Hi Kees,
0day kernel testing robot got the below dmesg and the first bad commit is
git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git seccomp-tsync-sighand
commit 8c959534443ab563ddbccdcfe6a0f2a4f6fcb863
Author: Kees Cook <[email protected]>
AuthorDate: Wed May 21 15:18:02 2014 -0700
Commit: Kees Cook <[email protected]>
CommitDate: Tue Jun 10 08:02:42 2014 -0700
seccomp: introduce writer locking
Normally, task_struct.seccomp.filter is only ever read or modified by
the task that owns it (current). This property aids in fast access
during system call filtering as read access is lockless.
Updating the pointer from another task, however, opens up race
conditions. To allow cross-thread filter pointer updates, writes to
the seccomp fields are now protected by the sighand spinlock (which
is unique to the thread group). Read access remains lockless because
pointer updates themselves are atomic. However, writes (or cloning)
often entail additional checking (like maximum instruction counts)
which require locking to perform safely.
In the case of cloning threads, the child is invisible to the system
until it enters the task list. To make sure a child can't be cloned from
a thread and left in a prior state, seccomp duplication is additionally
moved under the tasklist_lock. Then parent and child are certain have
the same seccomp state when they exit the lock.
Based on patches by Will Drewry and David Drysdale.
Signed-off-by: Kees Cook <[email protected]>
+----------------------------------------------------------+------------+------------+
| | 6698e20593 | 8c95953444 |
+----------------------------------------------------------+------------+------------+
| boot_successes | 60 | 0 |
| boot_failures | 0 | 20 |
| kernel_BUG_at_kernel/fork.c | 0 | 20 |
| invalid_opcode | 0 | 20 |
| RIP:copy_process | 0 | 20 |
| Kernel_panic-not_syncing:Attempted_to_kill_the_idle_task | 0 | 20 |
| backtrace:do_fork | 0 | 20 |
+----------------------------------------------------------+------------+------------+
[ 0.029286] CPU: Intel Common KVM processor (fam: 0f, model: 06, stepping: 01)
[ 0.051661] ftrace: allocating 55973 entries in 219 pages
[ 0.070092] ------------[ cut here ]------------
[ 0.070931] kernel BUG at kernel/fork.c:1100!
[ 0.072323] invalid opcode: 0000 [#1] [ 0.073449] CPU: 0 PID: 0 Comm: swapper Not tainted 3.15.0-07916-g8c95953 #105
[ 0.075327] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 0.076654] task: ffffffff8321a5c0 ti: ffffffff83200000 task.ti: ffffffff83200000
[ 0.078514] RIP: 0010:[<ffffffff8109c6f1>] [<ffffffff8109c6f1>] copy_process.isra.56+0x1421/0x14c0
[ 0.080000] RSP: 0000:ffffffff83203e68 EFLAGS: 00010002
[ 0.080000] RAX: 0000000000000002 RBX: 0000000000000000 RCX: 0000000000000000
[ 0.080000] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88001244f760
[ 0.080000] RBP: ffffffff83203ec0 R08: ffff8800124537c0 R09: 0000000000000040
[ 0.080000] R10: ffff880012453800 R11: 7908000000000000 R12: ffffffff8281bae0
[ 0.080000] R13: 0000000000000000 R14: 0000000000800300 R15: ffff88001244f760
[ 0.080000] FS: 0000000000000000(0000) GS:ffffffff83230000(0000) knlGS:0000000000000000
[ 0.080000] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[ 0.080000] CR2: 00000000ffffffff CR3: 0000000003213000 CR4: 00000000000006f0
[ 0.080000] Stack:
[ 0.080000] 0000000000000000 0000000000000000 0000000000000000 ffff8800124537c0
[ 0.080000] 0000000000000000 fffffff400000002 ffffffffffffffff ffffffff83af0900
[ 0.080000] 0000000000800300 ffffffff83af72c0 0000000000000000 ffffffff83203f28
[ 0.080000] Call Trace:
[ 0.080000] [<ffffffff8109c905>] do_fork+0x75/0x510
[ 0.080000] [<ffffffff828220c1>] ? ftrace_process_locs.constprop.29+0x42b/0x561
[ 0.080000] [<ffffffff8109cdce>] kernel_thread+0x2e/0x40
[ 0.080000] [<ffffffff8281ba33>] rest_init+0x23/0xd0
[ 0.080000] [<ffffffff839f370d>] start_kernel+0x79d/0x7bb
[ 0.080000] [<ffffffff839f2b89>] ? repair_env_string+0x7f/0x7f
[ 0.080000] [<ffffffff839f2120>] ? early_idt_handlers+0x120/0x120
[ 0.080000] [<ffffffff839f26c0>] x86_64_start_reservations+0x46/0x4f
[ 0.080000] [<ffffffff839f2875>] x86_64_start_kernel+0x1ac/0x1c2
[ 0.080000] Code: 83 05 33 fa bc 02 01 e8 6e c1 0b 00 48 83 05 2e fa bc 02 01 ff 04 25 a0 fa 22 83 48 83 05 27 fa bc 02 01 48 83 05 ef f7 bc 02 01 <0f> 0b 48 83 05 ed f7 bc 02 01 48 83 05 5d f9 bc 02 01 b8 f4 ff [ 0.080000] RIP [<ffffffff8109c6f1>] copy_process.isra.56+0x1421/0x14c0
[ 0.080000] RSP <ffffffff83203e68>
[ 0.080000] ---[ end trace 556cc7dbbd668af6 ]---
[ 0.080000] Kernel panic - not syncing: Attempted to kill the idle task!
