lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <46F82C88.1080907@linux.vnet.ibm.com>
Date:	Tue, 25 Sep 2007 03:00:48 +0530
From:	Kamalesh Babulal <kamalesh@...ux.vnet.ibm.com>
To:	Lee Schermerhorn <Lee.Schermerhorn@...com>
CC:	linux-kernel <linux-kernel@...r.kernel.org>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Ingo Molnar <mingo@...hat.com>,
	Peter Zijlstra <a.p.zijlstra@...llo.nl>
Subject: Re: 2.6.23-rc7-mm1:  panic in scheduler

Lee Schermerhorn wrote:
> I looked around on the MLs for mention of this, but didn't find anything
> that appeared to match.
> 
> Platform:  HP rx8620 - 16-cpu/32GB/4-node ia64 [Madison]
> 
> 2.6.23-rc7-mm1 broken out -- panic occurs when git-sched.patch pushed:
> 
> Unable to handle kernel NULL pointer dereference (address 0000000000000000)
> swapper[0]: Oops 8813272891392 [1]
> Modules linked in: scsi_wait_scan ehci_hcd ohci_hcd uhci_hcd usbcore
> 
> Pid: 0, CPU 14, comm:              swapper
> psr : 0000101008522030 ifs : 8000000000000002 ip  : [<a0000001003014e0>]    Not tainted
> ip is at rb_next+0x0/0x140
> unat: 0000000000000000 pfs : 0000000000000308 rsc : 0000000000000003
> rnat: 8000000000000012 bsps: 000000000001003e pr  : 6609a840599519a5
> ldrs: 0000000000000000 ccv : 0000000000000002 fpsr: 0009804c8a70433f
> csd : 0000000000000000 ssd : 0000000000000000
> b0  : a000000100078dc0 b6  : a000000100074a40 b7  : a000000100078e00
> f6  : 1003e0000000000000000 f7  : 1003e0000000000400000
> f8  : 1003e000000002aaaaaab f9  : 1003e0000000d43798a2b
> f10 : 1003e35e9970b967dd8b9 f11 : 1003e0000000000000002
> r1  : a000000100bc0920 r2  : e0000760000577f0 r3  : e000076000057f10
> r8  : fffffffffffffff0 r9  : 0000000000000002 r10 : e000076000057780
> r11 : 0000000000000000 r12 : e00007004160fe10 r13 : e000070041608000
> r14 : 0000000000000000 r15 : 000000000000000e r16 : 00000007f6c30a22
> r17 : e000070041608040 r18 : a0000001008383a8 r19 : a000000100078e00
> r20 : e000076000055bb8 r21 : e000076000055bb0 r22 : e000076000057ed0
> r23 : 00000000000f4240 r24 : a0000001009e0440 r25 : e000070041608bb4
> r26 : 0000000000000000 r27 : 0000000000000000 r28 : e000076000057f80
> r29 : 00000000000002e7 r30 : 0000000000000000 r31 : e000076000057780
> 
> Call Trace:
>  [<a000000100014f60>] show_stack+0x80/0xa0
>                                 sp=e00007004160f9e0 bsp=e000070041609008
>  [<a000000100015bf0>] show_regs+0x870/0x8a0
>                                 sp=e00007004160fbb0 bsp=e000070041608fa8
>  [<a00000010003d170>] die+0x190/0x300
>                                 sp=e00007004160fbb0 bsp=e000070041608f60
>  [<a000000100071bc0>] ia64_do_page_fault+0x780/0xa80
>                                 sp=e00007004160fbb0 bsp=e000070041608f08
>  [<a00000010000b5c0>] ia64_leave_kernel+0x0/0x270
>                                 sp=e00007004160fc40 bsp=e000070041608f08
>  [<a0000001003014e0>] rb_next+0x0/0x140
>                                 sp=e00007004160fe10 bsp=e000070041608ef8
>  [<a000000100078dc0>] __dequeue_entity+0x80/0xc0
>                                 sp=e00007004160fe10 bsp=e000070041608ec8
>  [<a000000100078e60>] pick_next_task_fair+0x60/0x180
>                                 sp=e00007004160fe10 bsp=e000070041608e98
>  [<a0000001006a5880>] schedule+0x340/0x19c0
>                                 sp=e00007004160fe10 bsp=e000070041608cc0
>  [<a000000100014cb0>] cpu_idle+0x290/0x3e0
>                                 sp=e00007004160fe30 bsp=e000070041608c50
>  [<a000000100066020>] start_secondary+0x380/0x5a0
>                                 sp=e00007004160fe30 bsp=e000070041608c00
>  [<a0000001006abca0>] __kprobes_text_end+0x6c0/0x6f0
>                                 sp=e00007004160fe30 bsp=e000070041608c00
> 
> 
> Taking a quick look at [__]{en|de|queue_entity() and the functions they call,
> I see something suspicious in set_leftmost() in sched_fair.c:
> 
> static inline void
> set_leftmost(struct cfs_rq *cfs_rq, struct rb_node *leftmost)
> {
>         struct sched_entity *se;
> 
>         cfs_rq->rb_leftmost = leftmost;
>         if (leftmost)
>                 se = rb_entry(leftmost, struct sched_entity, run_node);
> }
> 
> Missing code?  corrupt patch?
> 
> config available on request, but there doesn't seem to be much in the way
> of scheduler config option.  A few that might apply:
> 
> SCHED_SMT is not set
> SCHED_DEBUG=y
> SCHEDSTATS=y
> 
> 
> Regards,
> Lee Schermerhorn
> 

Exactly same call trace is produced over IA64 Madison (up to 9M cache) with 8 cpu's.
-- 
Thanks & Regards,
Kamalesh Babulal,
Linux Technology Center,
IBM, ISTL.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