c3b5b19df0 [ 74.964959] BUG: Bad page state in process trinity-c1 pfn:164cf
by kernel test robot
Greetings,
0day kernel testing robot got the below dmesg and the first bad commit is
https://git.kernel.org/pub/scm/linux/kernel/git/mel/linux.git mm-pagealloc-irqpvec-v1r8
commit c3b5b19df02e1142e5bf29b1b1e8a62ec2496386
Author: Mel Gorman <mgorman(a)techsingularity.net>
AuthorDate: Wed Oct 25 17:17:30 2017 +0100
Commit: Mel Gorman <mgorman(a)techsingularity.net>
CommitDate: Tue Aug 21 14:21:27 2018 +0100
mm, pagealloc: Use a pagevec as an order-0 buffer for allocations from irq context
The per-allocator being preempt-safe poses a problem for allocations from
interrupt context -- hard irq, soft irq and those with BH disabled. These
must go through the main buddy allocator with a single lock being contended.
It's non-trivial to just allow softirq allocations to use the per-cpu
allocator as it forces us to check for irqs_disabled which is extremely
expensive in itself. Similarly, we could split per-cpu allocator from per-cpu
stats and then split the per-cpu allocator in two for IRQ and !IRQ contexts
but that is a lot of complexity that may not be necessary.
This patch uses a per-zone pagevec-like structure which gives a fixed-size
buffer of order-0 pages. The bulk of the complexity is dealing with refilling
and draining the pagevecs but at the most basic level, the fast path for
an allocation and free of a page is an irq-safe lock, update a counter,
fetch a pointer, irq-restore unlock. This should be a far shorter path
than the full buddy allocator while still avoiding disabling irqs for
allocations from other contexts.
No data is available on this one as it requires a high-speed network but
it does not crash.
Note however that this could form the basis of a bulk page allocator by
having a caller allocate the page and allocate it as pagevec_large and
then slightly modify irq_alloc_page and irq_free_page. At minimum that
would give batching of a static size. If the caller wanted to specify
batch sizes then it could be added to the pagevec_large structure.
Signed-off-by: Mel Gorman <mgorman(a)techsingularity.net>
c6eca9dabd mm: define pagevec_large
c3b5b19df0 mm, pagealloc: Use a pagevec as an order-0 buffer for allocations from irq context
+-------------------------------+------------+------------+
| | c6eca9dabd | c3b5b19df0 |
+-------------------------------+------------+------------+
| boot_successes | 531 | 179 |
| boot_failures | 0 | 9 |
| BUG:Bad_page_state_in_process | 0 | 9 |
+-------------------------------+------------+------------+
[child1:661] acct (163) returned ENOSYS, marking as inactive.
[child1:661] shmctl (31) returned ENOSYS, marking as inactive.
[ 65.823234] raw_sendmsg: trinity-c2 forgot to set AF_INET. Fix it!
[child3:706] shmget (29) returned ENOSYS, marking as inactive.
[child3:706] process_vm_readv (310) returned ENOSYS, marking as inactive.
[ 74.964959] BUG: Bad page state in process trinity-c1 pfn:164cf
[ 74.971136] page:ffffea00005933c0 count:0 mapcount:0 mapping:0000000000000000 index:0x0
[ 74.974590] flags: 0x1fffc0000000004(referenced)
[ 74.977927] raw: 01fffc0000000004 dead000000000100 dead000000000200 0000000000000000
[ 74.980743] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[ 74.983454] page dumped because: PAGE_FLAGS_CHECK_AT_PREP flag set
[ 74.985546] bad because of flags: 0x4(referenced)
[ 74.987204] CPU: 0 PID: 771 Comm: trinity-c1 Tainted: G T 4.18.0-10890-gc3b5b19 #1
[ 74.990477] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
[ 74.996575] Call Trace:
[ 74.997659] dump_stack+0x71/0xab
[ 74.998892] bad_page+0x16c/0x1f0
[ 75.000234] rmqueue_bulk+0x569/0xaf0
[ 75.001829] ? deref_stack_reg+0xa8/0xe0
[ 75.003375] ? __read_once_size_nocheck+0x10/0x10
[ 75.005222] ? irq_pvec_alloc_zone+0x750/0x750
[ 75.010423] ? preempt_count_add+0x7d/0x140
[ 75.011860] ? prep_new_page+0x16e/0x250
[ 75.013380] get_page_from_freelist+0x1555/0x2440
[ 75.015060] ? deref_stack_reg+0xa8/0xe0
[ 75.016658] ? prep_new_page+0x16e/0x250
[ 75.018052] ? __read_once_size_nocheck+0x10/0x10
[ 75.020073] ? __free_pages+0x40/0x40
[ 75.024535] ? unwind_next_frame+0x88e/0x1860
[ 75.026177] ? __save_stack_trace+0x59/0xf0
[ 75.027794] ? deref_stack_reg+0xa8/0xe0
[ 75.029251] __alloc_pages_nodemask+0x1fc/0x1ab0
[ 75.031044] ? unwind_next_frame+0x88e/0x1860
[ 75.032607] ? __save_stack_trace+0x59/0xf0
[ 75.034277] ? __alloc_pages_direct_compact+0x300/0x300
[ 75.036072] ? rcu_is_watching+0xc/0x20
[ 75.037581] ? kernel_text_address+0x63/0x90
[ 75.039018] ? __kernel_text_address+0x9/0x30
[ 75.040653] ? unwind_get_return_address+0x51/0x90
[ 75.042401] ? __save_stack_trace+0x8d/0xf0
[ 75.044056] ? kasan_kmalloc+0x142/0x170
[ 75.045436] ? kmem_cache_alloc+0xcf/0x180
[ 75.047189] ? anon_vma_fork+0x1ac/0x5c0
[ 75.048664] ? copy_process+0x3625/0x8230
[ 75.050343] pte_alloc_one+0xe/0x90
[ 75.051630] __pte_alloc+0x1a/0x1e0
[ 75.055467] copy_pte_range+0x6d2/0xd50
[ 75.056946] ? init_object+0x66/0x80
[ 75.058242] ? ___slab_alloc+0x5bd/0x600
[ 75.059871] ? anon_vma_fork+0x1ac/0x5c0
[ 75.061308] ? _vm_normal_page+0x240/0x240
[ 75.062838] ? anon_vma_clone+0xbc/0x560
[ 75.064347] copy_page_range+0x584/0x800
[ 75.065676] copy_process+0x39aa/0x8230
[ 75.070117] ? __cleanup_sighand+0x30/0x30
[ 75.075053] ? __might_fault+0x82/0xb0
[ 75.076516] ? _copy_to_user+0x80/0xa0
[ 75.092580] _do_fork+0x14c/0x720
[ 75.095582] ? fork_idle+0x2a0/0x2a0
[ 75.098649] ? __x64_sys_clock_gettime+0x10a/0x150
[ 75.101976] ? __x64_sys_clock_settime+0x180/0x180
[ 75.105317] do_syscall_64+0xe4/0x810
[ 75.107663] ? __do_page_fault+0x53f/0x900
[ 75.110482] ? syscall_return_slowpath+0x190/0x190
[ 75.114448] ? bad_area_access_error+0x320/0x320
[ 75.115987] ? async_page_fault+0x8/0x30
[ 75.120343] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 75.124194] RIP: 0033:0x452bfb
[ 75.126524] Code: db 45 85 f6 0f 85 95 01 00 00 64 4c 8b 04 25 10 00 00 00 31 d2 4d 8d 90 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 d6 00 00 00 85 c0 41 89 c5 0f 85 dd 00 00
[ 75.138086] RSP: 002b:00007ffee28cbe30 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 75.143865] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000452bfb
[ 75.149067] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
[ 75.153651] RBP: 00007ffee28cbe60 R08: 00000000013b9880 R09: 00000000013b9880
[ 75.166246] R10: 00000000013b9b50 R11: 0000000000000246 R12: 0000000000000000
[ 75.168359] R13: 000000000000003b R14: 0000000000000000 R15: 00000000cccccccd
[ 75.176950] Disabling lock debugging due to kernel taint
[child1:771] trace_fd was -1
[main] trace_fd was -1
# HH:MM RESULT GOOD BAD GOOD_BUT_DIRTY DIRTY_NOT_BAD
git bisect start 788f4de24701cd9e0b222c896ce88bb972366dbb 94710cac0ef4ee177a63b5227664b38c95bbf703 --
git bisect good 67ed6f11ed3b7e617674d752ae959723bb036729 # 06:43 G 173 0 1 3 Merge 'linux-review/michael-hennerich-analog-com/drivers-gpio-gpio-adp5588-Fix-sleep-in-atomic-context-bug/20180813-223722' into devel-hourly-2018082123
git bisect good 82a0da7611f9a1f18d75c6b4b11e0f6ea96f740c # 07:00 G 182 0 3 6 Merge 'linux-review/Li-RongQing/vxlan-reduce-dirty-cache-line-in-vxlan_find_mac/20180819-113644' into devel-hourly-2018082123
git bisect good 10c4cac938b8e288e3cfaa2d7b73180577ce4700 # 07:23 G 182 0 1 2 Merge 'linux-review/Alexey-Khoroshilov/rtc-isl1208-fix-error-handling-in-isl1208_probe/20180809-123742' into devel-hourly-2018082123
git bisect good d07c99a67188282a21f3caee5a325414cb714b31 # 07:45 G 175 0 1 1 Merge 'linux-review/Haishuang-Yan/ip6_vti-fix-a-null-pointer-deference-when-destroy-vti6-tunnel/20180820-105344' into devel-hourly-2018082123
git bisect good 8208f9a52b5fa5facc4da59b62d03b25d34be533 # 08:02 G 182 0 4 4 Merge 'linux-review/Kristian-Evensen/mt76-Enable-NL80211_EXT_FEATURE_CQM_RSSI_LIST/20180813-060746' into devel-hourly-2018082123
git bisect good 2856a28b09379255000672f22dcba72ecfdf67b8 # 08:52 G 174 0 0 0 Merge 'linux-review/YueHaibing/mlxsw-spectrum_flower-use-PTR_ERR_OR_ZERO/20180809-061323' into devel-hourly-2018082123
git bisect bad e7675f8a3929e932e0cf734686b4785de468d3de # 09:30 B 29 1 0 0 Merge 'mel/mm-pagealloc-irqpvec-v1r8' into devel-hourly-2018082123
git bisect good 719a4e9b01b13e955b7d017c55d695fc27c4dfcf # 09:53 G 178 0 3 3 Merge 'linux-review/Jianchao-Wang/scsi-use-blk_mq_run_hw_queues-in-scsi_kick_queue/20180808-182343' into devel-hourly-2018082123
git bisect good 671716070f89f349a6b14ca49892ee2502169aa4 # 10:10 G 182 0 2 2 Merge 'linux-review/Hans-de-Goede/ASoC-rt5670-Add-quirk-for-Thinkpad-8-tablet/20180822-004939' into devel-hourly-2018082123
git bisect good b6b694712fc17aa94dcb861ab48ecb3b17433986 # 10:31 G 176 0 0 0 Merge 'linux-review/Paul-Cercueil/clk-ingenic-Add-proper-Kconfig-entries/20180822-003241' into devel-hourly-2018082123
git bisect good c6eca9dabd29dc42f3c1bc5cc9659ed5d0ecec6f # 10:53 G 182 0 3 3 mm: define pagevec_large
git bisect bad c3b5b19df02e1142e5bf29b1b1e8a62ec2496386 # 11:04 B 31 3 0 0 mm, pagealloc: Use a pagevec as an order-0 buffer for allocations from irq context
# first bad commit: [c3b5b19df02e1142e5bf29b1b1e8a62ec2496386] mm, pagealloc: Use a pagevec as an order-0 buffer for allocations from irq context
git bisect good c6eca9dabd29dc42f3c1bc5cc9659ed5d0ecec6f # 11:27 G 516 0 1 4 mm: define pagevec_large
# extra tests with debug options
git bisect good c3b5b19df02e1142e5bf29b1b1e8a62ec2496386 # 11:44 G 177 0 3 3 mm, pagealloc: Use a pagevec as an order-0 buffer for allocations from irq context
# extra tests on HEAD of linux-devel/devel-hourly-2018082123
git bisect bad 788f4de24701cd9e0b222c896ce88bb972366dbb # 11:44 B 65 2 0 6 0day head guard for 'devel-hourly-2018082123'
# extra tests on tree/branch mel/mm-pagealloc-irqpvec-v1r8
git bisect bad c3b5b19df02e1142e5bf29b1b1e8a62ec2496386 # 11:51 B 173 9 0 0 mm, pagealloc: Use a pagevec as an order-0 buffer for allocations from irq context
# extra tests with first bad commit reverted
git bisect good 4daa0afba6ff4a05829462d2c29efdeb839cd3c8 # 12:14 G 182 0 3 3 Revert "mm, pagealloc: Use a pagevec as an order-0 buffer for allocations from irq context"
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/lkp Intel Corporation
2 years, 8 months
[ltp] 93531c6743:sctp6_ipsec_vti04.fail
by Rong Chen
FYI, we noticed the following commit (built with gcc-7):
commit 93531c6743157d7e8c5792f8ed1a57641149d62c ("net/ipv6: separate
handling of FIB entries from dst based routes")
git://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git
tags/next-20180419~47^2^2~2
in testcase: ltp
on test machine: 48 threads Intel(R) Xeon(R) CPU E5-2697 v2 @ 2.70GHz
with 64G memory
caused below changes (please refer to attached dmesg/kmsg for entire
log/backtrace):
[ 817.535569] <<<test_start>>>
[ 817.542283] tag=sctp6_ipsec_vti04 stime=1534831341
[ 817.552041] cmdline="sctp_ipsec_vti.sh -6 -A rfc4106_128 -p esp_aead
-m tunnel -s 100:1000:65535"
[ 817.564819] contacts=""
[ 817.570441] analysis=exit
[ 817.576343] <<<test_output>>>
[ 817.583577] sctp_ipsec_vti 1 TINFO: initialize 'lhost' 'ltp_ns_veth2'
interface
[ 817.595319] sctp_ipsec_vti 1 TINFO: set local addr 10.0.0.2/24
[ 817.605475] sctp_ipsec_vti 1 TINFO: set local addr fd00:1:1:1::2/64
[ 817.616365] sctp_ipsec_vti 1 TINFO: initialize 'rhost' 'ltp_ns_veth1'
interface
[ 817.628108] sctp_ipsec_vti 1 TINFO: set remote addr 10.0.0.1/24
[ 817.638348] sctp_ipsec_vti 1 TINFO: set remote addr fd00:1:1:1::1/64
[ 817.649072] sctp_ipsec_vti 1 TINFO: Network config (local -- remote):
[ 817.659788] sctp_ipsec_vti 1 TINFO: ltp_ns_veth2 -- ltp_ns_veth1
[ 817.669997] sctp_ipsec_vti 1 TINFO: 10.0.0.2/24 -- 10.0.0.1/24
[ 817.680251] sctp_ipsec_vti 1 TINFO: fd00:1:1:1::2/64 -- fd00:1:1:1::1/64
[ 817.691507] sctp_ipsec_vti 1 TINFO: Test vti6 + IPsec[esp_aead/tunnel]
[ 817.703149] sctp_ipsec_vti 1 TINFO: Add IPs to vti tunnel, loc:
fd00:23::1/64, rmt: fd00:23::2/64
[ 817.718487] sctp_ipsec_vti 1 TINFO: run server 'netstress -T sctp -S
fd00:23::2 -R 500000 -B /tmp/ltp-QvZoOT7MWt/LTP_sctp_ipsec_vti.Awwjm1ZYag'
[ 817.738916] sctp_ipsec_vti 1 TINFO: run client 'netstress -l -T sctp
-H fd00:23::2 -n 100 -N 100 -S fd00:23::1 -a 2 -r 500 -d tst_netload.res
-g 34480'
[ 817.758522] sctp_ipsec_vti 1 TPASS: netstress passed, time spent '37' ms
[ 817.771489] sctp_ipsec_vti 2 TINFO: run server 'netstress -T sctp -S
fd00:23::2 -R 500000 -B /tmp/ltp-QvZoOT7MWt/LTP_sctp_ipsec_vti.Awwjm1ZYag'
[ 817.792105] sctp_ipsec_vti 2 TINFO: run client 'netstress -l -T sctp
-H fd00:23::2 -n 1000 -N 1000 -S fd00:23::1 -a 2 -r 500 -d
tst_netload.res -g 41320'
[ 817.812122] sctp_ipsec_vti 2 TPASS: netstress passed, time spent '42' ms
[ 817.825243] sctp_ipsec_vti 3 TINFO: run server 'netstress -T sctp -S
fd00:23::2 -R 500000 -B /tmp/ltp-QvZoOT7MWt/LTP_sctp_ipsec_vti.Awwjm1ZYag'
[ 817.846071] sctp_ipsec_vti 3 TINFO: run client 'netstress -l -T sctp
-H fd00:23::2 -n 65535 -N 65535 -S fd00:23::1 -a 2 -r 500 -d
tst_netload.res -g 35507'
[ 817.866491] sctp_ipsec_vti 3 TPASS: netstress passed, time spent
'4844' ms
[ 825.136087] unregister_netdevice: waiting for ltp_vti0 to become
free. Usage count = 7
[ 835.384088] unregister_netdevice: waiting for ltp_vti0 to become
free. Usage count = 7
[ 845.632089] unregister_netdevice: waiting for ltp_vti0 to become
free. Usage count = 7
[ 855.880104] unregister_netdevice: waiting for ltp_vti0 to become
free. Usage count = 7
[ 866.136085] unregister_netdevice: waiting for ltp_vti0 to become
free. Usage count = 7
[ 876.384080] unregister_netdevice: waiting for ltp_vti0 to become
free. Usage count = 7
To reproduce:
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
bin/lkp qemu -k <bzImage> job-script # job-script is attached
in this email
Thanks,
Rong, Chen
2 years, 8 months
ab9ee8e38b [ 22.890412] WARNING: CPU: 0 PID: 632 at mm/usercopy.c:81 usercopy_warn
by kernel test robot
Greetings,
0day kernel testing robot got the below dmesg and the first bad commit is
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
commit ab9ee8e38b292f9a6698a4fedbb6ff8d08ce2012
Author: David Windsor <dave(a)nullcore.net>
AuthorDate: Thu Aug 24 16:57:57 2017 -0700
Commit: Kees Cook <keescook(a)chromium.org>
CommitDate: Mon Jan 15 12:08:00 2018 -0800
sctp: Define usercopy region in SCTP proto slab cache
The SCTP socket event notification subscription information need to be
copied to/from userspace. In support of usercopy hardening, this patch
defines a region in the struct proto slab cache in which userspace copy
operations are allowed. Additionally moves the usercopy fields to be
adjacent for the region to cover both.
