ubuntu_32_on_64 test crash Trusty 3.13.0-140 amd64 system

Bug #1744199 reported by Po-Hsu Lin on 2018-01-19
This bug affects 3 people
Affects Status Importance Assigned to Milestone
linux (Ubuntu)

Bug Description


1. Deploy a Trusty amd64 node (node pepe in this case)
2. sudo apt-get install git python-minimal -y
3. git clone --depth=1 git://kernel.ubuntu.com/ubuntu/autotest-client-tests -b master-next
4. git clone --depth=1 git://kernel.ubuntu.com/ubuntu/autotest
5. rm -fr autotest/client/tests
6. ln -sf ~/autotest-client-tests autotest/client/tests
7. Monitor the syslog with tail -f /var/log/syslog
8. AUTOTEST_PATH=/home/ubuntu/autotest sudo -E autotest/client/autotest-local --verbose autotest/client/tests/ubuntu_32_on_64/control.ubuntu

* The system will hang without any output in syslog. I can't see any error message from ipmi output as well.

This test can pass with 3.13.0-139

ubuntu@pepe:~$ AUTOTEST_PATH=/home/ubuntu/autotest sudo -E autotest/client/autotest-local --verbose autotest/client/tests/ubuntu_32_on_64/control.ubuntu
03:53:08 INFO | Writing results to /home/ubuntu/autotest/client/results/default
03:53:08 DEBUG| Initializing the state engine
03:53:08 DEBUG| Persistent state client.steps now set to []
03:53:08 DEBUG| Persistent option harness now set to None
03:53:08 DEBUG| Persistent option harness_args now set to None
03:53:08 DEBUG| Selected harness: standalone
03:53:08 INFO | START ---- ---- timestamp=1516333988 localtime=Jan 19 03:53:08
03:53:08 DEBUG| Persistent state client._record_indent now set to 1
03:53:08 INFO | START ubuntu_32_on_64 ubuntu_32_on_64 timestamp=1516333988 localtime=Jan 19 03:53:08
03:53:08 DEBUG| Persistent state client._record_indent now set to 2
03:53:08 DEBUG| Persistent state client.unexpected_reboot now set to ('ubuntu_32_on_64', 'ubuntu_32_on_64')
03:53:08 WARNI| Could not find GDB installed. Crash handling will operate with limited functionality
03:53:08 DEBUG| Running 'apt-get install --yes --force-yes build-essential gcc-multilib'
03:53:08 DEBUG| [stdout] Reading package lists...
03:53:08 DEBUG| [stdout] Building dependency tree...
03:53:08 DEBUG| [stdout] Reading state information...
03:53:09 DEBUG| [stdout] build-essential is already the newest version.
03:53:09 DEBUG| [stdout] gcc-multilib is already the newest version.
03:53:09 DEBUG| [stdout] 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
03:53:09 DEBUG| Running 'which gcc'
03:53:09 DEBUG| [stdout] /usr/bin/gcc
03:53:09 DEBUG| Running '/home/ubuntu/autotest/client/tmp/ubuntu_32_on_64/src/forkexec date'

ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: linux-image-3.13.0-140-generic 3.13.0-140.189
ProcVersionSignature: User Name 3.13.0-140.189-generic 3.13.11-ckt39
Uname: Linux 3.13.0-140-generic x86_64
 total 0
 crw-rw---- 1 root audio 116, 1 Jan 19 03:43 seq
 crw-rw---- 1 root audio 116, 33 Jan 19 03:43 timer
AplayDevices: Error: [Errno 2] No such file or directory: 'aplay'
ApportVersion: 2.14.1-0ubuntu3.27
Architecture: amd64
ArecordDevices: Error: [Errno 2] No such file or directory: 'arecord'
AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1:
Date: Fri Jan 19 03:44:08 2018
IwConfig: Error: [Errno 2] No such file or directory: 'iwconfig'
 Bus 002 Device 002: ID 8087:0020 Intel Corp. Integrated Rate Matching Hub
 Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
 Bus 001 Device 003: ID 0424:2514 Standard Microsystems Corp. USB 2.0 Hub
 Bus 001 Device 002: ID 8087:0020 Intel Corp. Integrated Rate Matching Hub
 Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
MachineType: Dell Inc. PowerEdge R310

 PATH=(custom, no user)

ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.13.0-140-generic root=UUID=7b91a2b8-2e02-407e-a51d-766f6d969020 ro
 linux-restricted-modules-3.13.0-140-generic N/A
 linux-backports-modules-3.13.0-140-generic N/A
 linux-firmware 1.127.24
RfKill: Error: [Errno 2] No such file or directory: 'rfkill'
SourcePackage: linux
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 08/17/2011
dmi.bios.vendor: Dell Inc.
dmi.bios.version: 1.8.2
dmi.board.name: 05XKKK
dmi.board.vendor: Dell Inc.
dmi.board.version: A05
dmi.chassis.type: 23
dmi.chassis.vendor: Dell Inc.
dmi.modalias: dmi:bvnDellInc.:bvr1.8.2:bd08/17/2011:svnDellInc.:pnPowerEdgeR310:pvr:rvnDellInc.:rn05XKKK:rvrA05:cvnDellInc.:ct23:cvr:
dmi.product.name: PowerEdge R310
dmi.sys.vendor: Dell Inc.

CVE References

Po-Hsu Lin (cypressyew) wrote :

This change was made by a bot.

Changed in linux (Ubuntu):
status: New → Confirmed
Po-Hsu Lin (cypressyew) on 2018-01-19
description: updated

F.Y.I. Here is the kernel panic message.
You can google for "PANIC: double fault, error_code: 0x0".

