lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:	Tue, 25 Mar 2014 05:38:52 -0700 (PDT)
From:	zhongnanjun <nanjunzhong@...il.com>
To:	linux-kernel@...r.kernel.org
Subject: alarmtimer.c logic error bring on __run_hrtimer BUG_ON panic

Hi All,       I get a kernel panic on linux 3.4.5,analyzed it, and found that
the ultimate problem lies cause function alarmtimer_fired,this is a kernel
alarmtimer module problem,who can check it and help me?only moidfy the
alarmtimer.c![19816.104319] c0 sys timer = 0x0001f89a, ap sys count =
0x012f9c91[19816.115870] c0 ------------[ cut here
]------------[19816.115886] c0 kernel BUG at
/kernel/kernel/hrtimer.c:1228![19816.115900] c0 Internal error: Oops - BUG:
0 [#1] PREEMPT SMP ARM[19816.115910] c0 Modules linked in: 8723bs
rtk8723b_fm_ctrl mali(O) ump(O)[19816.115929] c0 CPU: 0    Tainted: G       
W  O  (3.4.5 #1)[19816.115946] c0 PC is at
__run_hrtimer+0x230/0x298[19816.115957] c0 LR is at
__raw_spin_lock+0x2c/0x94[19816.115968] c0 pc : []    lr : []    psr:
20000193[19816.115974] c0 sp : caa3dbe8  ip : caa3dbc0  fp :
caa3dc1c[19816.115983] c0 r10: c0080e44  r9 : c0f14a00  r8 :
00000001[19816.115992] c0 r7 : 00000002  r6 : c0f14a00  r5 : c0f14aa8  r4 :
c093c4b0[19816.116002] c0 r3 : 00000003  r2 : 00000103  r1 : 00000000  r0 :
00000001[19816.116013] c0 Flags: nzCv  IRQs off  FIQs on  Mode SVC_32  ISA
ARM  Segment user[19816.116023] c0 Control: 10c53c7d  Table: 9aa0006a  DAC:
00000015[19816.116032] c0 [19816.116035] c0 PC: 0xc0064d34:[19816.116040] c0
4d34  e5927010 e3570000 0a00000b e287a008 e1a06007 e5963000 e1a01004
e5960004[19816.116062] c0 4d54  e2866008 e12fff33 e0673006 e083300a e5133008
e3530000 1afffff5 e1a0200d[19816.116082] c0 4d74  e3c23d7f e3c3303f e5932004
e2422001 e5832004 e5933000 e3130002 0a000000[19816.116103] c0 4d94  eb14b626
e1a00009 eb14bad2 e3580000 0a000006 e5943028 e3530002 0a000000[19816.116124]
c0 4db4  e7f001f2 e1a00004 e1a01005 ebfffe8d e5943028 e3130002 1a000008
e59f5040[19816.116145] c0 4dd4  e5d53000 e3530001 0a000004 e59f0020 e3a01e4d
ebff6f1a e3a03001 e5c53000[19816.116166] c0 4df4  e5943028 e3c33002 e5843028
e24bd028 e89daff0 c06d878d c09061ec c0906214[19816.116187] c0 4e14  c0906200
c0905eee e1a0c00d e92dd810 e24cb004 e24dd024 e92d4000 e8bd4000[19816.116209]
c0 [19816.116212] c0 LR: 0xc0593804:[19816.116217] c0 3804  e3a02102
e1943f9f e3330000 01843f92 e3530000 1a000002 f57ff05f e3a00001[19816.116238]
c0 3824  e89da818 e3a00001 ebeb68e8 e1a0200d e3c23d7f e3c3303f e5930000
e7e000d0[19816.116259] c0 3844  e3500000 089da818 ebfffb78 e3a00000 e89da818
e1a0c00d e92dd830 e24cb004[19816.116279] c0 3864  e92d4000 e8bd4000 e1a0300d
e3c35d7f e1a04000 e3c5503f e3a00001 ebeb68e9[19816.116300] c0 3884  e3a00001