example usage trace:
net/sctp/socket.c:
sctp_getsockopt_events(...):
...
copy_to_user(..., &sctp_sk(sk)->subscribe, len)
sctp_setsockopt_events(...):
...
copy_from_user(&sctp_sk(sk)->subscribe, ..., optlen)
sctp_getsockopt_initmsg(...):
...
copy_to_user(..., &sctp_sk(sk)->initmsg, len)
This region is known as the slab cache's usercopy region. Slab caches
can now check that each dynamically sized copy operation involving
cache-managed memory falls entirely within the slab's usercopy region.
This patch is modified from Brad Spengler/PaX Team's PAX_USERCOPY
whitelisting code in the last public patch of grsecurity/PaX based on my
understanding of the code. Changes or omissions from the original code are
mine and don't reflect the original grsecurity/PaX code.
Signed-off-by: David Windsor <dave(a)nullcore.net>
[kees: split from network patch, move struct members adjacent]
[kees: add SCTPv6 struct whitelist, provide usage trace]
Cc: Vlad Yasevich <vyasevich(a)gmail.com>
Cc: Neil Horman <nhorman(a)tuxdriver.com>
Cc: "David S. Miller" <davem(a)davemloft.net>
Cc: linux-sctp(a)vger.kernel.org
Cc: netdev(a)vger.kernel.org
Signed-off-by: Kees Cook <keescook(a)chromium.org>
93070d339d caif: Define usercopy region in caif proto slab cache
ab9ee8e38b sctp: Define usercopy region in SCTP proto slab cache
1f7a4c73a7 Merge tag '9p-for-4.19-2' of git://github.com/martinetd/linux
d7857ae43d Add linux-next specific files for 20180817
+-----------------------------------------+------------+------------+------------+---------------+
| | 93070d339d | ab9ee8e38b | 1f7a4c73a7 | next-20180817 |
+-----------------------------------------+------------+------------+------------+---------------+
| boot_successes | 262 | 81 | 239 | 52 |
| boot_failures | 1 | 5 | 24 | 4 |
| Mem-Info | 1 | | | |
| WARNING:at_mm/usercopy.c:#usercopy_warn | 0 | 5 | 24 | 4 |
| RIP:usercopy_warn | 0 | 5 | 24 | 4 |
+-----------------------------------------+------------+------------+------------+---------------+
Kernel tests: Boot OK!
01 00 00 00 60 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 00 00 00 00 00 00 00 fb 42 4d 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
[ 22.708080] can: request_module (can-proto-1) failed.
[ 22.853944] ------------[ cut here ]------------
[ 22.855033] Bad or missing usercopy whitelist? Kernel memory overwrite attempt detected to SLUB object 'SCTP' (offset 1332, size 4)!
[ 22.890412] WARNING: CPU: 0 PID: 632 at mm/usercopy.c:81 usercopy_warn+0x116/0x150
[ 22.892304] Modules linked in:
[ 22.892907] CPU: 0 PID: 632 Comm: trinity-main Not tainted 4.15.0-rc2-00026-gab9ee8e #2
[ 22.907533] task: 00000000b41fece2 task.stack: 00000000f1b1aaa1
[ 22.908706] RIP: 0010:usercopy_warn+0x116/0x150
[ 22.909730] RSP: 0018:ffffc9000090bd48 EFLAGS: 00010292
[ 22.910894] RAX: 0000000000000078 RBX: ffffffff8238882c RCX: 0000000000000000
[ 22.912259] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000246
[ 22.913628] RBP: ffffc9000090bd88 R08: 0000000001faf8bd R09: 000000000000b3d0
[ 22.914918] R10: ffffffff8238a127 R11: 0000000000000002 R12: 0000000000000000
[ 22.916308] R13: ffff88001c7eab30 R14: 0000000000000534 R15: 0000000000000534
[ 22.917944] FS: 00000000017cc880(0000) GS:ffff88001f600000(0000) knlGS:0000000000000000
[ 22.919809] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 22.921076] CR2: 0000000001047de0 CR3: 000000001ba56004 CR4: 00000000001606b0
[ 22.922382] Call Trace:
[ 22.922854] __check_heap_object+0x13d/0x260
[ 22.923681] __check_object_size+0x1dd/0x320
[ 22.924596] sctp_setsockopt+0x107c/0x2e70
[ 22.925379] ? __fdget+0x13/0x20
[ 22.926061] ? sockfd_lookup_light+0xae/0x140
[ 22.926906] sock_common_setsockopt+0x14/0x20
[ 22.927774] SyS_setsockopt+0x127/0x130
[ 22.928560] do_syscall_64+0x14c/0x870
[ 22.929279] ? trace_hardirqs_off_thunk+0x1a/0x34
[ 22.930315] entry_SYSCALL64_slow_path+0x25/0x25
[ 22.931270] RIP: 0033:0x45878a
[ 22.931909] RSP: 002b:00007ffca1de1378 EFLAGS: 00000202 ORIG_RAX: 0000000000000036
[ 22.933543] RAX: ffffffffffffffda RBX: 000000000000005c RCX: 000000000045878a
[ 22.935167] RDX: 0000000000000004 RSI: 0000000000000084 RDI: 0000000000000143
[ 22.936781] RBP: 0000000000000143 R08: 0000000000000004 R09: 0000000001045560
[ 22.938396] R10: 0000000001b806f0 R11: 0000000000000202 R12: 000000000183af50
[ 22.940003] R13: 00007ffca1de1390 R14: 000000000183af60 R15: 0000000000000002
[ 22.941627] Code: 44 d0 41 50 48 c7 c0 3a a6 37 82 41 56 48 c7 c6 33 a1 38 82 41 52 48 0f 44 f0 49 89 f8 31 c0 48 c7 c7 80 a1 38 82 e8 ca 44 d9 ff <0f> ff b9 01 00 00 00 31 d2 be 01 00 00 00 48 c7 c7 38 f6 77 82
[ 22.945952] ---[ end trace 4ba3dd769a294acf ]---
[ 61.066734] Writes: Total: 2 Max/Min: 0/0 Fail: 0
# HH:MM RESULT GOOD BAD GOOD_BUT_DIRTY DIRTY_NOT_BAD
git bisect start v4.16 v4.15 --
git bisect bad 1388c80438e69fc01d83fbe98da3cac24c3c8731 # 15:25 B 23 2 3 3 Merge branch 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
git bisect good 4bf772b14675411a69b3c807f73006de0fe4b649 # 15:55 G 77 0 4 4 Merge tag 'drm-for-v4.16' of git://people.freedesktop.org/~airlied/linux
git bisect bad 7e6127c1240ed569cdda2a67c8f03836f9f28c05 # 16:28 B 18 4 1 1 Merge tag 'linux-watchdog-4.16-rc1' of git://www.linux-watchdog.org/linux-watchdog
git bisect bad 567af7fc9d87df3228ef59864f77fe100ec0cee3 # 16:45 B 33 2 2 2 pinctrl: files should directly include apis they use
git bisect good 1726aa70e7e2f8967d60b4f836723b61f97db73e # 17:10 G 90 0 10 10 Merge branch 'fixes-v4.16-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
git bisect bad 4141cf676b9e345d3ddeb1710dd3156a09c50244 # 17:34 B 4 1 1 1 Merge branch 'i2c/for-4.16' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux
git bisect good 0771ad44a20bc512d1123bac728d3a89ea6febe6 # 18:01 G 91 0 2 2 Merge tag 'pstore-v4.16-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
git bisect bad 617aebe6a97efa539cc4b8a52adccd89596e6be0 # 18:35 B 38 5 0 0 Merge tag 'usercopy-v4.16-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
git bisect good df5f3cfc52fec828af92444bf02ad8fd4e4c59e3 # 18:57 G 91 0 6 6 ufs: Define usercopy region in ufs_inode_cache slab cache
git bisect bad 07dcd7fe89938934ddad65f738bc5aac89b8e54d # 19:11 B 6 1 0 0 fork: Define usercopy region in mm_struct slab caches
git bisect good 8c2bc895a9347846b33c47124a75db624aa83677 # 19:39 G 91 0 7 7 ip: Define usercopy region in IP proto slab cache
git bisect bad ab9ee8e38b292f9a6698a4fedbb6ff8d08ce2012 # 19:56 B 21 2 6 6 sctp: Define usercopy region in SCTP proto slab cache
git bisect good 93070d339d7bc6f6b07b64faf5134fd144e8ec48 # 20:17 G 88 0 7 7 caif: Define usercopy region in caif proto slab cache
# first bad commit: [ab9ee8e38b292f9a6698a4fedbb6ff8d08ce2012] sctp: Define usercopy region in SCTP proto slab cache
git bisect good 93070d339d7bc6f6b07b64faf5134fd144e8ec48 # 20:27 G 271 0 14 21 caif: Define usercopy region in caif proto slab cache
# extra tests with debug options
git bisect bad ab9ee8e38b292f9a6698a4fedbb6ff8d08ce2012 # 20:47 B 46 2 2 2 sctp: Define usercopy region in SCTP proto slab cache
