| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 4 Apr 2014 11:15:31 +0800
From: Fengguang Wu <fengguang.wu@...el.com>
To: Viresh Kumar <viresh.kumar@...aro.org>
Cc: linux-kernel@...r.kernel.org, Jet Chen <jet.chen@...el.com>
Subject: [hrtimer] BUG: unable to handle kernel NULL pointer dereference at
00000010
Greetings,
I got the below dmesg and the first bad commit is
commit 336ca196738842764df39fbd4d3f9129179b3e7d
Author: Viresh Kumar <viresh.kumar@...aro.org>
AuthorDate: Mon Mar 31 12:33:21 2014 +0530
Commit: Viresh Kumar <viresh.kumar@...aro.org>
CommitDate: Wed Apr 2 11:15:17 2014 +0530
hrtimer: Use for_each_active_base() to iterate over active clock bases
There are various places where we are currently running a loop of
HRTIMER_MAX_CLOCK_BASES iterations. We just run 'continue;' if there are no
timers added to a clock base. Instead we can use the new for_each_active_base()
routine to iterate over only the bases which are currently active.
This also updates hrtimer_interrupt() which was earlier modified to use
ffs(active_bases) directly.
Signed-off-by: Viresh Kumar <viresh.kumar@...aro.org>
+----------------------------------------------------------+------------+------------+------------+
| | f2c2345d95 | 336ca19673 | b0e33c34e2 |
+----------------------------------------------------------+------------+------------+------------+
| boot_successes | 171 | 1 | 5 |
| boot_failures | 37 | 28 | 18 |
| BUG:kernel_test_hang | 15 | | |
| BUG:kernel_early_hang_without_any_printk_output | 8 | 0 | 1 |
| BUG:kernel_boot_hang | 12 | | |
| BUG:kernel_boot_crashed | 2 | | |
| Oops:DEBUG_PAGEALLOC | 0 | 28 | 17 |
| EIP_is_at_hrtimer_force_reprogram | 0 | 28 | 17 |
| Kernel_panic-not_syncing:Attempted_to_kill_the_idle_task | 0 | 28 | 17 |
| backtrace:cpu_startup_entry | 0 | 28 | 17 |
| BUG:unable_to_handle_kernel_NULL_pointer_dereference | 0 | 27 | 16 |
+----------------------------------------------------------+------------+------------+------------+
done.
hwclock: can't open '/dev/misc/rtc': No such file or directory
Running postinst /etc/rpm-postinsts/100...
[ 2.258025] BUG: unable to handle kernel NULL pointer dereference at 00000010
[ 2.258641] IP: [<bd84b778>] hrtimer_force_reprogram+0x3d/0xb1
[ 2.259151] *pde = 00000000
[ 2.259412] Oops: 0000 [#1] DEBUG_PAGEALLOC
[ 2.259786] CPU: 0 PID: 0 Comm: swapper Not tainted 3.14.0-rc1-00080-g336ca19 #9
[ 2.260388] task: bdde5534 ti: bddda000 task.ti: bddda000
[ 2.260830] EIP: 0060:[<bd84b778>] EFLAGS: 00210002 CPU: 0
[ 2.261278] EIP is at hrtimer_force_reprogram+0x3d/0xb1
[ 2.261284] EAX: bddfaf54 EBX: 00000030 ECX: 00000000 EDX: 7fffffff
[ 2.261284] ESI: ffffffff EDI: bddfafd8 EBP: bdddbf48 ESP: bdddbf30
[ 2.261284] DS: 007b ES: 007b FS: 0000 GS: 00e0 SS: 0068
[ 2.261284] CR0: 8005003b CR2: 00000010 CR3: 10f4e000 CR4: 00000690
[ 2.261284] Stack:
[ 2.261284] 00000000 00000001 00000001 00000000 bdf3f17c bddfafa8 bdddbf64 bd84b845
[ 2.261284] 00000000 bdf3f17c bdf3f17c 00000001 00200046 bdddbf78 bd84c153 bdf3f17c
[ 2.261284] 00000000 00000000 bdddbf84 bd84c19e 86969207 bdddbfa0 bd8771f0 86969207
[ 2.261284] Call Trace:
[ 2.261284] [<bd84b845>] __remove_hrtimer+0x59/0x7b
[ 2.261284] [<bd84c153>] hrtimer_try_to_cancel+0x7b/0xb4
[ 2.261284] [<bd84c19e>] hrtimer_cancel+0x12/0x1d
[ 2.261284] [<bd8771f0>] tick_nohz_idle_exit+0x129/0x1f1
[ 2.261284] [<bd867b07>] cpu_startup_entry+0x1fa/0x290
[ 2.261284] [<bdbf1a96>] rest_init+0xa2/0xa7
[ 2.261284] [<bdfe79f6>] start_kernel+0x3be/0x3c5
[ 2.261284] [<bdfe72c3>] i386_start_kernel+0x79/0x7d
[ 2.261284] Code: 55 ec ba ff ff ff 7f 89 75 f0 83 ce ff 83 cb ff 0f bc 7d f0 0f 44 fb 8d 4f 01 6b d9 30 85 c9 89 7d e8 8d 7c 18 54 74 38 8b 4f e0 <8b> 59 10 8b 49 0c 2b 4f f8 1b 5f fc 85 db 79 04 31 c9 31 db 39
[ 2.261284] EIP: [<bd84b778>] hrtimer_force_reprogram+0x3d/0xb1 SS:ESP 0068:bdddbf30
[ 2.261284] CR2: 0000000000000010
[ 2.261284] ---[ end trace e155771ac78a2857 ]---
[ 2.261284] Kernel panic - not syncing: Attempted to kill the idle task!