e1943f9f e3330000 01843f90 e3530000 1a000002 f57ff05f e5843004[19816.116321]
c0 38a4  e89da830 ebeb68c9 e5953000 e3130002 0a000000 ebfffb5d e5943004
e3530000[19816.116342] c0 38c4  03a03001 05843004 eaffffff e5943000 e3530000
0affffe7 e5943004 e3530000[19816.116363] c0 38e4  1afffff9 eaffffe3 e1a0c00d
e92dd800 e24cb004 e92d4000 e8bd4000 ebffffd4[19816.116385] c0 [19816.116388]
c0 SP: 0xcaa3db68:[19816.116393] c0 db68  c093c4b0 20000193 c093c4b0
c0064db8 20000193 ffffffff c0064db8 20000193[19816.116414] c0 db88  c000f714
00000000 caa3dc1c caa3dba0 c000f46c c000900c 00000001 00000000[19816.116434]
c0 dba8  00000103 00000003 c093c4b0 c0f14aa8 c0f14a00 00000002 00000001
c0f14a00[19816.116454] c0 dbc8  c0080e44 caa3dc1c caa3dbc0 caa3dbe8 c0593884
c0064db4 20000193 ffffffff[19816.116475] c0 dbe8  caa3dc0c caa3dc40 c0593884
00000000 00000000 c0f14a00 00000002 c0f14aa8[19816.116495] c0 dc08  00000102
00000003 caa3dc74 caa3dc20 c00659f0 c0064b90 cb687179 00001205[19816.116516]
c0 dc28  cb687179 00001205 cb99f100 00001205 cb687179 00001205 110cbcef
00001218[19816.116536] c0 dc48  dbbc9340 60000113 00000001 c08a43a0 caa3dd50
00000008 00000102 cccc8b00[19816.116558] c0 [19816.116561] c0 IP:
0xcaa3db40:[19816.116566] c0 db40  caa3db8c caa3db50 c007c8dc c00460cc
0000004e c0593588 0012af54 c000f454[19816.116587] c0 db60  00000002 caa3dbb8
c093c4b0 20000193 c093c4b0 c0064db8 20000193 ffffffff[19816.116607] c0 db80 
c0064db8 20000193 c000f714 00000000 caa3dc1c caa3dba0 c000f46c
c000900c[19816.116628] c0 dba0  00000001 00000000 00000103 00000003 c093c4b0
c0f14aa8 c0f14a00 00000002[19816.116647] c0 dbc0  00000001 c0f14a00 c0080e44
caa3dc1c caa3dbc0 caa3dbe8 c0593884 c0064db4[19816.116668] c0 dbe0  20000193
ffffffff caa3dc0c caa3dc40 c0593884 00000000 00000000 c0f14a00[19816.116688]
c0 dc00  00000002 c0f14aa8 00000102 00000003 caa3dc74 caa3dc20 c00659f0
c0064b90[19816.116708] c0 dc20  cb687179 00001205 cb687179 00001205 cb99f100
00001205 cb687179 00001205[19816.116730] c0 [19816.116733] c0 FP:
0xcaa3db9c:[19816.116738] c0 db9c  c000900c 00000001 00000000 00000103
00000003 c093c4b0 c0f14aa8 c0f14a00[19816.116758] c0 dbbc  00000002 00000001
c0f14a00 c0080e44 caa3dc1c caa3dbc0 caa3dbe8 c0593884[19816.116778] c0 dbdc 
c0064db4 20000193 ffffffff caa3dc0c caa3dc40 c0593884 00000000
00000000[19816.116799] c0 dbfc  c0f14a00 00000002 c0f14aa8 00000102 00000003
caa3dc74 caa3dc20 c00659f0[19816.116819] c0 dc1c  c0064b90 cb687179 00001205
cb687179 00001205 cb99f100 00001205 cb687179[19816.116840] c0 dc3c  00001205
110cbcef 00001218 dbbc9340 60000113 00000001 c08a43a0 caa3dd50[19816.116860]
c0 dc5c  00000008 00000102 cccc8b00 caa3dc84 caa3dc78 c0065b64 c00658dc
caa3dc9c[19816.116880] c0 dc7c  caa3dc88 c0065bbc c0065b24 c0065be4 caa3c000