# extra tests on HEAD of linux-devel/devel-spot-201808181134
git bisect bad d29be758fc9872a10f0e1e408674f20804bc9bac # 20:53 B 320 29 0 7 0day head guard for 'devel-spot-201808181134'
# extra tests on tree/branch linus/master
git bisect bad 1f7a4c73a739a63b3f108d8eda6f947fdc70dd65 # 21:18 B 27 1 0 0 Merge tag '9p-for-4.19-2' of git://github.com/martinetd/linux
# extra tests with first bad commit reverted
git bisect bad 6aabc53d346b0c9d4abd1430164566b1c3103434 # 21:45 B 0 2 17 0 Revert "sctp: Define usercopy region in SCTP proto slab cache"
# extra tests on tree/branch linux-next/master
git bisect bad d7857ae43dcc4b23e61672d365c8094239d7bae4 # 22:03 B 33 2 1 1 Add linux-next specific files for 20180817
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/lkp Intel Corporation
2 years, 8 months
02a5c550b2 BUG: kernel reboot-without-warning in test stage
by kernel test robot
Greetings,
0day kernel testing robot got the below dmesg and the first bad commit is
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
commit 02a5c550b2738f2bfea8e1e00aa75944d71c9e18
Author: Paul E. McKenney <paulmck(a)linux.vnet.ibm.com>
AuthorDate: Wed Nov 2 17:25:06 2016 -0700
Commit: Paul E. McKenney <paulmck(a)linux.vnet.ibm.com>
CommitDate: Mon Jan 23 11:44:18 2017 -0800
rcu: Abstract extended quiescent state determination
This commit is the fourth step towards full abstraction of all accesses
to the ->dynticks counter, implementing previously open-coded checks and
comparisons in new rcu_dynticks_in_eqs() and rcu_dynticks_in_eqs_since()
functions. This abstraction will ease changes to the ->dynticks counter
operation.
Signed-off-by: Paul E. McKenney <paulmck(a)linux.vnet.ibm.com>
Reviewed-by: Josh Triplett <josh(a)joshtriplett.org>
2625d469ba rcu: Abstract dynticks extended quiescent state enter/exit operations
02a5c550b2 rcu: Abstract extended quiescent state determination
307797159a pcmcia: remove long deprecated pcmcia_request_exclusive_irq() function
d7857ae43d Add linux-next specific files for 20180817
+------------------------------------------------------------------+------------+------------+------------+---------------+
| | 2625d469ba | 02a5c550b2 | 307797159a | next-20180817 |
+------------------------------------------------------------------+------------+------------+------------+---------------+
| boot_successes | 1097 | 496 | 85 | 574 |
| boot_failures | 1 | 15 | 18 | 21 |
| WARNING:at_mm/page_alloc.c:#__alloc_pages_nodemask | 1 | | | |
| BUG:kernel_reboot-without-warning_in_test_stage | 0 | 14 | 2 | 4 |
| Mem-Info | 0 | 1 | 16 | 16 |
| invoked_oom-killer:gfp_mask=0x | 0 | 0 | 16 | 16 |
| Kernel_panic-not_syncing:Out_of_memory_and_no_killable_processes | 0 | 0 | 16 | 16 |
| BUG:kernel_hang_in_test_stage | 0 | 0 | 0 | 1 |
+------------------------------------------------------------------+------------+------------+------------+---------------+
[main] Setsockopt(107 d 68b000 10) on fd 377 [17:3:768]
[main] Setsockopt(1 29 68b000 e3) on fd 378 [1:2:1]
[main] Setsockopt(1 28 68b000 40) on fd 379 [2:1:6]
[main] Setsockopt(1 d 68b000 8) on fd 381 [1:5:1]
[main] 375 sockets created based on info from socket cachefile.
BUG: kernel reboot-without-warning in test stage
# HH:MM RESULT GOOD BAD GOOD_BUT_DIRTY DIRTY_NOT_BAD
git bisect start v4.11 v4.10 --
git bisect bad ce70df089143c49385b4f32f39d41fb50fbf6a7c # 06:01 B 300 14 0 17 mm, gup: fix typo in gup_p4d_range()
git bisect bad 94eae8034002401d71ae950106659e16add36e77 # 06:02 B 307 8 0 10 Merge tag 'platform-drivers-x86-v4.11-1' of git://git.infradead.org/linux-platform-drivers-x86
git bisect bad 7bb033829ef3ecfc491c0ed0197966e8f197fbdc # 06:02 B 309 13 0 14 Merge tag 'rodata-v4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
git bisect bad f790bd9c8e826434ab6c326b225276ed0f73affe # 06:02 B 312 16 0 3 Merge tag 'regulator-v4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator
git bisect bad 4cee9fe53e4d181b608c7758090ed492b45d6801 # 06:02 B 302 8 0 0 Merge branch 'x86-apic-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
git bisect good 575260e3f8f8ac72dc0c41a4a20190d1a5f2b887 # 06:02 G 317 0 0 15 Merge branch 'core-debugobjects-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
git bisect bad 7f4eb0a6d5a76ee054acd7255c05b8d5ca31c5d9 # 06:02 B 303 10 0 14 Merge branch 'perf-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
git bisect bad f7458a5d631df2ecdbfe4a606053aba19913cc41 # 06:02 B 303 11 0 3 Merge branch 'core-rcu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
git bisect good 8dc79888a792f6c365c2a26903e49ff919e72488 # 06:03 G 310 0 0 0 rcu: Add lockdep checks to synchronous expedited primitives
git bisect good 7d025948e4982ee3fa741c0fa56385c8b4a7072d # 06:03 G 317 0 0 4 torture: Enable DEBUG_OBJECTS_RCU_HEAD for Tiny RCU
git bisect bad 38d30b336ccf8ee98e0e494a13738a0fade5a5e6 # 06:03 B 309 9 0 3 rcu: Adjust FQS offline checks for exact online-CPU detection
git bisect good 2625d469baeef3aabdfe122572e00c517e2d9451 # 06:03 G 933 0 0 13 rcu: Abstract dynticks extended quiescent state enter/exit operations
git bisect bad 3a19b46a5c17b12ef0691df19c676ba3da330a57 # 06:03 B 331 13 0 12 rcu: Check cond_resched_rcu_qs() state less often to reduce GP overhead
git bisect bad 02a5c550b2738f2bfea8e1e00aa75944d71c9e18 # 06:03 B 331 14 0 9 rcu: Abstract extended quiescent state determination
# first bad commit: [02a5c550b2738f2bfea8e1e00aa75944d71c9e18] rcu: Abstract extended quiescent state determination
git bisect good 2625d469baeef3aabdfe122572e00c517e2d9451 # 06:03 G 933 0 0 13 rcu: Abstract dynticks extended quiescent state enter/exit operations
# extra tests on HEAD of linux-review/Bhaskar-Singh/staging-rtl8188eu-Removed-a-function-and-coded-inline/20180819-034357
git bisect bad aecb9988cbfc07b01181e7e07feeb361db9c4ab9 # 06:04 B 56 2 0 0 staging: rtl8188eu: Removed a function and coded inline
# extra tests on tree/branch linus/master
git bisect bad 307797159ac25fe5a2048bf5c6a5718298edca57 # 06:19 B 27 1 0 14 pcmcia: remove long deprecated pcmcia_request_exclusive_irq() function
# extra tests on tree/branch linux-next/master
git bisect bad d7857ae43dcc4b23e61672d365c8094239d7bae4 # 06:20 B 325 4 0 24 Add linux-next specific files for 20180817
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/lkp Intel Corporation
2 years, 8 months
d1b40ae9ca [ 18.779992] BUG: unable to handle kernel paging request at c0351cd8
by kernel test robot
Greetings,
0day kernel testing robot got the below dmesg and the first bad commit is
https://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace.git siginfo-testing
commit d1b40ae9ca03353d22471f6b3b4fb0a3318db4b3
Author: Eric W. Biederman <ebiederm(a)xmission.com>
AuthorDate: Fri Aug 3 20:49:58 2018 -0500
Commit: Eric W. Biederman <ebiederm(a)xmission.com>
CommitDate: Fri Aug 3 20:49:58 2018 -0500
fork: Add delayed to the multiprocess list
Another tiny patch to hopefully give me information from the automated process.
