lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <53f81507-4fa8-a1ce-2e69-38999724984b@c2h2.net>
Date:   Sun, 4 Dec 2016 18:57:57 -0600
From:   David F <dfitz7@...2.net>
To:     Adrian Hunter <adrian.hunter@...el.com>,
        linux-kernel@...r.kernel.org
Cc:     Joerg Roedel <jroedel@...e.de>, Denis Bychkov <manover@...il.com>
Subject: Re: 4.3 kernel panics when MMC/SDHC card is inserted on thinkpad

On 16/12/15 09:50, Adrian Hunter wrote:
> 
> 
> On 15/12/15 18:01, Ulf Hansson wrote:
>> +Adrian
>>
>> On 8 November 2015 at 23:05, Denis Bychkov <manover@...il.com> wrote:
>>> The only started in 4.3 kernel (at least RC-5), 4.2.x does not have
>>> this problem. The kernel panic happens immediately after the SDHC card
>>> is inserted, reproducibility is 100%. If the system boots up with the
>>> card already inserted, it will crash as soon as sdhci_pci module is
>>> loaded. If the module is unloaded/blacklisted, obviously, nothing
>>> happens as the system does not see the MMC card reader.
>>> The machine is Lenovo thinkpad T-510 laptop with Intel Westmere
>>> CPU/3400 series chipset running 64-bit kernel 4.3.0.
>>>
>>
>> Hi Denis,
>>
>> Thanks for reporting and sorry for the delay!
>>
>> Unfortunate, this isn't really my area of expertise and I don't have
>> the HW. In other words, I don't think I will be able to help much.
>>
>> Instead, I am looping in Adrian Hunter, who might be able to have a
>> look at this.
> 
> Have you tried bisecting to find the commit that causes this?
> 

Hello,

I have been experiencing the same panics when inserting SDHC cards.

My environment differs from Denis in the following way:
-Thinkpad T420 with i5-2520M

Apart from that, identical symptoms. Issue still present in 4.9-rc7.

I note that if you disable Intel VT-D in the BIOS, this issue does not
occur.

I ran the requested git bisect today between 4.2 and 4.3-rc1 and it
narrowed down to the following commit:

# git bisect bad
f303e50766298feac17c8715e29ecd14b2c12680 is the first bad commit
commit f303e50766298feac17c8715e29ecd14b2c12680
Author: Joerg Roedel <jroedel@...e.de>
Date:   Thu Jul 23 18:37:13 2015 +0200

    iommu/vt-d: Avoid duplicate device_domain_info structures

    When a 'struct device_domain_info' is created as an alias
    for another device, this struct will not be re-used when the
    real device is encountered. Fix that to avoid duplicate
    device_domain_info structures being added.

    Signed-off-by: Joerg Roedel <jroedel@...e.de>

:040000 040000 8f5a7521ef1cdbd8e82b625c5348a1210fe1bf5d
5d2a156956e5cadc9ab35c48b661bbd5fe9d5587 M      drivers


Below is my oops, I apologize if netconsole has formatted it badly:

