lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Mon, 27 Feb 2017 10:14:33 +0800
From:   kernel test robot <fengguang.wu@...el.com>
To:     Daniel Borkmann <daniel@...earbox.net>
Cc:     LKP <lkp@...org>, netdev@...r.kernel.org,
        linux-s390@...r.kernel.org, linux-kernel@...r.kernel.org,
        linux-arm-kernel@...ts.infradead.org, wfg@...ux.intel.com
Subject: [bpf] 9d876e79df:  BUG: unable to handle kernel paging request at 653a8346

Greetings,

0day kernel testing robot got the below dmesg and the first bad commit is

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master

commit 9d876e79df6a2f364b9f2737eacd72ceb27da53a
Author:     Daniel Borkmann <daniel@...earbox.net>
AuthorDate: Tue Feb 21 16:09:34 2017 +0100
Commit:     David S. Miller <davem@...emloft.net>
CommitDate: Tue Feb 21 13:30:14 2017 -0500

    bpf: fix unlocking of jited image when module ronx not set
    
    Eric and Willem reported that they recently saw random crashes when
    JIT was in use and bisected this to 74451e66d516 ("bpf: make jited
    programs visible in traces"). Issue was that the consolidation part
    added bpf_jit_binary_unlock_ro() that would unlock previously made
    read-only memory back to read-write. However, DEBUG_SET_MODULE_RONX
    cannot be used for this to test for presence of set_memory_*()
    functions. We need to use ARCH_HAS_SET_MEMORY instead to fix this;
    also add the corresponding bpf_jit_binary_lock_ro() to filter.h.
    
    Fixes: 74451e66d516 ("bpf: make jited programs visible in traces")
    Reported-by: Eric Dumazet <edumazet@...gle.com>
    Reported-by: Willem de Bruijn <willemb@...gle.com>
    Bisected-by: Eric Dumazet <edumazet@...gle.com>
    Signed-off-by: Daniel Borkmann <daniel@...earbox.net>
    Tested-by: Willem de Bruijn <willemb@...gle.com>
    Signed-off-by: David S. Miller <davem@...emloft.net>

d2852a2240  arch: add ARCH_HAS_SET_MEMORY config
9d876e79df  bpf: fix unlocking of jited image when module ronx not set
+-------------------------------------------------------+------------+------------+
|                                                       | d2852a2240 | 9d876e79df |
+-------------------------------------------------------+------------+------------+
| boot_successes                                        | 1224       | 89         |
| boot_failures                                         | 0          | 43         |
| BUG:unable_to_handle_kernel                           | 0          | 43         |
| Oops:#[##]                                            | 0          | 43         |
| EIP:__release_sock                                    | 0          | 3          |
| Kernel_panic-not_syncing:Fatal_exception              | 0          | 40         |
| EIP:bpf_prog_free                                     | 0          | 5          |
| EIP:filp_close                                        | 0          | 10         |
| EIP:__wake_up_common                                  | 0          | 3          |
| EIP:release_sock                                      | 0          | 2          |
| Kernel_panic-not_syncing:Fatal_exception_in_interrupt | 0          | 3          |
| EIP:unix_release_sock                                 | 0          | 14         |
| EIP:__rcu_process_callbacks                           | 0          | 1          |
| EIP:__unix_find_socket_byname                         | 0          | 2          |
| EIP:__netlink_lookup                                  | 0          | 1          |
| EIP:rht_bucket_nested                                 | 0          | 1          |
+-------------------------------------------------------+------------+------------+

[   12.906145] random: trinity: uninitialized urandom read (4 bytes read)
[   21.667060] sock: process `trinity-main' is using obsolete setsockopt SO_BSDCOMPAT
[   22.939767] sock: sock_set_timeout: `trinity-main' (pid 382) tries to set negative timeout
[   22.957952] sock: sock_set_timeout: `trinity-main' (pid 382) tries to set negative timeout
[   24.297654] VFS: Warning: trinity-c0 using old stat() call. Recompile your binary.
[   24.312991] BUG: unable to handle kernel paging request at 653a8346
[   24.325299] IP: __wake_up_common+0x1b/0x70
[   24.327809] *pde = 00000000 
[   24.327811] 
[   24.338150] Oops: 0000 [#1]
[   24.340057] CPU: 0 PID: 379 Comm: trinity-main Not tainted 4.10.0-rc8-02017-g9d876e7 #59
[   24.346946] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.9.3-20161025_171302-gandalf 04/01/2014
[   24.361096] task: d6cd17c0 task.stack: d6bb8000
[   24.363855] EIP: __wake_up_common+0x1b/0x70
[   24.368260] EFLAGS: 00010046 CPU: 0
[   24.379614] EAX: 653a8346 EBX: 00000246 ECX: 00000000 EDX: 00000001
[   24.382501] ESI: d6ccb26c EDI: d6ccb26c EBP: d6bb9e64 ESP: d6bb9e48
[   24.385660]  DS: 007b ES: 007b FS: 0000 GS: 0000 SS: 0068
[   24.388636] CR0: 80050033 CR2: 653a8346 CR3: 16d57000 CR4: 00000610
[   24.401881] DR0: 080ce000 DR1: 00000000 DR2: 00000000 DR3: 00000000
[   24.404793] DR6: ffff0ff0 DR7: 00000600
[   24.406811] Call Trace:
[   24.408278]  __wake_up+0x48/0x80
[   24.410052]  unix_release_sock+0xed/0x2d0
[   24.471745]  unix_release+0x1b/0x30
[   24.473621]  sock_release+0x18/0x70
[   24.484988]  ? ima_file_free+0xb/0xa0
[   24.487049]  sock_close+0x10/0x20
[   24.488838]  __fput+0xd6/0x200
[   24.490615]  ____fput+0xd/0x10
[   24.492610]  task_work_run+0x57/0x80
[   24.494621]  do_exit+0x213/0x9e0
[   24.507034]  ? ___might_sleep+0xa1/0x140
[   24.509082]  do_group_exit+0x33/0x90
[   24.511027]  SyS_exit_group+0x16/0x20
[   24.513158]  do_fast_syscall_32+0x9a/0x160
[   24.515430]  entry_SYSENTER_32+0x4c/0x7b
[   24.527175] EIP: 0xb77c5cc5
[   24.528695] EFLAGS: 00000292 CPU: 0
[   24.530581] EAX: ffffffda EBX: 00000000 ECX: 0000002d EDX: b77bc8ac
[   24.533601] ESI: 00000000 EDI: 00000001 EBP: bfd1fb58 ESP: bfd1fa6c
[   24.536691]  DS: 007b ES: 007b FS: 0000 GS: 0000 SS: 007b
[   24.550841] Code: 55 89 e5 e8 48 0e 7f 00 5d c3 66 90 66 90 66 90 55 89 e5 57 56 53 83 ec 10 e8 32 0e 7f 00 89 c7 89 45 ec 8b 00 89 55 f0 89 4d e8 <8b> 10 39 c7 8d 58 f4 8d 72 f4 75 0b eb 3b 8d b4 26 00 00 00 00
[   24.560353] EIP: __wake_up_common+0x1b/0x70 SS:ESP: 0068:d6bb9e48
[   24.571547] CR2: 00000000653a8346
[   24.573551] ---[ end trace d208903f8b9ffa11 ]---
[   24.576150] Kernel panic - not syncing: Fatal exception