Signed-off-by: "Eric W. Biederman" <ebiederm(a)xmission.com>
e7b63f587f fork: Allocate and initialize struct delayed on the stack
d1b40ae9ca fork: Add delayed to the multiprocess list
f7d417d272 fork: Don't restart fork if a signal happens during it.
+------------------------------------------------------------------+------------+------------+------------+
| | e7b63f587f | d1b40ae9ca | f7d417d272 |
+------------------------------------------------------------------+------------+------------+------------+
| boot_successes | 30 | 0 | 0 |
| boot_failures | 2 | 15 | 13 |
| invoked_oom-killer:gfp_mask=0x | 2 | 4 | 2 |
| Mem-Info | 2 | 4 | 2 |
| Kernel_panic-not_syncing:Out_of_memory_and_no_killable_processes | 2 | 4 | 2 |
| BUG:unable_to_handle_kernel | 0 | 11 | 11 |
| Oops:#[##] | 0 | 11 | 11 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 11 | 11 |
+------------------------------------------------------------------+------------+------------+------------+
[ 18.716468] Write protecting the kernel text: 10972k
[ 18.718347] Write protecting the kernel read-only data: 5020k
[ 18.719290] NX-protecting the kernel data: 11556k
[ 18.771963] random: init: uninitialized urandom read (12 bytes read)
[ 18.778831] kernel tried to execute NX-protected page - exploit attempt? (uid: 0)
[ 18.779992] BUG: unable to handle kernel paging request at c0351cd8
[ 18.780949] *pdpt = 0000000002515001 *pde = 0000000002c45063 *pte = 8000000000351063
[ 18.782149] Oops: 0011 [#1] SMP DEBUG_PAGEALLOC
[ 18.782845] CPU: 1 PID: 1 Comm: init Not tainted 4.18.0-rc1-00023-gd1b40ae #1
[ 18.783933] EIP: 0xc0351cd8
[ 18.784378] Code: 00 00 ce 89 ec c1 01 00 00 00 54 58 1b c1 bc 1c 35 c0 bc 1c 35 c0 80 20 35 c0 c8 1c 35 c0 c8 1c 35 c0 00 00 00 00 00 00 00 00 <f8> 5e 35 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00
[ 18.787286] EAX: cc352800 EBX: 00000000 ECX: 00000001 EDX: 00000001
[ 18.788238] ESI: 00000000 EDI: 01200011 EBP: c0355f70 ESP: c0355f00
[ 18.789193] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 EFLAGS: 00010282
[ 18.790230] CR0: 80050033 CR2: c0351cd8 CR3: 0c2face0 CR4: 000006f0
[ 18.791184] Call Trace:
[ 18.791583] ? __might_fault+0x77/0xa0
[ 18.792174] ? __might_sleep+0x110/0x130
[ 18.792783] ? __might_fault+0x77/0xa0
[ 18.793375] ? do_fast_syscall_32+0x114/0x3f0
[ 18.794059] ? entry_SYSENTER_32+0x4c/0x7b
[ 18.794694] Modules linked in:
[ 18.795182] CR2: 00000000c0351cd8
[ 18.795702] ---[ end trace 4948aea9da5830e5 ]---
[ 18.796418] EIP: 0xc0351cd8
# HH:MM RESULT GOOD BAD GOOD_BUT_DIRTY DIRTY_NOT_BAD
git bisect start 0ba345e507496b42fe9bde35c9b78241d1700b1c acb1872577b346bd15ab3a3f8dff780d6cca4b70 --
git bisect bad aa274fa37a22ee57fb3d78f6ff796ca352ff83c7 # 08:51 B 0 11 26 0 Merge 'rcar/vsp1/du/interlaced' into devel-catchup-201808050801
git bisect good 3f423d6cf0c1343ad7470a3663c732a1798f7488 # 09:04 G 11 0 0 2 Merge 'linux-review/Masahiro-Yamada/Kbuild-fix-and-clean-up-arch-um-Makefile/20180805-041727' into devel-catchup-201808050801
git bisect good a09d5cdee32bff4e06e57c7f873b2a97fd2ca22e # 09:15 G 11 0 0 0 Merge 'vfs/for-next' into devel-catchup-201808050801
git bisect bad 037f9fb597fcf5a7a6d78d4fed8e818ff84e9ef4 # 09:27 B 0 1 16 0 Merge 'sailus-media/for-4.19-5' into devel-catchup-201808050801
git bisect bad b0c5854ab59ea09bd16746c1505d99435aced2ad # 09:51 B 0 11 26 0 Merge 'spi/for-next' into devel-catchup-201808050801
git bisect bad 4a98cbbddc957b11a8b28057edf1e4ad581aadaa # 10:16 B 0 11 26 0 Merge 'userns/siginfo-testing' into devel-catchup-201808050801
git bisect good 5a883cee7442a5fd72e18eae895113fbd7b16110 # 10:31 G 10 0 7 9 signal: Push pid type down into __send_signal
git bisect good ff76703875fe278aa5e92b197dd9c619f57fc7b3 # 10:44 G 11 0 4 7 signal: Add .multiproces to signal_struct
git bisect bad 4c2e3f4d84079061c5bfaf2076bed031e0683738 # 10:54 B 0 6 21 0 fork: Return immediately if signals are pending.0;115;0c
git bisect bad d1b40ae9ca03353d22471f6b3b4fb0a3318db4b3 # 11:07 B 0 1 16 0 fork: Add delayed to the multiprocess list
git bisect good e7b63f587f37b70d2ea32795111482413800cc0c # 11:25 G 11 0 5 7 fork: Allocate and initialize struct delayed on the stack
# first bad commit: [d1b40ae9ca03353d22471f6b3b4fb0a3318db4b3] fork: Add delayed to the multiprocess list
git bisect good e7b63f587f37b70d2ea32795111482413800cc0c # 11:29 G 32 0 4 11 fork: Allocate and initialize struct delayed on the stack
# extra tests with debug options
git bisect bad d1b40ae9ca03353d22471f6b3b4fb0a3318db4b3 # 11:40 B 0 11 26 0 fork: Add delayed to the multiprocess list
# extra tests on HEAD of linux-devel/devel-catchup-201808050801
git bisect bad 0ba345e507496b42fe9bde35c9b78241d1700b1c # 11:40 B 0 13 31 0 0day head guard for 'devel-catchup-201808050801'
# extra tests on tree/branch userns/siginfo-testing
git bisect bad f7d417d272f92b867cd71f91926eaebe6b25d38f # 11:51 B 0 10 27 2 fork: Don't restart fork if a signal happens during it.
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/lkp Intel Corporation
2 years, 8 months
[PATCH] linux/bitmap.h: (buildbot-only) check if we have any compile-time zero-size bitmaps
by Rasmus Villemoes
Most of the inline bitmap functions are buggy if passed a compile-time
constant nbits==0. The convention is that the caller only guarantees
BITS_TO_LONGS(nbits) words can be accessed, which for nbits==0 is of
course 0. However, all the small_const_nbits() cases proceed to
dereferencing the passed src or dst pointers unconditionally.
Of course, nobody passes a literal 0 as nbits, but it could come about
from some odd CONFIG_ combination, or because the compiler is smart
enough to reduce some expression to 0, or... In any case, this patch is
just for the build-bots to chew on for various .config and arches to see
if we have any.
Since most (if not all, I'll check) of the out-of-line implementations
handle nbits==0 correctly, I'll probably just unconditionally add the
nbits>0 clause to small_const_nbits() to force the ool versions to be
used if any compile-time zero-size bitmap should turn up.