Aug 19 13:32:20 taz [  156.425627] ------------[ cut here ]------------
Aug 19 13:32:20 taz [  156.428136] kernel BUG at
drivers/iommu/intel-iommu.c:3682!
Aug 19 13:32:20 taz [  156.430630] invalid opcode: 0000 [#1] PREEMPT SMP
Aug 19 13:32:20 taz [  156.433138] Modules linked in:
Aug 19 13:32:20 taz nf_nat_sip
Aug 19 13:32:20 taz nf_conntrack_sip
Aug 19 13:32:20 taz ebtable_filter
Aug 19 13:32:20 taz ebtables
Aug 19 13:32:20 taz uvcvideo
Aug 19 13:32:20 taz videobuf2_vmalloc
Aug 19 13:32:20 taz videobuf2_memops
Aug 19 13:32:20 taz videobuf2_v4l2
Aug 19 13:32:20 taz videobuf2_core
Aug 19 13:32:20 taz iwldvm
Aug 19 13:32:20 taz mac80211
Aug 19 13:32:20 taz iwlwifi
Aug 19 13:32:20 taz
Aug 19 13:32:20 taz [  156.435979] CPU: 0 PID: 0 Comm: swapper/0 Not
tainted 4.7.0-c2h2 #2
Aug 19 13:32:20 taz [  156.438694] Hardware name: LENOVO
4236AR1/4236AR1, BIOS 83ET78WW (1.48 ) 01/21/2016
Aug 19 13:32:20 taz [  156.441423] task: ffffffff8260e540 ti:
ffffffff82600000 task.ti: ffffffff82600000
Aug 19 13:32:20 taz [  156.444155] RIP: 0010:[<ffffffff816acae3>]
Aug 19 13:32:20 taz [<ffffffff816acae3>] intel_unmap+0x1f3/0x200
Aug 19 13:32:20 taz [  156.446949] RSP: 0018:ffff88041e203e38  EFLAGS:
00010046
Aug 19 13:32:20 taz [  156.449706] RAX: 0000000000000000 RBX:
ffff88040b8fc0a0 RCX: 0000000000000a98
Aug 19 13:32:20 taz [  156.452535] RDX: 0000000000000000 RSI:
00000000fffec000 RDI: ffff88040b8fc0a0
Aug 19 13:32:20 taz [  156.455411] RBP: ffff88041e203e68 R08:
0000000000000000 R09: 0000000000000010
Aug 19 13:32:20 taz [  156.458276] R10: 0000000057b750b4 R11:
003b9aca00000000 R12: 0000000000000001
Aug 19 13:32:20 taz [  156.461125] R13: 00000000fffec000 R14:
00000000fffec000 R15: 0000000000001000
Aug 19 13:32:20 taz [  156.464001] FS:  0000000000000000(0000)
GS:ffff88041e200000(0000) knlGS:0000000000000000
Aug 19 13:32:20 taz [  156.466936] CS:  0010 DS: 0000 ES: 0000 CR0:
0000000080050033
Aug 19 13:32:20 taz [  156.469913] CR2: 00007f02dde4a000 CR3:
0000000002607000 CR4: 00000000000406f0
Aug 19 13:32:20 taz [  156.472917] Stack:
Aug 19 13:32:20 taz [  156.475883]  ffff8800da7308a0
Aug 19 13:32:20 taz 0000000000001000
Aug 19 13:32:20 taz 0000000000000001
Aug 19 13:32:20 taz ffff88040b8fc0a0
Aug 19 13:32:20 taz
Aug 19 13:32:20 taz [  156.478991]  00000000fffec000
Aug 19 13:32:20 taz 0000000000000001
Aug 19 13:32:20 taz ffff88041e203ea0
Aug 19 13:32:20 taz ffffffff816acb5e
Aug 19 13:32:20 taz
Aug 19 13:32:20 taz [  156.482132]  ffff8800da730540
Aug 19 13:32:20 taz ffff88040bdf7cc8
Aug 19 13:32:20 taz ffff8800da730788
Aug 19 13:32:20 taz 0000000000000247
Aug 19 13:32:20 taz
Aug 19 13:32:20 taz [  156.485338] Call Trace:
Aug 19 13:32:20 taz [  156.488574]  <IRQ>
Aug 19 13:32:20 taz 156.488574]  <IRQ> ace:
30540a000 CR3: 0000000002607000 CR4: 00000000000406f0
Aug 19 13:32:20 taz [  156.488613]  [<ffffffff816acb5e>]
intel_unmap_sg+0x6e/0x80
Aug 19 13:32:20 taz [  156.494835]  [<ffffffff81b5493e>]
sdhci_tasklet_finish+0x16e/0x1d0
Aug 19 13:32:20 taz [  156.498025]  [<ffffffff810dd47e>]
tasklet_action+0x16e/0x180
Aug 19 13:32:20 taz [  156.501239]  [<ffffffff810dd744>]
__do_softirq+0x94/0x2d0
Aug 19 13:32:20 taz [  156.504431]  [<ffffffff810ddad6>] irq_exit+0x96/0xa0
Aug 19 13:32:20 taz [  156.507605]  [<ffffffff8108b41b>] do_IRQ+0x5b/0xf0
Aug 19 13:32:20 taz [  156.510795]  [<ffffffff81ec72c2>]