git bisect start b0e33c34e23c7f8ede2f19d992628802308c3afc 455c6fdbd219161bd09b1165f11699d6d73de11c --
git bisect good c055491e20b2cde6b0b95af708ba1e95be080b81 # 23:20 23+ 1 Merge 'drm-intel/drm-intel-nightly' into devel-roam-i386-201404021703
git bisect good 2fa442064d8c64d1114e55a8ea07ab681d690580 # 23:33 23+ 0 Merge 'drm-exynos/exynos-drm-next' into devel-roam-i386-201404021703
git bisect bad 9dc0b63c0484a57ff4d11619f8986caac86643a8 # 23:47 1- 4 Merge 'vireshk/timer-cleanup-for-tglx' into devel-roam-i386-201404021703
git bisect good b97f0291a2504291aef850077f98cab68a5a2f33 # 00:13 23+ 2 tick: Remove code duplication in tick_handle_periodic()
git bisect good fe04ef37d949ea92dbc37164eff116fe3c4a0930 # 00:39 23+ 0 hrtimer: make enqueue_hrtimer() return void
git bisect bad deab1b2857728ee9d98078d2547fd7ab030ff508 # 00:48 0- 6 hrtimer: call hrtimer_get_softirq_time() only if cpu_base->active_bases is set
git bisect good dcdce37edcaacc6f3b4cc3f1b9a9c2a459b0ed9b # 01:56 23+ 5 hrtimer: use base->hres_active directly instead of hrtimer_hres_active()
git bisect good ca9949bac1a7e54bf7f832e0ffffdaafac8ea5c5 # 02:07 23+ 2 hrtimer: replace sizeof(struct hrtimer) with sizeof(*timer)
git bisect bad 336ca196738842764df39fbd4d3f9129179b3e7d # 02:07 0- 28 hrtimer: Use for_each_active_base() to iterate over active clock bases
git bisect good f2c2345d95fd44633a1356bad259198673192e21 # 03:15 23+ 12 hrtimer: create for_each_active_base()
# first bad commit: [336ca196738842764df39fbd4d3f9129179b3e7d] hrtimer: Use for_each_active_base() to iterate over active clock bases
git bisect good f2c2345d95fd44633a1356bad259198673192e21 # 04:35 69+ 37 hrtimer: create for_each_active_base()
git bisect bad b0e33c34e23c7f8ede2f19d992628802308c3afc # 04:35 0- 18 0day head guard for 'devel-roam-i386-201404021703'
git bisect good 59ecc26004e77e100c700b1d0da7502b0fdadb46 # 04:46 69+ 6 Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
git bisect good 4b22efdd5595f0acb48f02bf664a451ee98f9a2e # 05:06 69+ 2 Add linux-next specific files for 20140403
This script may reproduce the error.
-----------------------------------------------------------------------------
#!/bin/bash
kernel=$1
initrd=yocto-minimal-i386.cgz
wget --no-clobber https://github.com/fengguang/reproduce-kernel-bug/blob/master/initrd/$initrd
kvm=(
qemu-system-x86_64 -cpu kvm64 -enable-kvm
-kernel $kernel
-initrd $initrd
-smp 2
-m 256M
-net nic,vlan=0,macaddr=00:00:00:00:00:00,model=virtio
-net user,vlan=0
-net nic,vlan=1,model=e1000
-net user,vlan=1
-boot order=nc
-no-reboot
-watchdog i6300esb
-serial stdio
-display none
-monitor null
)
append=(
debug
sched_debug
apic=debug
ignore_loglevel
sysrq_always_enabled
panic=10
prompt_ramdisk=0
earlyprintk=ttyS0,115200
console=ttyS0,115200
console=tty0
vga=normal
root=/dev/ram0
rw
)
"${kvm[@]}" --append "${append[*]}"
-----------------------------------------------------------------------------
Thanks,
Fengguang
View attachment "dmesg-yocto-lkp-ib04-9:20140404015729:i386-randconfig-r1-0402:3.14.0-rc1-00080-g336ca19:9" of type "text/plain" (29493 bytes)
Download attachment "i386-randconfig-r1-0402-b0e33c34e23c7f8ede2f19d992628802308c3afc-BUG:-unable-to-handle-kernel-NULL-pointer-dereference-at-119227.log" of type "application/octet-stream" (35278 bytes)
View attachment "config-3.14.0-rc1-00080-g336ca19" of type "text/plain" (63611 bytes)
Powered by blists - more mailing lists