caa3dcac caa3dca0 c0065bfc[19816.116902] c0 [19816.116905] c0 R4:
0xc093c430:[19816.116910] c0 c430  00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000[19816.116929] c0 c450  c08d6280 00000001
00000000 00000000 c0a88ae8 c0a88ae8 c0a88b20 00000000[19816.116949] c0 c470 
00000000 00000000 50202b00 1358d0d7 50202b00 1358d0d7 c0080e44
c0f14a70[19816.116969] c0 c490  00000001 00000000 c007cc64 00000000 00000000
00000000 c0a88b58 c0a88b58[19816.116988] c0 c4b0  c0a88b90 00000000 00000000
00000000 c3cd9780 000012a3 c3cd9780 000012a3[19816.117008] c0 c4d0  c0080e44
c0f14aa8 00000003 00000000 c007c8f0 00000007 00000000 00000000[19816.117027]
c0 c4f0  00000000 00000000 c093c4f8 00000000 00000000 00000000 00000000
00000000[19816.117046] c0 c510  00000000 00000000 c0080e44 c0f2ca70 00000000
00000000 c007cc64 00000000[19816.117066] c0 [19816.117069] c0 R5:
0xc0f14a28:[19816.117074] c0 4a28  00000000 00000000 00000000 00000000
c0f14a00 00000000 00000001 db2c1f30[19816.117093] c0 4a48  c0f14b88 00000000
00000001 00000000 c007ca3c 00000000 127c3ce0 00000000[19816.117113] c0 4a68 
00000000 00000000 c0f14a00 00000001 00000000 c0a88b20 c093c468
00000000[19816.117132] c0 4a88  00000001 00000000 c007cc64 00000000 d23bc320
00000000 7d9b84f8 1358beb7[19816.117152] c0 4aa8  c0f14a00 00000002 00000007
c0a88b90 c0a88b90 00000000 00000001 00000000[19816.117172] c0 4ac8  c007c8f0
00000000 127c3ce0 00000000 45a44b76 00000012 c2400300 00000000[19816.117191]
c0 4ae8  00040c36 00000000 00002714 00000000 000294e3 00000000 00002dfe
00000000[19816.117211] c0 4b08  00000078 00000000 00165901 00000000 0000e34a
00000000 00000000 00000000[19816.117230] c0 [19816.117233] c0 R6:
0xc0f14980:[19816.117239] c0 4980  ffffffff 00000000 00200200 001dad78
c093a6c0 c0059884 c0f14840 ffffffff[19816.117259] c0 49a0  dc026130 00000000
00000001 00000000 00000000 00000000 00000000 00000000[19816.117278] c0 49c0 
00000004 00000000 00000000 c0f149cc c0f149cc 00000000 00000000
00000000[19816.117297] c0 49e0  00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000[19816.117315] c0 4a00  00000001 00000000 00000007
00000000 ffffffff 7fffffff 00000001 00000000[19816.117335] c0 4a20  00248a63
0000093a 00000000 00000000 00000000 00000000 c0f14a00 00000000[19816.117354]
c0 4a40  00000001 db2c1f30 c0f14b88 00000000 00000001 00000000 c007ca3c
00000000[19816.117373] c0 4a60  127c3ce0 00000000 00000000 00000000 c0f14a00
00000001 00000000 c0a88b20[19816.117394] c0 [19816.117397] c0 R9:
0xc0f14980:[19816.117402] c0 4980  ffffffff 00000000 00200200 001dad78
c093a6c0 c0059884 c0f14840 ffffffff[19816.117422] c0 49a0  dc026130 00000000
00000001 00000000 00000000 00000000 00000000 00000000[19816.117441] c0 49c0 
00000004 00000000 00000000 c0f149cc c0f149cc 00000000 00000000
