lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20140219122132.GB7735@localhost>
Date:	Wed, 19 Feb 2014 20:21:32 +0800
From:	Fengguang Wu <fengguang.wu@...el.com>
To:	Peter Zijlstra <peterz@...radead.org>
Cc:	Ingo Molnar <mingo@...nel.org>, linux-kernel@...r.kernel.org
Subject: [sched] BUG: unable to handle kernel NULL pointer dereference at
 00000040

Greetings,

I got the below dmesg and the first bad commit is

git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git sched/core

commit 38033c37faab850ed5d33bb675c4de6c66be84d8
Author:     Peter Zijlstra <peterz@...radead.org>
AuthorDate: Thu Jan 23 20:32:21 2014 +0100
Commit:     Ingo Molnar <mingo@...nel.org>
CommitDate: Tue Feb 11 09:58:10 2014 +0100

    sched: Push down pre_schedule() and idle_balance()
    
    This patch both merged idle_balance() and pre_schedule() and pushes
    both of them into pick_next_task().
    
    Conceptually pre_schedule() and idle_balance() are rather similar,
    both are used to pull more work onto the current CPU.
    
    We cannot however first move idle_balance() into pre_schedule_fair()
    since there is no guarantee the last runnable task is a fair task, and
    thus we would miss newidle balances.
    
    Similarly, the dl and rt pre_schedule calls must be ran before
    idle_balance() since their respective tasks have higher priority and
    it would not do to delay their execution searching for less important
    tasks first.
    
    However, by noticing that pick_next_tasks() already traverses the
    sched_class hierarchy in the right order, we can get the right
    behaviour and do away with both calls.
    
    We must however change the special case optimization to also require
    that prev is of sched_class_fair, otherwise we can miss doing a dl or
    rt pull where we needed one.
    
    Signed-off-by: Peter Zijlstra <peterz@...radead.org>
    Cc: Linus Torvalds <torvalds@...ux-foundation.org>
    Cc: Andrew Morton <akpm@...ux-foundation.org>
    Cc: Peter Zijlstra <peterz@...radead.org>
    Cc: Thomas Gleixner <tglx@...utronix.de>
    Link: http://lkml.kernel.org/n/tip-a8k6vvaebtn64nie345kx1je@git.kernel.org
    Signed-off-by: Ingo Molnar <mingo@...nel.org>

[    2.405319] .................................... done.
[    2.405948] Using IPI No-Shortcut mode
[   10.376683] Unregister pv shared memory for cpu 0
[   10.388424] BUG: unable to handle kernel NULL pointer dereference at 00000040
[   10.389307] IP: [<cc65d2c2>] pick_next_task+0xa/0x48
[   10.389880] *pdpt = 0000000000000000 *pde = f000ff53f000ff53 
[   10.390617] Oops: 0000 [#1] SMP DEBUG_PAGEALLOC
[   10.390948] CPU: 0 PID: 9 Comm: migration/0 Not tainted 3.14.0-rc2-next-20140214-03226-gda8d308 #1
[   10.390948] task: cc05d580 ti: cc09c000 task.ti: cc09c000
[   10.390948] EIP: 0060:[<cc65d2c2>] EFLAGS: 00010046 CPU: 0
[   10.390948] EIP is at pick_next_task+0xa/0x48
[   10.390948] EAX: cfcae100 EBX: cfcae100 ECX: 00000002 EDX: 00000000
[   10.390948] ESI: cfcae100 EDI: 00000000 EBP: cc09ddc0 ESP: cc09ddb4
[   10.390948]  DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068
[   10.390948] CR0: 8005003b CR2: 00000040 CR3: 0cd73000 CR4: 000006b0
[   10.390948] Stack:
[   10.390948]  cfcae100 cfcae100 ccc5b930 cc09dde4 cc661de5 00000200 cc05d580 00000082
[   10.390948]  00000000 ccc5c864 00000000 ccc5b930 cc09de00 cc659574 00000000 00000008
[   10.390948]  ffffffff cc055e6c 00000000 cc09de14 cc65982c fffffffb 00000000 00000000
[   10.390948] Call Trace:
[   10.390948]  [<cc661de5>] migration_call+0x10b/0x188
[   10.390948]  [<cc659574>] notifier_call_chain+0x32/0x4b
[   10.390948]  [<cc65982c>] __raw_notifier_call_chain+0x1e/0x23
[   10.390948]  [<cc63d7b1>] __cpu_notify+0x24/0x3e
[   10.390948]  [<cc63d7e3>] cpu_notify+0x18/0x1a
[   10.390948]  [<cc9f693d>] take_cpu_down+0x22/0x32
[   10.390948]  [<cc69b491>] multi_cpu_stop+0x80/0xce
[   10.390948]  [<cc69b411>] ? __stop_cpus+0x55/0x55
[   10.390948]  [<cc69b240>] cpu_stopper_thread+0x80/0x111
[   10.390948]  [<cc65cbd5>] ? finish_task_switch+0x33/0xba
[   10.390948]  [<cc9ff35e>] ? __schedule+0x377/0x55e
[   10.390948]  [<cc67368b>] ? __lock_acquire.isra.27+0x1be/0x4dd
[   10.390948]  [<cc673c81>] ? lock_acquire+0x93/0xe0
[   10.390948]  [<cc674039>] ? lock_release+0x16d/0x1b1
[   10.390948]  [<cca02421>] ? _raw_spin_unlock_irqrestore+0x44/0x4f
[   10.390948]  [<cc65b444>] smpboot_thread_fn+0x15d/0x173
[   10.390948]  [<cc65b2e7>] ? smpboot_unpark_thread+0x2e/0x2e
[   10.390948]  [<cc656225>] kthread+0x8d/0x92
[   10.390948]  [<cc650000>] ? __queue_work+0xb6/0x205
[   10.390948]  [<cca03677>] ret_from_kernel_thread+0x1b/0x28
[   10.390948]  [<cc656198>] ? __kthread_parkme+0x55/0x55
[   10.390948] Code: 00 ba 01 00 00 00 89 f0 eb 0e 89 f0 e8 b9 4f 3a 00 ba 01 00 00 00 89 d8 e8 04 57 3a 00 5b 5e 5d c3 55 89 e5 57 89 d7 56 89 c6 53 <81> 7a 40 74 03 a1 cc 74 07 bb a0 04 a1 cc eb 23 8b 40 6c 39 46
[   10.390948] EIP: [<cc65d2c2>] pick_next_task+0xa/0x48 SS:ESP 0068:cc09ddb4
[   10.390948] CR2: 0000000000000040
[   10.390948] ---[ end trace a546538b11268dcc ]---
[   10.390948] Kernel panic - not syncing: Fatal exception

