| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20141004134622.GA5214@wfg-t540p.sh.intel.com>
Date: Sat, 4 Oct 2014 21:46:22 +0800
From: Fengguang Wu <fengguang.wu@...el.com>
To: Peter Zijlstra <peterz@...radead.org>
Cc: Jet Chen <jet.chen@...el.com>, Su Tao <tao.su@...el.com>,
Yuanhan Liu <yuanhan.liu@...el.com>, LKP <lkp@...org>,
linux-kernel@...r.kernel.org
Subject: [perf] BUG: unable to handle kernel NULL pointer dereference at
00000085
Hi Peter,
0day kernel testing robot got the below dmesg and the first bad commit is
git://git.kernel.org/pub/scm/linux/kernel/git/peterz/queue.git perf/core
commit a54b3e27e27c1bb6d2610eade895c04934c2667e
Author: Peter Zijlstra <peterz@...radead.org>
AuthorDate: Wed Sep 24 13:48:42 2014 +0200
Commit: Peter Zijlstra <peterz@...radead.org>
CommitDate: Thu Oct 2 23:11:50 2014 +0200
perf: improve perf_sample_data struct layout
This patch reorders fields in the perf_sample_data
struct in order to minimize the number of cachelines
touched in perf_sample_data_init(). It also removes
some intializations which are redundant with the
code in kernel/events/core.c
Cc: mingo@...e.hu
Cc: ak@...ux.intel.com
Cc: jolsa@...hat.com
Cc: acme@...hat.com
Cc: cebbert.lkml@...il.com
Cc: peterz@...radead.org
Signed-off-by: Peter Zijlstra (Intel) <peterz@...radead.org>
Link: http://lkml.kernel.org/r/1411559322-16548-7-git-send-email-eranian@google.com
Attached dmesg for the parent commit, too, to help confirm whether it is a noise error.
+-------------------------------------------------------+------------+------------+------------------+
| | da2ff6572c | a54b3e27e2 | v3.17-rc7_100306 |
+-------------------------------------------------------+------------+------------+------------------+
| boot_successes | 886 | 227 | 18 |
| boot_failures | 314 | 73 | 4 |
| BUG:kernel_boot_hang | 295 | 52 | |
| WARNING:at_fs/proc/generic.c:remove_proc_entry() | 16 | 8 | |
| backtrace:cleanup_net | 16 | 8 | |
| BUG:kernel_test_crashed | 4 | 9 | 1 |
| BUG:unable_to_handle_kernel | 0 | 4 | 2 |
| Oops | 0 | 4 | 2 |
| EIP_is_at_perf_prepare_sample | 0 | 4 | 2 |
| Kernel_panic-not_syncing:Fatal_exception_in_interrupt | 0 | 3 | 2 |
| backtrace:iterate_dir | 0 | 2 | |
| backtrace:SyS_getdents64 | 0 | 2 | |
| backtrace:do_sys_open | 0 | 1 | |
| backtrace:SyS_openat | 0 | 1 | |
| backtrace:vfs_fstatat | 0 | 1 | 1 |
| backtrace:SyS_fstatat64 | 0 | 1 | 1 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 1 | |
| BUG:kernel_boot_crashed | 0 | 0 | 1 |
| backtrace:__fdget_raw | 0 | 0 | 1 |
| backtrace:SyS_fcntl64 | 0 | 0 | 1 |
+-------------------------------------------------------+------------+------------+------------------+
[ 267.547006] debug: unmapping init [mem 0xc28f9000-0xc2b03fff]
[ 267.694378] random: init urandom read with 4 bits of entropy available