Not-really-signed-off-by: Rasmus Villemoes <linux(a)rasmusvillemoes.dk>
---
include/linux/bitmap.h | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/include/linux/bitmap.h b/include/linux/bitmap.h
index 1ee46f492267..a5879cb45687 100644
--- a/include/linux/bitmap.h
+++ b/include/linux/bitmap.h
@@ -196,8 +196,10 @@ extern int bitmap_print_to_pagebuf(bool list, char *buf,
#define BITMAP_FIRST_WORD_MASK(start) (~0UL << ((start) & (BITS_PER_LONG - 1)))
#define BITMAP_LAST_WORD_MASK(nbits) (~0UL >> (-(nbits) & (BITS_PER_LONG - 1)))
+int const_zero_size_bitmaps_are_buggy(void);
#define small_const_nbits(nbits) \
- (__builtin_constant_p(nbits) && (nbits) <= BITS_PER_LONG)
+ (__builtin_constant_p(nbits) && (nbits) <= BITS_PER_LONG && \
+ ((nbits) > 0 || const_zero_size_bitmaps_are_buggy()))
static inline void bitmap_zero(unsigned long *dst, unsigned int nbits)
{
--
2.16.4
2 years, 8 months
a13c600e15 ("x86/mm/pti: Move user W+X check into .."): WARNING: CPU: 0 PID: 1 at arch/x86/mm/dump_pagetables.c:283 note_page
by kernel test robot
Greetings,
0day kernel testing robot got the below dmesg and the first bad commit is
https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git x86/pti
commit a13c600e15de44ccf03df28d3311ef3cb754ed9b
Author: Joerg Roedel <jroedel(a)suse.de>
AuthorDate: Wed Aug 8 13:16:40 2018 +0200
Commit: Thomas Gleixner <tglx(a)linutronix.de>
CommitDate: Thu Aug 9 20:42:07 2018 +0200
x86/mm/pti: Move user W+X check into pti_finalize()
The user page-table gets the updated kernel mappings in pti_finalize(),
which runs after the RO+X permissions got applied to the kernel page-table
in mark_readonly().
But with CONFIG_DEBUG_WX enabled, the user page-table is already checked in
mark_readonly() for insecure mappings. This causes false-positive
warnings, because the user page-table did not get the updated mappings yet.
Move the W+X check for the user page-table into pti_finalize() after it
updated all required mappings.
Signed-off-by: Joerg Roedel <jroedel(a)suse.de>
Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de>
Cc: "H . Peter Anvin" <hpa(a)zytor.com>
Cc: linux-mm(a)kvack.org
Cc: Linus Torvalds <torvalds(a)linux-foundation.org>
Cc: Andy Lutomirski <luto(a)kernel.org>
Cc: Dave Hansen <dave.hansen(a)intel.com>
Cc: Josh Poimboeuf <jpoimboe(a)redhat.com>
Cc: Juergen Gross <jgross(a)suse.com>
Cc: Peter Zijlstra <peterz(a)infradead.org>
Cc: Borislav Petkov <bp(a)alien8.de>
Cc: Jiri Kosina <jkosina(a)suse.cz>
Cc: Boris Ostrovsky <boris.ostrovsky(a)oracle.com>
Cc: Brian Gerst <brgerst(a)gmail.com>
Cc: David Laight <David.Laight(a)aculab.com>
Cc: Denys Vlasenko <dvlasenk(a)redhat.com>
Cc: Eduardo Valentin <eduval(a)amazon.com>
Cc: Greg KH <gregkh(a)linuxfoundation.org>
Cc: Will Deacon <will.deacon(a)arm.com>
Cc: aliguori(a)amazon.com
Cc: daniel.gruss(a)iaik.tugraz.at
Cc: hughd(a)google.com
Cc: keescook(a)google.com
Cc: Andrea Arcangeli <aarcange(a)redhat.com>
Cc: Waiman Long <llong(a)redhat.com>
Cc: Pavel Machek <pavel(a)ucw.cz>
Cc: "David H . Gutteridge" <dhgutteridge(a)sympatico.ca>
Cc: joro(a)8bytes.org
Link: https://lkml.kernel.org/r/1533727000-9172-1-git-send-email-joro@8bytes.org
a29dba161a x86/relocs: Add __end_rodata_aligned to S_REL
a13c600e15 x86/mm/pti: Move user W+X check into pti_finalize()
81540b5937 Merge branch 'x86/pti'
+-----------------------------------------------------+------------+------------+------------+
| | a29dba161a | a13c600e15 | 81540b5937 |
+-----------------------------------------------------+------------+------------+------------+
| boot_successes | 64 | 0 | 0 |
| boot_failures | 0 | 43 | 35 |
| WARNING:at_arch/x86/mm/dump_pagetables.c:#note_page | 0 | 43 | 35 |
| EIP:note_page | 0 | 43 | 35 |
+-----------------------------------------------------+------------+------------+------------+
[ 9.633348] Write protecting the kernel read-only data: 2560k
[ 9.634304] rodata_test: all tests were successful
[ 9.635329] x86/mm: Checking user space page tables
[ 9.636271] ------------[ cut here ]------------
[ 9.637045] x86/mm: Found insecure W+X mapping at address (ptrval)/0xffc01000
[ 9.638228] WARNING: CPU: 0 PID: 1 at arch/x86/mm/dump_pagetables.c:283 note_page+0x66b/0x870
[ 9.639857] Modules linked in:
[ 9.640375] CPU: 0 PID: 1 Comm: swapper Not tainted 4.18.0-rc8-00061-ga13c600 #870
[ 9.641608] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
[ 9.642970] EIP: note_page+0x66b/0x870
[ 9.643589] Code: c6 00 10 00 00 75 d4 e9 0b fc ff ff 8b 43 0c c7 04 24 84 f4 7c 79 c6 05 82 ff 8f 79 01 89 44 24 08 89 44 24 04 e8 15 4d 00 00 <0f> 0b e9 bb fd ff ff 83 c2 0c 89 53 14 c7 43 18 00 00 00 00 e9 0d
[ 9.646710] EAX: 00000041 EBX: 8d037f4c ECX: 790332c0 EDX: 00000201
[ 9.647727] ESI: 00000000 EDI: 00000000 EBP: 8d037f24 ESP: 8d037ef4
[ 9.648745] DS: 007b ES: 007b FS: 0000 GS: 00e0 SS: 0068 EFLAGS: 00210286
[ 9.649861] CR0: 80050033 CR2: 7961fd7c CR3: 019c2000 CR4: 00000690
[ 9.650889] Call Trace:
[ 9.651304] ptdump_walk_pgd_level_core+0x25c/0x380
[ 9.652109] ? 0x79000000
[ 9.652548] ptdump_walk_user_pgd_level_checkwx+0x35/0x40
[ 9.653316] pti_finalize+0x68/0x70
[ 9.653702] ? rest_init+0xb0/0xb0
[ 9.654142] kernel_init+0x3b/0x110
[ 9.654526] ? schedule_tail_wrapper+0x9/0xc
[ 9.654999] ret_from_fork+0x2e/0x38
[ 9.655392] irq event stamp: 1756564
[ 9.655891] hardirqs last enabled at (1756563): [<79080c75>] console_unlock+0x405/0x590
[ 9.657293] hardirqs last disabled at (1756564): [<7960a964>] common_exception+0xf6/0x116
[ 9.658747] softirqs last enabled at (1755714): [<7960b091>] __do_softirq+0x1d1/0x205
[ 9.660065] softirqs last disabled at (1755707): [<79012997>] call_on_stack+0x47/0x60
[ 9.661267] ---[ end trace 77b3d4fa5b464bc9 ]---
[ 9.662063] x86/mm: Checked W+X mappings: FAILED, 8 W+X pages found.