git bisect start 05a52ec683855fcbf5dbbc50d0c4d23db4ce21a7 1860e379875dfe7271c649058aeddffe5afd9d0d --
git bisect bad 0541eb1ef76707c491d3285ef2551f0b9764f4bc # 01:36 0- 10 Merge 'kees/seccomp-tsync-sighand' into devel-lkp-hsx01-x86_64-201406110035
git bisect good 420e289c1eb93124b1b12aed6321179dcb0c129a # 01:59 20+ 0 0day base guard for 'devel-lkp-hsx01-x86_64-201406110035'
git bisect good 0cdca5640a2395fe9e42f5cb27d7d73f64f751d4 # 02:16 20+ 0 Merge 'kees/lsm-mod-pin' into devel-lkp-hsx01-x86_64-201406110035
git bisect bad 1f1757f2320d5f5aa3614d7739a22dd3a8a6ed0c # 02:36 0- 20 seccomp: move no_new_privs into seccomp
git bisect good 6698e20593e5bfa53888bbf12f4431f4150dc3c1 # 02:49 20+ 0 seccomp: split filter prep from check and apply
git bisect bad 8c959534443ab563ddbccdcfe6a0f2a4f6fcb863 # 03:11 0- 20 seccomp: introduce writer locking
# first bad commit: [8c959534443ab563ddbccdcfe6a0f2a4f6fcb863] seccomp: introduce writer locking
git bisect good 6698e20593e5bfa53888bbf12f4431f4150dc3c1 # 03:14 60+ 0 seccomp: split filter prep from check and apply
git bisect bad 05a52ec683855fcbf5dbbc50d0c4d23db4ce21a7 # 03:14 0- 13 0day head guard for 'devel-lkp-hsx01-x86_64-201406110035'
git bisect good 5b174fd6472b1d6b6402b30210a212f3fd770d96 # 03:32 60+ 0 Merge branch 'for-3.16' of git://linux-nfs.org/~bfields/linux
git bisect good 27a4e439fe5cd92b70137ae237c7aa6888c07b5a # 03:43 60+ 0 Add linux-next specific files for 20140610
This script may reproduce the error.
-----------------------------------------------------------------------------
#!/bin/bash
kernel=$1
kvm=(
qemu-system-x86_64 -cpu kvm64 -enable-kvm
-kernel $kernel
-smp 2
-m 256M
-net nic,vlan=0,macaddr=00:00:00:00:00:00,model=virtio
-net user,vlan=0
-net nic,vlan=1,model=e1000
-net user,vlan=1
-boot order=nc
-no-reboot
-watchdog i6300esb
-serial stdio
-display none
-monitor null
)
append=(
debug
sched_debug
apic=debug
ignore_loglevel
sysrq_always_enabled
panic=10
prompt_ramdisk=0
earlyprintk=ttyS0,115200
console=ttyS0,115200
console=tty0
vga=normal
root=/dev/ram0
rw
)
"${kvm[@]}" --append "${append[*]}"
-----------------------------------------------------------------------------
Thanks,
Jet