git bisect start 5d1caa385f1675caf09e13afcd2b1db7a1c9b8e8 v3.13 --
git bisect good 595bf999e3a864f40e049c67c42ecee50fb7a78a  # 23:39     22+      5  Merge branch 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
git bisect good 55177c171200d841cdc23603f196e21a2d664c8f  # 23:47     22+      5  Merge remote-tracking branch 'arm-perf/for-next/perf'
git bisect good 12915522027525880c8fdd3fe08a7c8a74213f31  # 00:06     22+      7  Merge remote-tracking branch 'wireless-next/master'
git bisect good cb628c275dcd8bbdd61df2d96355a88e96a26c04  # 00:21     22+      3  Merge remote-tracking branch 'selinux/next'
git bisect  bad 3c1530d6101118e3a025114883f03578d4db4b66  # 00:24      0-      1  Merge remote-tracking branch 'regmap/for-next'
git bisect  bad 782f3c7e70bbcd03be9f5f9119a10dee790c5349  # 00:28      1-      1  Merge remote-tracking branch 'tip/auto-latest'
git bisect good b35e7aede6fb0226b4865450f62362e85bf6a306  # 00:54     30+     10  Merge remote-tracking branch 'trivial/for-next'
git bisect good 16af830af77fbfde49779f58328a2308593c9552  # 01:58     30+      5  Merge remote-tracking branch 'devicetree/devicetree/next'
git bisect good b74fcf317cca175426c2fee78ce8640ac91b6749  # 02:11     30+     10  Merge remote-tracking branch 'spi/for-next'
git bisect  bad 3f67d962c64d9b6de9dab81bdbe6d5c94c80d9b9  # 02:13      0-      1  cpuidle/pseries: Fix fallout caused due to cleanup in pseries cpuidle backend driver
git bisect good e5fc66119ec97054eefc83f173a7ee9e133c3c3a  # 03:10     30+      6  sched: Fix race in idle_balance()
git bisect  bad 27f17580fd2c7514c8f5cce22ab903c6f3ddf458  # 03:16      4-      3  sched: Delete is_same_group() outside CONFIG_FAIR_GROUP_SCHED
git bisect good f10447998a59b97747c16258a9c6e6a1512f27f3  # 03:59     60+     10  sched/fair: Clean up the __clear_buddies_*() functions
git bisect good 6c3b4d44ba2838f00614a5a2d777d4401e0bfd71  # 04:35     60+     10  sched: Clean up idle task SMP logic
git bisect  bad 38033c37faab850ed5d33bb675c4de6c66be84d8  # 04:36      0-      1  sched: Push down pre_schedule() and idle_balance()
# first bad commit: [38033c37faab850ed5d33bb675c4de6c66be84d8] sched: Push down pre_schedule() and idle_balance()
git bisect good 6c3b4d44ba2838f00614a5a2d777d4401e0bfd71  # 06:32    180+     43  sched: Clean up idle task SMP logic
git bisect  bad da8d308fbdb8360078786b3e125238122c4fc611  # 06:32      0-     15  Add linux-next specific files for 20140214
git bisect good da85a25b62dd9ca75ec64f6e0d6cdcbaa5752479  # 08:03    180+     38  Revert "sched: Push down pre_schedule() and idle_balance()"
git bisect good 6d0abeca3242a88cab8232e4acd7e2bf088f3bc2  # 12:31    180+     33  Linux 3.14-rc3
git bisect  bad da8d308fbdb8360078786b3e125238122c4fc611  # 12:31      0-     15  Add linux-next specific files for 20140214

Thanks,
Fengguang

View attachment "dmesg-yocto-lkp-sbx04-56:20140215221715:i386-randconfig-x1-02152208::" of type "text/plain" (50019 bytes)

Download attachment "i386-randconfig-x1-02152208-da8d308fbdb8360078786b3e125238122c4fc611-EIP-is-at-pick_next_task+-x-24028.log" of type "application/octet-stream" (49293 bytes)

View attachment "config-3.14.0-rc2-next-20140214-03226-gda8d308" of type "text/plain" (69220 bytes)

_______________________________________________
LKP mailing list
LKP@...ux.intel.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