompt_ramdisk=0
	console=ttyS0,115200
	console=tty0
	vga=normal
	root=/dev/ram0
	rw
	drbd.minor_count=8
)

"${kvm[@]}" --append "${append[*]}"
----------------------------------------------------------------------------

---
0-DAY kernel test infrastructure                Open Source Technology Center
https://lists.01.org/pipermail/lkp                          Intel Corporation

View attachment "dmesg-quantal-vp-7:20151226180631:x86_64-randconfig-h0-12261632:4.4.0-rc4-00029-gc7af9d5:1" of type "text/plain" (68179 bytes)

View attachment "dmesg-quantal-intel12-18:20151226181225:x86_64-randconfig-h0-12261632:4.4.0-rc4-00028-gc4af5f8:1" of type "text/plain" (69379 bytes)

View attachment "config-4.4.0-rc4-00029-gc7af9d5" of type "text/plain" (106408 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