00000000[19816.117460] c0 49e0  00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000[19816.117478] c0 4a00  00000001 00000000 00000007
00000000 ffffffff 7fffffff 00000001 00000000[19816.117497] c0 4a20  00248a63
0000093a 00000000 00000000 00000000 00000000 c0f14a00 00000000[19816.117516]
c0 4a40  00000001 db2c1f30 c0f14b88 00000000 00000001 00000000 c007ca3c
00000000[19816.117536] c0 4a60  127c3ce0 00000000 00000000 00000000 c0f14a00
00000001 00000000 c0a88b20[19816.117556] c0 [19816.117559] c0 R10:
0xc0080dc4:[19816.117564] c0 0dc4  e5933018 e3530000 03e00000 089da878
e5942000 e5d2305c e2133001 0a000002[19816.117585] c0 0de4  e5923084 e2933000
13a03001 e3530000 0a00000e e59f503c e28500ec eb144af1[19816.117606] c0 0e04 
e59530e8 e3530000 e1a06000 1a000002 e1a00004 e58540e8 eb07d2ac
e59f0018[19816.117627] c0 0e24  e1a01006 eb1449c7 e3a00000 e89da878 e3e00000
e89da878 c093c458 c093c544[19816.117648] c0 0e44  e1a0c00d e92dddf0 e24cb004
e24dd010 e92d4000 e8bd4000 e2406010 e1a05000[19816.117669] c0 0e64  e3a08000
e1a00006 e286a008 eb144ad5 e5953030 e1a07000 e24b002c e12fff33[19816.117690]
c0 0e84  e14b02dc e14b03f4 ea000023 e1c421d0 e14b03d4 e1500002 e0d11003
ba000022[19816.117711] c0 0ea4  e1a0000a e1a01004 eb06a8de e5943020 e1a01007
e1a00006 e3c33001 e3833002[19816.117735] c0 Process Binder_4 (pid: 840,
stack limit = 0xcaa3c2f0)[19816.117745] c0 Stack: (0xcaa3dbe8 to
0xcaa3e000)[19816.117757] c0 dbe0:                   caa3dc0c caa3dc40
c0593884 00000000 00000000 c0f14a00[19816.117772] c0 dc00: 00000002 c0f14aa8
00000102 00000003 caa3dc74 caa3dc20 c00659f0 c0064b90[19816.117787] c0 dc20:
cb687179 00001205 cb687179 00001205 cb99f100 00001205 cb687179
00001205[19816.117803] c0 dc40: 110cbcef 00001218 dbbc9340 60000113 00000001
c08a43a0 caa3dd50 00000008[19816.117818] c0 dc60: 00000102 cccc8b00 caa3dc84
caa3dc78 c0065b64 c00658dc caa3dc9c caa3dc88[19816.117834] c0 dc80: c0065bbc
c0065b24 c0065be4 caa3c000 caa3dcac caa3dca0 c0065bfc c0065b7c[19816.117849]
c0 dca0: caa3dcf4 caa3dcb0 c004771c c0065bf0 c0593904 c059335c 00000000
c08a89c0[19816.117864] c0 dcc0: 00000000 0000000a caa3dce4 caa3c000 00000000
f5012000 caa3dd50 00000000[19816.117879] c0 dce0: d4421c00 cccc8b00 caa3dd0c
caa3dcf8 c0047d68 c00475d8 00000000 0000005c[19816.117895] c0 dd00: caa3dd24
caa3dd10 c0010234 c0047d10 c0919ac4 c08a43c0 caa3dd4c caa3dd28[19816.117911]
c0 dd20: c00093a8 c00101b4 60000013 0000005c c0593594 60000013 ffffffff
caa3dd84[19816.117926] c0 dd40: caa3ddac caa3dd50 c000f3c4 c00092dc d8bc2f2c
60000013 00000000 c08c2cec[19816.117941] c0 dd60: 60000013 60000013 00000001
00000001 00000000 d4421c00 cccc8b00 caa3ddac[19816.117957] c0 dd80: caa3dd98
caa3dd98 c0593590 c0593594 60000013 ffffffff 00000000 d8bc2f2c[19816.117972]