[ 279.465522] sock: process `trinity-main' is using obsolete setsockopt SO_BSDCOMPAT
[ 285.269144] BUG: unable to handle kernel NULL pointer dereference at 00000085
[ 285.273002] IP: [<c11259a1>] perf_prepare_sample+0x33e/0x496
[ 285.276062] *pde = 00000000
[ 285.279106] Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC
[ 285.279106] Modules linked in:
[ 285.279106] CPU: 1 PID: 1583 Comm: trinity-main Not tainted 3.17.0-rc4-00210-ga54b3e2 #1
[ 285.279106] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.7.5-20140531_083030-gandalf 04/01/2014
[ 285.279106] task: c9475e80 ti: c9670000 task.ti: c9670000
[ 285.279106] EIP: 0060:[<c11259a1>] EFLAGS: 00010046 CPU: 1
[ 285.279106] EIP is at perf_prepare_sample+0x33e/0x496
[ 285.279106] EAX: 00000000 EBX: 00000000 ECX: 00000049 EDX: 00000000
[ 285.279106] ESI: cfd71c40 EDI: cfd71b84 EBP: cfd71b58 ESP: cfd71b34
[ 285.279106] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
[ 285.279106] CR0: 80050033 CR2: 00000085 CR3: 095b4000 CR4: 000006d0
[ 285.279106] DR0: 41000043 DR1: 00000000 DR2: 00000000 DR3: 00000000
[ 285.279106] DR6: ffff0ff0 DR7: 00010602
[ 285.279106] Stack:
[ 285.279106] 00000000 00000060 00000000 0003a16b 00000000 c96860d0 00000000 c96860d0
[ 285.279106] 00000000 cfd71bb0 c1125d87 cfd71da8 00000002 00000000 00000000 c1125d59
[ 285.279106] 00000000 cfd71c40 00000000 4df5a9a0 00000009 00600001 c104e439 00000001
[ 285.279106] Call Trace:
[ 285.279106] [<c1125d87>] __perf_event_overflow+0x28e/0x33c
[ 285.279106] [<c1125d59>] ? __perf_event_overflow+0x260/0x33c
[ 285.279106] [<c104e439>] ? pvclock_clocksource_read+0xc2/0x195
[ 285.279106] [<c11266b3>] perf_swevent_overflow+0x6f/0xa0
[ 285.279106] [<c1126824>] perf_swevent_event+0x140/0x14a
[ 285.279106] [<c1126955>] perf_tp_event+0x127/0x2b2
[ 285.279106] [<c104e439>] ? pvclock_clocksource_read+0xc2/0x195
[ 285.279106] [<c1099a7d>] ? update_curr+0x18a/0x269
[ 285.279106] [<c104e439>] ? pvclock_clocksource_read+0xc2/0x195
[ 285.279106] [<c104e439>] ? pvclock_clocksource_read+0xc2/0x195
[ 285.279106] [<c104e439>] ? pvclock_clocksource_read+0xc2/0x195
[ 285.279106] [<c108aead>] perf_trace_sched_stat_runtime+0xea/0xf5
[ 285.279106] [<c104e439>] ? pvclock_clocksource_read+0xc2/0x195
[ 285.279106] [<c108aead>] ? perf_trace_sched_stat_runtime+0xea/0xf5
[ 285.279106] [<c1099a7d>] ? update_curr+0x18a/0x269
[ 285.279106] [<c1099a7d>] update_curr+0x18a/0x269
[ 285.279106] [<c109c29b>] enqueue_task_fair+0x98/0xf16
[ 285.279106] [<c109826d>] ? sched_clock_cpu+0x1b5/0x1dd
[ 285.279106] [<c108dd4a>] ? update_rq_clock+0x36/0x7d
[ 285.279106] [<c108de27>] enqueue_task+0x96/0x9d
[ 285.279106] [<c108e471>] activate_task+0x3b/0x3f
[ 285.279106] [<c108e488>] ttwu_activate+0x13/0x4a
[ 285.279106] [<c108e80b>] ttwu_do_activate+0x44/0x53