common_interrupt+0x82/0x82
Aug 19 13:32:20 taz [  156.513991]  <EOI>
Aug 19 13:32:20 taz 156.513991]  <EOI> ffff81ec72c2>]
common_interrupt+0x82/0x82
Aug 19 13:32:20 taz [  156.514028]  [<ffffffff810b6256>] ?
native_safe_halt+0x6/0x10
Aug 19 13:32:20 taz [  156.520424]  [<ffffffff8162e973>]
arch_safe_halt+0x9/0xd
Aug 19 13:32:20 taz [  156.523499]  [<ffffffff8162f149>]
acpi_safe_halt+0x1d/0x26
Aug 19 13:32:20 taz [  156.526460]  [<ffffffff8162f16d>]
acpi_idle_do_entry+0x1b/0x2b
Aug 19 13:32:20 taz [  156.529297]  [<ffffffff8162f4d3>]
acpi_idle_enter+0x1de/0x200
Aug 19 13:32:20 taz [  156.532129]  [<ffffffff81092499>] ?
sched_clock+0x9/0x10
Aug 19 13:32:20 taz [  156.534950]  [<ffffffff81b3b708>]
cpuidle_enter_state+0x88/0x2b0
Aug 19 13:32:20 taz [  156.537785]  [<ffffffff81b3b952>]
cpuidle_enter+0x12/0x20
Aug 19 13:32:20 taz [  156.540626]  [<ffffffff811157e5>]
call_cpuidle+0x25/0x40
Aug 19 13:32:20 taz [  156.543469]  [<ffffffff81115aca>]
cpu_startup_entry+0x1ca/0x350
Aug 19 13:32:20 taz [  156.546318]  [<ffffffff81ebf28f>] rest_init+0x7f/0x90
Aug 19 13:32:20 taz [  156.549156]  [<ffffffff827e3f4a>]
start_kernel+0x40a/0x417
Aug 19 13:32:20 taz [  156.551972]  [<ffffffff827e3120>] ?
early_idt_handler_array+0x120/0x120
Aug 19 13:32:20 taz [  156.554795]  [<ffffffff827e3481>]
x86_64_start_reservations+0x2f/0x31
Aug 19 13:32:20 taz [  156.557617]  [<ffffffff827e35be>]
x86_64_start_kernel+0x13b/0x14a
Aug 19 13:32:20 taz [  156.560411] Code:
Aug 19 13:32:20 taz cf
Aug 19 13:32:20 taz ff
Aug 19 13:32:20 taz ff
Aug 19 13:32:20 taz 41
Aug 19 13:32:20 taz 8d
Aug 19 13:32:20 taz 57
Aug 19 13:32:20 taz 01
Aug 19 13:32:20 taz be
Aug 19 13:32:20 taz 08
Aug 19 13:32:20 taz 00
Aug 19 13:32:20 taz 00
Aug 19 13:32:20 taz 00
Aug 19 13:32:20 taz 48
Aug 19 13:32:20 taz c7
Aug 19 13:32:20 taz c7
Aug 19 13:32:20 taz 18
Aug 19 13:32:20 taz 60
Aug 19 13:32:20 taz 7b
Aug 19 13:32:20 taz 82
Aug 19 13:32:20 taz 48
Aug 19 13:32:20 taz 63
Aug 19 13:32:20 taz d2
Aug 19 13:32:20 taz e8
Aug 19 13:32:20 taz 0d
Aug 19 13:32:20 taz 07
Aug 19 13:32:20 taz ef
Aug 19 13:32:20 taz ff
Aug 19 13:32:20 taz 3b
Aug 19 13:32:20 taz 05
Aug 19 13:32:20 taz 8b
Aug 19 13:32:20 taz a6
Aug 19 13:32:20 taz 10
Aug 19 13:32:20 taz 01
Aug 19 13:32:20 taz 41
Aug 19 13:32:20 taz 89
Aug 19 13:32:20 taz c7
Aug 19 13:32:20 taz 7c
Aug 19 13:32:20 taz d5
Aug 19 13:32:20 taz e9
Aug 19 13:32:20 taz c6
Aug 19 13:32:20 taz fe
Aug 19 13:32:20 taz ff
Aug 19 13:32:20 taz ff
Aug 19 13:32:20 taz 0b
Aug 19 13:32:20 taz e8
Aug 19 13:32:20 taz 16
Aug 19 13:32:20 taz 65
Aug 19 13:32:20 taz 95
Aug 19 13:32:20 taz ff
Aug 19 13:32:20 taz e9
Aug 19 13:32:20 taz 3e
Aug 19 13:32:20 taz ff
Aug 19 13:32:20 taz ff
Aug 19 13:32:20 taz ff
Aug 19 13:32:20 taz 90
Aug 19 13:32:20 taz 55
Aug 19 13:32:20 taz 48
Aug 19 13:32:20 taz 89
Aug 19 13:32:20 taz f0
Aug 19 13:32:20 taz 48
Aug 19 13:32:20 taz 89
Aug 19 13:32:20 taz e5
Aug 19 13:32:20 taz 41
Aug 19 13:32:20 taz
Aug 19 13:32:20 taz [  156.567252] RIP
Aug 19 13:32:20 taz [<ffffffff816acae3>] intel_unmap+0x1f3/0x200
Aug 19 13:32:20 taz [  156.570418]  RSP <ffff88041e203e38>
Aug 19 13:32:20 taz [  156.573544] ---[ end trace 3df10ff5fe14bb13 ]---

Please let me know if I can be of further assistance.

Regards,
David

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