# HH:MM RESULT GOOD BAD GOOD_BUT_DIRTY DIRTY_NOT_BAD
git bisect start e85b2d7cff5935e546bde680af031a845e540b3e 1ffaddd029c867d134a1dde39f540dcc8c52e274 --
git bisect bad fd42d9639f95a4efc31454eac7cfe528977460d4 # 03:24 B 0 1 29 13 Merge 'linux-review/zhouxianrong/zsmalloc-fix-linking-bug-in-init_zspage/20180810-024718' into devel-catchup-201808100258
git bisect good 33112e036381aaea4d96b0a3597d05ac8c0056c7 # 03:55 G 10 0 0 2 0day base guard for 'devel-catchup-201808100258'
git bisect bad 8db8f8032e729ba40be9d4dfef0729c9c4ac47ba # 04:05 B 0 1 18 2 Merge 'tip/x86/pti' into devel-catchup-201808100258
git bisect good b976690f5db26fbc7c2be413bfa0fbd270547a94 # 04:39 G 10 0 10 40 x86/mm/pti: Introduce pti_finalize()
git bisect good 6863ea0cda8725072522cd78bda332d9a0b73150 # 04:58 G 11 0 11 18 x86/mm: Remove in_nmi() warning from vmalloc_fault()
git bisect good 315706049c343794ad0d3e5b6f6b60b900457b11 # 05:06 G 11 0 1 1 Merge branch 'x86/pti-urgent' into x86/pti
git bisect good 16a3fe634f6a568c6234b8747e5d50487fed3526 # 05:15 G 11 0 1 1 x86/mm/pti: Clone kernel-image on PTE level for 32 bit
git bisect bad a13c600e15de44ccf03df28d3311ef3cb754ed9b # 05:23 B 0 2 21 4 x86/mm/pti: Move user W+X check into pti_finalize()
git bisect good a29dba161ad1a01bbfbc80aa184b089ddd169a4e # 05:39 G 10 0 0 0 x86/relocs: Add __end_rodata_aligned to S_REL
# first bad commit: [a13c600e15de44ccf03df28d3311ef3cb754ed9b] x86/mm/pti: Move user W+X check into pti_finalize()
git bisect good a29dba161ad1a01bbfbc80aa184b089ddd169a4e # 05:43 G 31 0 1 1 x86/relocs: Add __end_rodata_aligned to S_REL
# extra tests with debug options
git bisect bad a13c600e15de44ccf03df28d3311ef3cb754ed9b # 05:49 B 0 1 16 0 x86/mm/pti: Move user W+X check into pti_finalize()
# extra tests on HEAD of linux-devel/devel-catchup-201808100258
git bisect bad e85b2d7cff5935e546bde680af031a845e540b3e # 05:54 B 0 34 53 0 0day head guard for 'devel-catchup-201808100258'
# extra tests on tree/branch tip/x86/pti
git bisect bad a13c600e15de44ccf03df28d3311ef3cb754ed9b # 06:07 B 0 42 57 0 x86/mm/pti: Move user W+X check into pti_finalize()
# extra tests with first bad commit reverted
git bisect good ada51a550192bf1d3842d0e8b9335a56d062049a # 06:22 G 11 0 0 0 Revert "x86/mm/pti: Move user W+X check into pti_finalize()"
# extra tests on tree/branch tip/master
git bisect bad 81540b5937465348e9e623555e1c1e9dc7cf4434 # 06:27 B 0 3 36 18 Merge branch 'x86/pti'
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/lkp Intel Corporation
2 years, 8 months
1ecfd20c55 [ 17.754606] WARNING: CPU: 0 PID: 388 at arch/x86/kernel/hw_breakpoint.c:126 hw_breakpoint_danger_zone
by kernel test robot
Greetings,
0day kernel testing robot got the below dmesg and the first bad commit is
https://git.kernel.org/pub/scm/linux/kernel/git/luto/linux.git x86/fixes
commit 1ecfd20c5593057dc9ea645eeb7f10b674022ac0
Author: Andy Lutomirski <luto(a)kernel.org>
AuthorDate: Mon Mar 26 20:23:08 2018 -0700
Commit: Andy Lutomirski <luto(a)kernel.org>
CommitDate: Tue Jun 26 22:14:24 2018 -0700
debug instrumentation
813835028e Merge branch 'fixes-v4.18-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
1ecfd20c55 debug instrumentation
64fee25421 [WIP] x86/vdso: Disable retpolines
+-----------------------------------------------------------------------+------------+------------+------------+
| | 813835028e | 1ecfd20c55 | 64fee25421 |
+-----------------------------------------------------------------------+------------+------------+------------+
| boot_successes | 691 | 221 | 216 |
| boot_failures | 0 | 22 | 27 |
| WARNING:at_arch/x86/kernel/hw_breakpoint.c:#hw_breakpoint_danger_zone | 0 | 22 | 27 |
| RIP:hw_breakpoint_danger_zone | 0 | 22 | 27 |
+-----------------------------------------------------------------------+------------+------------+------------+
[ 13.287350] rb_produ-40 0.... 13176996us : ring_buffer_producer_thread: Sleeping for 10 secs
[ 13.288994] ---------------------------------
[ 13.289838] rcu-perf: Test complete
[ 16.601066] random: get_random_u32 called from bucket_table_alloc+0x7f/0x1a0 with crng_init=1
[ 16.621975] random: get_random_u32 called from cache_grow_begin+0x4b0/0x9d0 with crng_init=1
[ 17.754606] WARNING: CPU: 0 PID: 388 at arch/x86/kernel/hw_breakpoint.c:126 hw_breakpoint_danger_zone+0x80/0x89
[ 17.758223] Modules linked in:
[ 17.759187] CPU: 0 PID: 388 Comm: trinity-main Not tainted 4.18.0-rc2-00045-g1ecfd20 #1
[ 17.761642] RIP: 0010:hw_breakpoint_danger_zone+0x80/0x89
[ 17.763301] Code: 89 de e8 bc c3 11 00 4d 85 ff 78 1e 89 de 31 c9 31 d2 48 c7 c7 d8 7b d6 82 e8 a5 c3 11 00 49 8b b6 58 01 00 00 e9 25 ff ff ff <0f> 0b eb de 0f 1f 44 00 00 e8 bb 03 df 00 55 31 c0 48 c7 c2 40 9b
[ 17.767627] RSP: 0018:ffff88001eda3b20 EFLAGS: 00010086
[ 17.768552] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000
[ 17.769800] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffffffff82d67c08
[ 17.771043] RBP: ffff88001eda3b48 R08: ffff880016e0aa80 R09: 00000000fe6325d9
[ 17.772284] R10: ffff88001eda3b70 R11: 0000000000000001 R12: 0000000000000000
[ 17.773531] R13: 0000000000000000 R14: ffff880016c4e000 R15: ffffffff81000000
[ 17.774783] FS: 00007f2e97d0a700(0000) GS:ffffffff82a2c000(0000) knlGS:0000000000000000
[ 17.776188] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 17.777201] CR2: 0000000000982788 CR3: 000000001f3ee000 CR4: 00000000000006b0
[ 17.778449] Call Trace:
[ 17.779153] hw_breakpoint_add+0x44/0x50
[ 17.780373] event_sched_in+0xf8/0x2d0
[ 17.781563] group_sched_in+0x43/0x130
[ 17.782742] pinned_sched_in+0x7d/0x160
[ 17.783940] ? group_sched_in+0x130/0x130
[ 17.785185] visit_groups_merge+0xe5/0x160
[ 17.786804] ctx_sched_in+0x15c/0x1c0
[ 17.788157] perf_event_sched_in+0x2f/0x70
[ 17.789639] ctx_resched+0x5e/0xb0
[ 17.790703] __perf_install_in_context+0x182/0x1a0
[ 17.805247] ? perf_event_sysfs_show+0x30/0x30
[ 17.806646] remote_function+0x2d/0x40
[ 17.807786] smp_call_function_single+0x65/0xb0
[ 17.809185] ? perf_event_sysfs_show+0x30/0x30
[ 17.810564] task_function_call+0x36/0x50
[ 17.811809] ? __perf_event_enable+0x170/0x170
[ 17.813196] perf_install_in_context+0xf0/0x210
[ 17.814607] __do_sys_perf_event_open+0xaa8/0xd80
[ 17.816069] ? 0xffffffff81000000
[ 17.817114] __x64_sys_perf_event_open+0x20/0x30
[ 17.828769] do_syscall_64+0xdd/0x3b0
[ 17.829440] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 17.830346] RIP: 0033:0x7f2e9781f6d9
[ 17.830999] Code: 01 00 48 81 c4 80 00 00 00 e9 e4 fe ff ff 90 90 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 37 77 2c 00 31 d2 48 29 c2 64
[ 17.837871] RSP: 002b:00007fff0b06b138 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[ 17.842576] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 00007f2e9781f6d9
[ 17.843819] RDX: ffffffffffffffff RSI: 0000000000000000 RDI: 000000000068b000
[ 17.848439] RBP: 0000000000001697 R08: 0000000000000001 R09: 0000000000000004
[ 17.849688] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000402daa
[ 17.850934] R13: 00007fff0b06b360 R14: 0000000000000000 R15: 0000000000000000