c0 dda0: caa3dddc caa3ddb0 c006a0f0 c0593558 00000000 e4f0032c d4421c00
caa1e000[19816.117988] c0 ddc0: c0987fc0 db656e00 caa3c000 e4f0032c caa3dea4
caa3dde0 c03e4fd0 c006a0a8[19816.118002] c0 dde0: 00000000 20000093 00000000
c059359c 00000000 00000000 00000000 00000000[19816.118017] c0 de00: 00000004
e4f00358 40efd66c 00000017 40efd640 d8bc2f2c e4f00358 d8bc2f1c[19816.118032]
c0 de20: cccc8ec0 00000001 e4f00358 d8bc2f00 40efd66c 00000000 00000000
caa1e000[19816.118047] c0 de40: db656e00 c37ea080 d4421c00 cccc8b00 ffffffff
00000000 00000000 00000000[19816.118061] c0 de60: 00000000 00000000 00000004
00000000 5b80c3c0 00000000 caa3df04 db656e00[19816.118076] c0 de80: 6046bcb0
db1b3c00 caa1e000 c000fac4 c0186201 00000000 caa3df04 caa3dea8[19816.118092]
c0 dea0: c03e65c4 c03e2e1c caa3dec4 d6f77c00 c0f16950 d6f77c38 c0f16900
db1b3c00[19816.118107] c0 dec0: 0000002c 00000000 40efd640 00000100 00000000
40efd538 c000fac4 db716338[19816.118122] c0 dee0: 6046bcb0 db1b3c00 00000009
c000fac4 caa3c000 00000000 caa3df7c caa3df08[19816.118138] c0 df00: c011694c
c03e6244 c059359c c006dbe0 0000000b c08db740 caa3df4c caa3df28[19816.118153]
c0 df20: c009da90 c0593558 d6f77c00 00000000 00000000 db4d3780 c000fac4
00000000[19816.118168] c0 df40: caa3df64 c0107f64 00000001 db1b3c00 caa3df7c
caa3df60 db1b3c00 6046bcb0[19816.118184] c0 df60: c0186201 00000009 c000fac4
caa3c000 caa3dfa4 caa3df80 c0116a08 c0116464[19816.118199] c0 df80: 00000036
00000001 40efd4b8 40efd4e8 40efd488 00000036 00000000 caa3dfa8[19816.118214]
c0 dfa0: c000f840 c01169cc 40efd4b8 40efd4e8 00000009 c0186201 6046bcb0
6046bcac[19816.118229] c0 dfc0: 40efd4b8 40efd4e8 40efd488 00000036 00000001
00007206 00007211 4021da4c[19816.118244] c0 dfe0: 40400f18 6046bc90 401f5169
401d9c0c 00000010 00000009 00000000 00000000[19816.118270] c0 []
(__run_hrtimer+0x230/0x298) from []
(hrtimer_interrupt+0x120/0x248)[19816.118289] c0 []
(hrtimer_interrupt+0x120/0x248) from []
(__hrtimer_peek_ahead_timers.part.9+0x4c/0x58)[19816.118308] c0 []
(__hrtimer_peek_ahead_timers.part.9+0x4c/0x58) from []
(hrtimer_peek_ahead_timers+0x4c/0x74)[19816.118327] c0 []
(hrtimer_peek_ahead_timers+0x4c/0x74) from []
(run_hrtimer_softirq+0x18/0x1c)[19816.118346] c0 []
(run_hrtimer_softirq+0x18/0x1c) from []
(__do_softirq+0x150/0x29c)[19816.118364] c0 [] (__do_softirq+0x150/0x29c)
from [] (irq_exit+0x64/0xac)[19816.118383] c0 [] (irq_exit+0x64/0xac) from
[] (handle_IRQ+0x8c/0xc8)[19816.118401] c0 [] (handle_IRQ+0x8c/0xc8) from []
(gic_handle_irq+0xd8/0x188)[19816.118420] c0 [] (gic_handle_irq+0xd8/0x188)
from [] (__irq_svc+0x44/0x78)[19816.118431] c0 Exception stack(0xcaa3dd50 to
0xcaa3dd98)[19816.118442] c0 dd40:                                    
d8bc2f2c 60000013 00000000 c08c2cec[19816.118457] c0 dd60: 60000013 60000013