[ 285.279106] [<c10937d3>] try_to_wake_up+0x55d/0x5c5
[ 285.279106] [<c10d1a00>] ? add_timer_on+0xbc/0x130
[ 285.279106] [<c109389e>] wake_up_process+0x63/0x68
[ 285.279106] [<c10d1a74>] ? add_timer_on+0x130/0x130
[ 285.279106] [<c10d1a81>] process_timeout+0xd/0xf
[ 285.279106] [<c10d1b75>] call_timer_fn+0xf2/0x255
[ 285.279106] [<c10d1a74>] ? add_timer_on+0x130/0x130
[ 285.279106] [<c10d1f52>] run_timer_softirq+0x27a/0x29c
[ 285.279106] [<c10d1a74>] ? add_timer_on+0x130/0x130
[ 285.279106] [<c106743c>] ? __tasklet_hrtimer_trampoline+0x4c/0x4c
[ 285.279106] [<c10675cf>] __do_softirq+0x193/0x422
[ 285.279106] [<c106743c>] ? __tasklet_hrtimer_trampoline+0x4c/0x4c
[ 285.279106] [<c1006371>] do_softirq_own_stack+0x26/0x2c
[ 285.279106] <IRQ>
[ 285.279106] [<c1067bea>] irq_exit+0x6c/0x86
[ 285.279106] [<c1042466>] smp_trace_apic_timer_interrupt+0x15c/0x168
[ 285.279106] [<c1d82546>] trace_apic_timer_interrupt+0x32/0x38
[ 285.279106] [<c10a007b>] ? pick_next_task_fair+0x47f/0x61f
[ 285.279106] [<c1d80ac0>] ? _raw_spin_unlock_irqrestore+0x5e/0xb2
[ 285.279106] [<c1190adb>] __slab_free+0xc2/0x6f5
[ 285.279106] [<c1052d04>] ? lookup_address_in_pgd+0xb/0xa2
[ 285.279106] [<c10add33>] ? debug_check_no_locks_freed+0x108/0x120
[ 285.279106] [<c11914b8>] kmem_cache_free+0x3aa/0x447
[ 285.279106] [<c11914b8>] ? kmem_cache_free+0x3aa/0x447
[ 285.279106] [<c11b0f5b>] ? final_putname+0x3b/0x3e
[ 285.279106] [<c11b0f5b>] ? final_putname+0x3b/0x3e
[ 285.279106] [<c11b0f5b>] final_putname+0x3b/0x3e
[ 285.279106] [<c11a2457>] do_sys_open+0x375/0x380
[ 285.279106] [<c1d80000>] ? alarm_timer_nsleep_restart+0x5b/0x125
[ 285.279106] [<c11a249c>] SyS_openat+0x1b/0x1d
[ 285.279106] [<c1d81c76>] syscall_call+0x7/0x7
[ 285.279106] Code: 4e 74 66 8b 47 06 85 c9 66 89 45 e0 0f 94 c2 0f b6 da 8b 04 9d fc e0 60 c2 40 89 04 9d fc e0 60 c2 31 c0 84 d2 0f 85 83 00 00 00 <8b> 59 3c 8d 43 ff 3d fe ff ff bf 0f 97 c1 0f b6 d1 8b 04 95 d4
[ 285.279106] EIP: [<c11259a1>] perf_prepare_sample+0x33e/0x496 SS:ESP 0068:cfd71b34
[ 285.279106] CR2: 0000000000000085
[ 285.279106] ---[ end trace a1faeec14f7aba60 ]---
[ 285.279106] Kernel panic - not syncing: Fatal exception in interrupt
git bisect start cd90db63d24d44a6796a77eae18d9c733674297b fe82dcec644244676d55a1384c958d5f67979adb --
git bisect good 82e4c9f29ef4460339d830d127cc47a07dd405fb # 11:21 95+ 0 Merge 'security/next' into devel-hourly-2014100306
git bisect good eab01918d942fb45b0d2adf4e94f09fe85b742cb # 12:05 95+ 6 Merge 'peterz-queue/sched/core' into devel-hourly-2014100306
git bisect bad 5e8d71d46481296149cee42f6c93c670491886a0 # 12:43 29- 2 Merge 'peterz-queue/perf/urgent' into devel-hourly-2014100306
git bisect bad 3bdd8ee42e47c8360e074bd17198cc71af68496b # 14:02 7- 1 Merge 'peterz-queue/perf/core' into devel-hourly-2014100306