[ 17.855567] ---[ end trace 1d1d01fd1168e46f ]---
[ 17.856386] Set DR7=10202
# HH:MM RESULT GOOD BAD GOOD_BUT_DIRTY DIRTY_NOT_BAD
git bisect start 2b9fae22613124ef10481cb98ec9c7a9bf59d888 94710cac0ef4ee177a63b5227664b38c95bbf703 --
git bisect bad 2195c63d5a7c8fea3694736b49003a965a12cd19 # 01:54 B 15 5 0 0 Merge 'jlayton/locks-next' into devel-catchup-201808151232
git bisect good 026562f142d7184265f5b11e3f315bc0911bedd7 # 02:09 G 44 0 0 0 Merge 'pmladek/for-linus' into devel-catchup-201808151232
git bisect good 43092f0f9dc3189360fa203e9b98c50010b24b2e # 02:29 G 44 0 0 0 Merge 'pci/next' into devel-catchup-201808151232
git bisect bad a8c2022af0d6d900d9a95be30e68846c3a84cbd0 # 02:43 B 43 1 0 0 Merge 'luto/x86/fixes' into devel-catchup-201808151232
git bisect good 1aaf9376385471bba7849ee05f3d55538a2db93d # 03:14 G 225 0 2 2 Merge 'ostr/for-linus-4.19' into devel-catchup-201808151232
git bisect good 182c781039556055b73fbb03054607f18562bcb2 # 03:59 G 229 0 0 0 Merge 'luto/x86/pti' into devel-catchup-201808151232
git bisect bad bb3bc1f923a2f6fe7912d22a1068fe29d6033d38 # 04:24 B 1 1 0 0 selftests/x86/sigreturn: Minor cleanups
git bisect bad 86e7fd3564497f657de30a36da4505799eebef01 # 04:37 B 46 5 0 0 selftests/x86/sigreturn/64: Fix spurious failures on AMD CPUs
git bisect bad 1ecfd20c5593057dc9ea645eeb7f10b674022ac0 # 04:50 B 10 1 0 0 debug instrumentation
# first bad commit: [1ecfd20c5593057dc9ea645eeb7f10b674022ac0] debug instrumentation
git bisect good 813835028e9ae1f18cd11bb0ec591d0f0577d96a # 05:25 G 679 0 2 2 Merge branch 'fixes-v4.18-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
# extra tests with debug options
git bisect bad 1ecfd20c5593057dc9ea645eeb7f10b674022ac0 # 05:43 B 18 1 0 0 debug instrumentation
# extra tests on HEAD of linux-devel/devel-catchup-201808151232
git bisect bad 2b9fae22613124ef10481cb98ec9c7a9bf59d888 # 05:43 B 294 49 0 3 0day head guard for 'devel-catchup-201808151232'
# extra tests on tree/branch luto/x86/fixes
git bisect bad 64fee254215c6f315279889db488514b46ddf331 # 06:05 B 17 3 0 1 [WIP] x86/vdso: Disable retpolines
# extra tests with first bad commit reverted
git bisect good 7af2b521b0a2c5b5b2a5a70fbbac9adaf42ec9e8 # 06:27 G 232 0 2 2 Revert "debug instrumentation"
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/lkp Intel Corporation
2 years, 8 months
782deabc72 ("add trace for rwsem"): BUG: unable to handle kernel paging request at f815aad0
by kernel test robot
Greetings,
0day kernel testing robot got the below dmesg and the first bad commit is
kemi/rwsem_issue/v0.1
commit 782deabc725a4d866dbefe0120394da40a2edd18
Author: Kemi Wang <kemi.wang(a)intel.com>
AuthorDate: Tue Aug 14 09:12:57 2018 +0800
Commit: Kemi Wang <kemi.wang(a)intel.com>
CommitDate: Tue Aug 14 10:01:49 2018 +0800
add trace for rwsem
Signed-off-by: Kemi Wang <kemi.wang(a)intel.com>
94710cac0e Linux 4.18
782deabc72 add trace for rwsem
+------------------------------------------+-------+------------+
| | v4.18 | 782deabc72 |
+------------------------------------------+-------+------------+
| boot_successes | 26 | 10 |
| boot_failures | 0 | 11 |
| BUG:unable_to_handle_kernel | 0 | 8 |
| Oops:#[##] | 0 | 9 |
| EIP:rwsem_wake | 0 | 9 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 9 |
| Mem-Info | 0 | 2 |
+------------------------------------------+-------+------------+
[ 11.802379] warning: process `trinity-c1' used the deprecated sysctl system call with
[ 11.815834] VFS: Warning: trinity-c1 using old stat() call. Recompile your binary.
[ 11.831522] VFS: Warning: trinity-c0 using old stat() call. Recompile your binary.
[ 11.832471] VFS: Warning: trinity-c0 using old stat() call. Recompile your binary.
[ 11.842078] VFS: Warning: trinity-c1 using old stat() call. Recompile your binary.
[ 13.871372] BUG: unable to handle kernel paging request at f815aad0
[ 13.872300] *pde = 00000000
[ 13.872754] Oops: 0000 [#1]
[ 13.873218] CPU: 0 PID: 1261 Comm: trinity-c3 Not tainted 4.18.0-00001-g782deab #2
[ 13.874278] EIP: rwsem_wake+0x51/0xb0
[ 13.874674] Code: 00 8b 56 04 89 c5 8d 46 04 39 c2 74 0b 89 f9 31 d2 89 f0 e8 d1 fd ff ff 89 d8 89 ea e8 e8 a3 64 00 8b 5c 24 18 83 fb 01 74 4e <8b> 3c 9d 40 17 6d c1 8b 35 c0 1c 9e c1 66 90 8b 15 b4 8c a8 c1 b8
[ 13.876722] EAX: 00000282 EBX: cdaa24e4 ECX: 00000007 EDX: 00000001
[ 13.877402] ESI: cd0d9ba0 EDI: cdacfe28 EBP: 00000282 ESP: cdacfe10
[ 13.878074] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068 EFLAGS: 00010282
[ 13.878976] CR0: 80050033 CR2: f815aad0 CR3: 0d1a5000 CR4: 00140690
[ 13.879932] Call Trace:
[ 13.880277] ? generic_file_write_iter+0x1bd/0x2a0
[ 13.880798] ? call_rwsem_wake+0xa/0xc
[ 13.881211] ? up_write+0x2a/0x30
[ 13.881570] ? generic_file_write_iter+0x1bd/0x2a0
[ 13.882126] ? do_iter_readv_writev+0x119/0x180
[ 13.882640] ? do_iter_write+0xa1/0x1c0
[ 13.883059] ? vfs_writev+0xaa/0xc0
[ 13.883436] ? vfs_writev+0x69/0xc0
[ 13.883816] ? find_held_lock+0x31/0xc0
[ 13.884240] ? do_writev+0x5c/0xc0
[ 13.884611] ? do_fast_syscall_32+0xa5/0x2f0
[ 13.885100] ? entry_SYSENTER_32+0x4c/0x7b
[ 13.885744] Modules linked in:
[ 13.886229] CR2: 00000000f815aad0
[ 13.886740] ---[ end trace 866f06d2c05c7929 ]---
[ 13.887461] EIP: rwsem_wake+0x51/0xb0
# HH:MM RESULT GOOD BAD GOOD_BUT_DIRTY DIRTY_NOT_BAD
git bisect start ffe1b7b61d7c6e94e01535dace87179f42a10738 94710cac0ef4ee177a63b5227664b38c95bbf703 --
git bisect bad a05cf1d1c01bb44e54c17a896b6f64983f54b81b # 11:56 B 3 4 1 4 Merge 'congwang/net-sched-fixes' into devel-catchup-201808141124
git bisect bad b7320d52e5d687c2924da201af8d5a0258542bcb # 12:06 B 1 4 0 4 Merge 'saeed/net-next' into devel-catchup-201808141124
git bisect bad 8c7a4074af60246017f37113e973c47cb4876fe9 # 12:11 B 0 3 23 4 Merge 'linux-review/Arnd-Bergmann/bnxt_en-take-coredump_record-structure-off-stack/20180814-105717' into devel-catchup-201808141124
git bisect bad 508861f83e2e0d1985f4fa764c69bc8e29b812a5 # 12:17 B 0 2 17 0 Merge 'linux-review/Yong-Zhi/ASoC-Intel-Skylake-Acquire-irq-after-RIRB-allocation/20180814-110753' into devel-catchup-201808141124
git bisect good 3e4fddb5be3870a122385b5e165d9460e5c2d7c5 # 12:28 G 19 0 3 4 0day base guard for 'devel-catchup-201808141124'
git bisect bad a9aedff9a70b752870a1339ec4e117694e69e104 # 12:34 B 2 10 0 3 Merge 'kemi/rwsem_issue/v0.1' into devel-catchup-201808141124
git bisect bad 782deabc725a4d866dbefe0120394da40a2edd18 # 12:38 B 5 4 2 4 add trace for rwsem
# first bad commit: [782deabc725a4d866dbefe0120394da40a2edd18] add trace for rwsem
# extra tests with debug options
git bisect bad 782deabc725a4d866dbefe0120394da40a2edd18 # 17:08 B 7 7 5 5 add trace for rwsem
# extra tests on HEAD of linux-devel/devel-catchup-201808141124
git bisect bad ffe1b7b61d7c6e94e01535dace87179f42a10738 # 17:51 B 0 7 22 0 0day head guard for 'devel-catchup-201808141124'
# extra tests on tree/branch kemi/rwsem_issue/v0.1
git bisect bad 782deabc725a4d866dbefe0120394da40a2edd18 # 18:12 B 3 12 1 1 add trace for rwsem
# extra tests with first bad commit reverted
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/lkp Intel Corporation
2 years, 8 months