git bisect start 36fd98883ef26e06ac5e1f99569930f19d59da0a 7089db84e356562f8ba737c29e472cc42d530dbc --
git bisect  bad 91908381ef0f5509e823d518c3e7c97141620db3  # 11:58     17-     18  Merge 'linux-review/Codrut-Grosu/ASoC-ux500-Added-to-the-next-line/20170226-035023' into devel-catchup-201702260425
git bisect  bad 0838cbbd5637d7bb585c370d073f80008760c339  # 12:25      8-      9  Merge 'linux-review/Codrut-Grosu/ASoC-ux500-Added-blank-line-after-declarations/20170226-040437' into devel-catchup-201702260425
git bisect  bad b3dac24e69442026a2e46d0a770eff184bebf037  # 13:04      2-      4  Merge 'linux-review/John-Fastabend/XDP-for-ixgbe/20170226-013816' into devel-catchup-201702260425
git bisect good 200859542c312ac76fa786c31d0fbf0adfb5d5ce  # 16:24    206+      0  0day base guard for 'devel-catchup-201702260425'
git bisect good 661091093918657ab544fb8ca91a5ab172a986dc  # 16:53    203+      0  net: ipv4: remove fib_lookup.h from devinet.c include list
git bisect good dfcb7a14866b8c34b2d3a74ae31631e1d4e7f591  # 17:11    210+      0  Merge branch 'ipvtap'
git bisect good 3b4735281f67b0aa62bf74c8a1a7758c17f7158d  # 17:30    210+      0  nfp: Use PCI_DEVICE_ID_NETRONOME_NFP* defines
git bisect good bd5ca062ba7d24bcc28f637aa90056f642a35dfa  # 17:50    210+      0  nfp: report NSP ABI version in ethtool FW version
git bisect  bad 1faaa78f36cb2915ae89138ba5846f87ade85dcb  # 17:58    102-     47  bnxt_en: use eth_hw_addr_random()
git bisect good daf1f1e7841138cb0e48d52c8573a5f064d8f495  # 18:28    308+      0  bnxt_en: Fix NULL pointer dereference in a failure path during open.
git bisect good ab42676af052e6d3502b31c2dc6b07af08ff126f  # 18:41    307+      0  net: mvpp2: handle too large value in mvpp2_rx_time_coal_set()
git bisect good 0e0372816b9cbd22c82e3e7cd36e8e74c58ba641  # 21:18    310+      0  net: mvpp2: switch to build_skb() in the RX path
git bisect good 29869d66870a715177bfb505f66a7e0e8bcc89c3  # 21:37    310+      0  tcp: Revert "tcp: tcp_probe: use spin_lock_bh()"
git bisect good d2852a2240509e512712e25de2d0796cda435ecb  # 21:57    310+      0  arch: add ARCH_HAS_SET_MEMORY config
git bisect  bad d54fef315399e0b16f8ae2b41167f34f8df12e88  # 22:25     10-     11  Merge branch 'bpf-unlocking-fix'
git bisect  bad 9d876e79df6a2f364b9f2737eacd72ceb27da53a  # 08:58     38-     20  bpf: fix unlocking of jited image when module ronx not set
# first bad commit: [9d876e79df6a2f364b9f2737eacd72ceb27da53a] bpf: fix unlocking of jited image when module ronx not set
git bisect good d2852a2240509e512712e25de2d0796cda435ecb  # 10:01    910+      0  arch: add ARCH_HAS_SET_MEMORY config
# extra tests on HEAD of linux-devel/devel-catchup-201702260425
git bisect  bad 36fd98883ef26e06ac5e1f99569930f19d59da0a  # 10:07     20-     26  0day head guard for 'devel-catchup-201702260425'
# extra tests on tree/branch linus/master
git bisect  bad e5d56efc97f8240d0b5d66c03949382b6d7e5570  # 10:07      0-      4  Merge tag 'watchdog-for-linus-v4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging
# extra tests on tree/branch linux-next/master
git bisect  bad 3e7350242c6f3d41d28e03418bd781cc1b7bad5f  # 10:14      5-      7  Add linux-next specific files for 20170224

---
0-DAY kernel test infrastructure                Open Source Technology Center
https://lists.01.org/pipermail/lkp                          Intel Corporation

Download attachment "dmesg-quantal-intel12-44:20170226223341:i386-randconfig-r0-201709:4.10.0-rc8-02017-g9d876e7:59.gz" of type "application/gzip" (15908 bytes)

View attachment "reproduce-quantal-intel12-44:20170226223341:i386-randconfig-r0-201709:4.10.0-rc8-02017-g9d876e7:59" of type "text/plain" (890 bytes)

View attachment "config-4.10.0-rc8-02017-g9d876e7" of type "text/plain" (80806 bytes)

Powered by blists - more mailing lists