lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Thu, 23 Feb 2017 21:10:39 +0100
From:   Pavel Machek <pavel@....cz>
To:     Josh Poimboeuf <jpoimboe@...hat.com>
Cc:     kernel list <linux-kernel@...r.kernel.org>, mingo@...nel.org,
        luto@...nel.org, bp@...en8.de, brgerst@...il.com,
        dvlasenk@...hat.com, hpa@...or.com, torvalds@...ux-foundation.org,
        peterz@...radead.org, tglx@...utronix.de
Subject: Re: v4.10: kernel stack frame pointer .. has bad value (null)

Hi!


> > > > Somehow, startup_32_smp() is on the stack twice.  The stack unwind led
> > > > to the startup_32_smp() frame at 0xf50cdf9c rather than the one at
> > > > 0xf50cdfa8 (which is where it should normally be).  So the question is
> > > > how startup_32_smp() got executed the second time, with the wrong stack
> > > > offset.
> > > 
> > > Not much idea... but this is stack dump, right? Just because some
> > > value is on the stack does not mean it is a return address, no?
> > 
> > Right, but the one at 0xf50cdfa8 is where the startup_32_smp() is
> > *supposed* to be.  If the unwinder had unwinded to that one, it wouldn't
> > have complained.  So it looks to me like the CPU somehow booted twice:
> > the first time at the right stack address, and the second time it
> > somehow ended up with a different stack address.
> > 
> > > And .... startup_32_smp is kind of "interesting" function. Take a
> > > look...
> > 
> > Yes, it's used in bringing up the CPU.
> 
> Can you share your .config?  

Here you go...

Meanwhile, another machine, same kernel:

[    0.359606] RPC: Registered tcp NFSv4.1 backchannel transport
module.
[    0.359681] pci 0000:00:02.0: Video device with shadowed ROM at
[mem 0x000c0000-0x000dffff]
[    0.392020] WARNING: kernel stack frame pointer at f4ca9f98 in
swapper/1:0 has bad value   (null)
[    0.392023] unwind stack type:0 next_sp:  (null) mask:a graph_idx:0
[    0.392026] f4ca9ee0: 00000000f4ca9ee8 (0xf4ca9ee8)
[    0.392031] f4ca9ee4: 00000000c40489b7 (irq_exit+0x87/0xa0)
[    0.392032] f4ca9ee8: 00000000f4ca9ef4 (0xf4ca9ef4)
[    0.392036] f4ca9eec: 00000000c402f6d3
(smp_apic_timer_interrupt+0x33/0x40)
[    0.392037] f4ca9ef0: 0000000000000000 ...
[    0.392038] f4ca9ef4: 00000000f4ca9efd (0xf4ca9efd)
[    0.392042] f4ca9ef8: 00000000c4b7ac8e
(apic_timer_interrupt+0x36/0x3c)
[    0.392042] f4ca9efc: 0000000000000000 ...
[    0.392044] f4ca9f0c: 00000000f4c82000 (0xf4c82000)
[    0.392045] f4ca9f10: 00000000f4ca9f38 (0xf4ca9f38)
[    0.392046] f4ca9f14: 0000000000000000 ...
[    0.392047] f4ca9f18: 0000000016e3007b (0x16e3007b)
[    0.392048] f4ca9f1c: 000000000000007b (0x7b)
[    0.392050] f4ca9f20: 00000000000000d8 (0xd8)
[    0.392051] f4ca9f24: 00000000175d00e0 (0x175d00e0)
[    0.392052] f4ca9f28: 00000000ffffff10 (0xffffff10)
[    0.392054] f4ca9f2c: 00000000c4b79883 (mwait_idle+0x43/0x70)
[    0.392055] f4ca9f30: 0000000000000060 (0x60)
[    0.392057] f4ca9f34: 0000000000200246 (0x200246)
[    0.392058] f4ca9f38: 00000000f4ca9f40 (0xf4ca9f40)
[    0.392061] f4ca9f3c: 00000000c401ed09 (arch_cpu_idle+0x9/0x10)
[    0.392062] f4ca9f40: 00000000f4ca9f48 (0xf4ca9f48)
[    0.392064] f4ca9f44: 00000000c4b799cf
(default_idle_call+0x1f/0x30)
[    0.392065] f4ca9f48: 00000000f4ca9f60 (0xf4ca9f60)
[    0.392069] f4ca9f4c: 00000000c4083345 (do_idle+0x155/0x1d0)
[    0.392071] f4ca9f50: 00000000f4c82000 (0xf4c82000)
[    0.392072] f4ca9f54: 00000000fa696c2c (0xfa696c2c)
[    0.392073] f4ca9f58: 0000000000000087 (0x87)
[    0.392074] f4ca9f5c: 00000000cdcd762c (0xcdcd762c)
[    0.392075] f4ca9f60: 00000000f4ca9f78 (0xf4ca9f78)
[    0.392078] f4ca9f64: 00000000c408361d
(cpu_startup_entry+0x5d/0x60)
[    0.392079] f4ca9f68: 000000001dc1ce68 (0x1dc1ce68)
[    0.392080] f4ca9f6c: 00000000fc816a87 (0xfc816a87)
[    0.392081] f4ca9f70: 0000000001020800 (0x1020800)
[    0.392083] f4ca9f74: 000000003e54bb16 (0x3e54bb16)
[    0.392084] f4ca9f78: 00000000f4ca9f98 (0xf4ca9f98)
[    0.392086] f4ca9f7c: 00000000c402d216
(start_secondary+0x176/0x1c0)
[    0.392088] f4ca9f80: 000000003e54bb16 (0x3e54bb16)
[    0.392089] f4ca9f84: 00000000cfe53ead (0xcfe53ead)
[    0.392090] f4ca9f88: 000000000a810020 (0xa810020)
[    0.392091] f4ca9f8c: 0000000000046210 (0x46210)
[    0.392092] f4ca9f90: 0000000000000000 ...
[    0.392094] f4ca9f94: 00000000f4ca9fac (0xf4ca9fac)
[    0.392095] f4ca9f98: 0000000000000000 ...
[    0.392097] f4ca9f9c: 00000000c4000237 (startup_32_smp+0x16b/0x16d)
[    0.392098] f4ca9fa0: 0000000000200002 (0x200002)
[    0.392099] f4ca9fa4: 0000000000000000 ...
[    0.392101] f4ca9fa8: 00000000c4000237 (startup_32_smp+0x16b/0x16d)
[    0.392102] f4ca9fac: 0000000000000000 ...
[    0.392103] f4ca9ff4: 0000000002008070 (0x2008070)
[    0.392104] f4ca9ff8: 0000000000200000 (0x200000)
[    0.392106] f4ca9ffc: 000000004398000c (0x4398000c)
[    2.368034] pci 0000:00:1d.7: EHCI: BIOS handoff failed (BIOS bug?)
01010001
[    2.368388] PCI: CLS 64 bytes, default 64
[    2.370561] workingset: timestamp_bits=30 max_order=20
bucket_order=0
[    2.371741] Installing knfsd (copyright (C) 1996
okir@...ad.swb.de).
[    2.372041] ntfs: driver 2.1.32 [Flags: R/W].



-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html

Download attachment ".config.gz" of type "application/gzip" (26643 bytes)

Download attachment "signature.asc" of type "application/pgp-signature" (182 bytes)

Powered by blists - more mailing lists