00000001 00000001 00000000 d4421c00 cccc8b00 caa3ddac[19816.118471] c0 dd80:
caa3dd98 caa3dd98 c0593590 c0593594 60000013 ffffffff[19816.118489] c0 []
(__irq_svc+0x44/0x78) from []
(_raw_spin_unlock_irqrestore+0x48/0x70)[19816.118510] c0 []
(_raw_spin_unlock_irqrestore+0x48/0x70) from []
(__wake_up+0x54/0x5c)[19816.118532] c0 [] (__wake_up+0x54/0x5c) from []
(binder_thread_write+0x21c0/0x2488)[19816.118552] c0 []
(binder_thread_write+0x21c0/0x2488) from []
(binder_ioctl+0x38c/0x998)[19816.118571] c0 [] (binder_ioctl+0x38c/0x998)
from [] (do_vfs_ioctl+0x4f4/0x568)[19816.118590] c0 []
(do_vfs_ioctl+0x4f4/0x568) from [] (sys_ioctl+0x48/0x6c)[19816.118608] c0 []
(sys_ioctl+0x48/0x6c) from [] (ret_fast_syscall+0x0/0x48)[19816.118623] c0
Code: 0a000006 e5943028 e3530002 0a000000 (e7f001f2) [19816.118634] c0
(sprd_debug_save_context) context saved(CPU:0)[19816.118752] c3
(sprd_debug_save_context) context saved(CPU:3)[19816.118766] c1
(sprd_debug_save_context) context saved(CPU:1)[19816.118830] c3 CPU3:
stopping[19816.118868] c3 [] (unwind_backtrace+0x0/0x128) from []
(dump_stack+0x20/0x24)[19816.118889] c3 [] (dump_stack+0x20/0x24) from []
(handle_IPI+0x134/0x23c)[19816.118907] c3 [] (handle_IPI+0x134/0x23c) from
[] (gic_handle_irq+0x170/0x188)[19816.118926] c3 []
(gic_handle_irq+0x170/0x188) from [] (__irq_svc+0x44/0x78)[19816.118938] c3
Exception stack(0xca9ebdf8 to 0xca9ebe40)[19816.118948] c3 bde0:                                                      
c08f63e4 d6f77c00[19816.118964] c3 be00: 00000001 ca9ea000 c08f63e4 d6f77c00
00000000 d6f77c00 ca9ea000 c0186201[19816.118979] c3 be20: 00000000 ca9ebe54
ca9ebe40 ca9ebe40 c006e630 c006e65c 60000013 ffffffff[19816.1190093] c0
sprdfgu: @@*****@...dfgu_vol2capacity voltage: 3790This is panic log and
alarmtimer.c file,the panic happen in function __run_hrtimer and i used
crash32 tool and save the momery file system.core,combined with disassembled
code,used the command:struct hrtimer c093c4b0 get: the root case is
functioin:alarmtimer_fired because the function is callback.struct hrtimer { 
node = {    node = {      rb_parent_color = 3232271248,      rb_right = 0x0,     
rb_left = 0x0    },    expires = {      tv64 = 20494574000000    }  }, 
_softexpires = {    tv64 = 20494574000000  },  function = 0xc0080e44 ,  base
= 0xc0f14aa8,  state = 3}because the interrupt break the first not
return,but another  preemptive execution,who can give me suggsition
please!thank you very much.



--
View this message in context: http://linux-kernel.2935.n7.nabble.com/alarmtimer-c-logic-error-bring-on-run-hrtimer-BUG-ON-panic-tp829528.html
Sent from the Linux Kernel mailing list archive at Nabble.com.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