git bisect good 35550da389ba8752f024a44ef14b74001c4fc4d3 # 14:55 300+ 135 perf record: Use strerror_r instead of strerror
git bisect good e5685730e2c620f97bc12380e9370e857e5bd7a7 # 15:18 300+ 31 perf record: Use ring buffer consume method to look like other tools
git bisect good e4b356b56cfe77b800a9bc2e6efefa6a069b8a78 # 15:55 300+ 88 perf evlist: Unmap when all refcounts to fd are gone and events drained
git bisect good 07394b5f13a04f86b27e0ddd96a36c7d9bfe1a4f # 17:35 300+ 132 Merge tag 'perf-core-for-mingo' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux into perf/core
git bisect good dfcdc1a2c512eedb5c707ce84e3ab9ca8e2d276d # 19:40 300+ 10 perf/x86: Use KERN_INFO when checking PMU fails on virtual environment
git bisect good 559cb6657390b8a2f68cfe5aa1a58f41932ecb80 # 21:34 300+ 6 perf tools: add core support for sampling intr machine state regs
git bisect good da2ff6572c79eaceed133cd8bdd253d3fa36c658 # 23:50 300+ 39 perf record: add new -I option to sample interrupted machine state
git bisect bad a54b3e27e27c1bb6d2610eade895c04934c2667e # 00:56 94- 6 perf: improve perf_sample_data struct layout
# first bad commit: [a54b3e27e27c1bb6d2610eade895c04934c2667e] perf: improve perf_sample_data struct layout
git bisect good da2ff6572c79eaceed133cd8bdd253d3fa36c658 # 01:27 900+ 314 perf record: add new -I option to sample interrupted machine state
git bisect bad cd90db63d24d44a6796a77eae18d9c733674297b # 01:27 0- 4 0day head guard for 'devel-hourly-2014100306'
git bisect good ee042ec88022249b848306dd6e87ffd2fd88a839 # 04:51 900+ 16 Merge tag 'md/3.17-final-fix' of git://neil.brown.name/md
This script may reproduce the error.
----------------------------------------------------------------------------
#!/bin/bash
kernel=$1
initrd=quantal-core-i386.cgz
wget --no-clobber https://github.com/fengguang/reproduce-kernel-bug/raw/master/initrd/$initrd
kvm=(
qemu-system-x86_64
-cpu kvm64
-enable-kvm
-kernel $kernel
-initrd $initrd
-m 320
-smp 2
-net nic,vlan=1,model=e1000
-net user,vlan=1
-boot order=nc
-no-reboot
-watchdog i6300esb
-rtc base=localtime
-serial stdio
-display none
-monitor null
)
append=(
hung_task_panic=1
earlyprintk=ttyS0,115200
debug
apic=debug
sysrq_always_enabled
rcupdate.rcu_cpu_stall_timeout=100
panic=-1
softlockup_panic=1
nmi_watchdog=panic
oops=panic
load_ramdisk=2
prompt_ramdisk=0
console=ttyS0,115200
console=tty0
vga=normal
root=/dev/ram0
rw
drbd.minor_count=8
)
"${kvm[@]}" --append "${append[*]}"
----------------------------------------------------------------------------
Thanks,
Fengguang
View attachment "dmesg-quantal-ivb41-127:20141004010255:i386-randconfig-c0-10030750::" of type "text/plain" (42702 bytes)
_______________________________________________
LKP mailing list
LKP@...ux.intel.com
Powered by blists - more mailing lists