[ 193.361839] PANIC: double fault, error_code: 0x0
[ 193.363960] Kernel panic - not syncing: Machine halted.
[ 193.366020] CPU: 1 PID: 1822 Comm: a.out Not tainted 3.13.0-140-generic #189-Ubuntu
[ 193.368882] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/02/2015
[ 193.371892] 0000000000000000 ffff88013a627e90 ffffffff8172e82c ffffffff81a44fd6
[ 193.374275] 0000000000000000 ffff88013a627f08 ffffffff8172764f ffff880100000008
[ 193.376712] ffff88013a627f18 ffff88013a627eb8 000000000000304a 0000000000000046
[ 193.379181] Call Trace:
[ 193.379957] <#DF> [<ffffffff8172e82c>] dump_stack+0x64/0x82
[ 193.381810] [<ffffffff8172764f>] panic+0xc8/0x1e1
[ 193.383271] [<ffffffff8104daf1>] df_debug+0x31/0x40
[ 193.384737] [<ffffffff81015a40>] do_double_fault+0x80/0x100
[ 193.386361] [<ffffffff81742bb8>] double_fault+0x28/0x30
[ 193.387891] [<ffffffff8174321f>] ? ia32_sysenter_target+0x4f/0x195
[ 193.389691] <<EOE>>
[ 193.390626] Kernel Offset: 0x0 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffff9fffffff)

Po-Hsu Lin (cypressyew) wrote :

Tested on another Trusty i386 node "onibi" (a node without smep in /proc/cpuinfo too)
with the kernel built by smb (linux-image-3.13.0-141-generic_3.13.0-141.190~ptifix1_amd64.deb), it works.

Stefan Bader (smb) on 2018-01-19
Changed in linux (Ubuntu Trusty):
importance: Undecided → Medium
status: New → Fix Committed
Changed in linux (Ubuntu):
status: Confirmed → Invalid
Launchpad Janitor (janitor) wrote :
Download full text (3.6 KiB)

This bug was fixed in the package linux - 3.13.0-141.190

linux (3.13.0-141.190) trusty; urgency=low

  * linux: 3.13.0-141.190 -proposed tracker (LP: #1744308)

  * ubuntu_32_on_64 test crash Trusty 3.13.0-140 amd64 system (LP: #1744199) //
    test_too_early_vsyscall from ubuntu_qrt_kernel_panic crashes Trusty
    3.13.0-140 amd64 system (LP: #1744226) // CVE-2017-5715 // CVE-2017-5753
    - SAUCE: x86/entry: Fixup 32bit compat call locations

  * CVE-2017-5715 // CVE-2017-5753
    - SAUCE: x86/cpuid: Fix ordering of scattered feature list
    - SAUCE: KVM: Fix spec_ctrl CPUID support for guests

  * CVE-2017-5754
    - kaiser: Set _PAGE_NX only if supported
    - kaiser: Set _PAGE_NX only if supported

linux (3.13.0-140.189) trusty; urgency=low

  * linux: 3.13.0-140.189 -proposed tracker (LP: #1743375)

  [ Stefan Bader ]
  * CVE-2017-5715 // CVE-2017-5753
    - x86, microcode: Share native MSR accessing variants
    - x86: Add another set of MSR accessor functions
    - x86/cpuid: Provide get_scattered_cpuid_leaf()
    - kvm: vmx: Scrub hardware GPRs at VM-exit
    - SAUCE: locking/barriers: introduce new memory barrier gmb()
    - SAUCE: uvcvideo: prevent speculative execution
    - SAUCE: carl9170: prevent speculative execution
    - SAUCE: p54: prevent speculative execution
    - SAUCE: qla2xxx: prevent speculative execution
    - SAUCE: cw1200: prevent speculative execution
    - SAUCE: userns: prevent speculative execution
    - SAUCE: fs: prevent speculative execution
    - SAUCE: udf: prevent speculative execution
    - SAUCE: x86/feature: Enable the x86 feature to control Speculation
    - SAUCE: x86/feature: Report presence of IBPB and IBRS control
    - SAUCE: x86/enter: MACROS to set/clear IBRS and set IBPB
    - SAUCE: x86/enter: Use IBRS on syscall and interrupts
    - SAUCE: x86/idle: Disable IBRS entering idle and enable it on wakeup
    - SAUCE: x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup
    - SAUCE: x86/mm: Set IBPB upon context switch
    - SAUCE: x86/mm: Only set IBPB when the new thread cannot ptrace current
    - SAUCE: x86/entry: Stuff RSB for entry to kernel for non-SMEP platform
    - SAUCE: x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
    - SAUCE: x86/kvm: Set IBPB when switching VM
    - SAUCE: x86/kvm: Toggle IBRS on VM entry and exit
    - SAUCE: x86/kvm: Pad RSB on VM transition
    - SAUCE: x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature
    - SAUCE: x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control
    - SAUCE: x86/entry: Use retpoline for syscall's indirect calls
    - SAUCE: x86/cpu/AMD: Add speculative control support for AMD
    - SAUCE: x86/microcode: Extend post microcode reload to support IBPB feature
    - SAUCE: KVM: SVM: Do not intercept new speculative control MSRs
    - SAUCE: x86/svm: Set IBRS value on VM entry and exit
    - SAUCE: x86/svm: Set IBPB when running a different VCPU
    - SAUCE: KVM: x86: Add speculative control CPUID support for guests
    - SAUCE: x86/svm: Add code to clobber the RSB on VM exit
    - SAUCE: x86/cpu/AMD: Make the LFENCE instruction serialized
    - SAUCE: x...


Changed in linux (Ubuntu Trusty):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers