lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:	Wed, 26 Nov 2014 12:00:23 -0800
From:	Fengguang Wu <fengguang.wu@...el.com>
To:	"pang.xunlei" <pang.xunlei@...aro.org>
Cc:	John Stultz <john.stultz@...aro.org>, LKP <lkp@...org>,
	linux-kernel@...r.kernel.org
Subject: [time] WARNING: CPU: 0 PID: 1 at kernel/time/timekeeping.c:1337
 update_wall_time()

Greetings,

0day kernel testing robot got the below dmesg and the first bad commit is

git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master

commit 6067dc5a8c2b1b57e67eaf1125db1d63c1ed6361
Author:     pang.xunlei <pang.xunlei@...aro.org>
AuthorDate: Wed Oct 8 15:03:34 2014 +0800
Commit:     John Stultz <john.stultz@...aro.org>
CommitDate: Fri Nov 21 11:59:56 2014 -0800

    time: Avoid possible NTP adjustment mult overflow.
    
    Ideally, __clocksource_updatefreq_scale, selects the largest shift
    value possible for a clocksource. This results in the mult memember of
    struct clocksource being particularly large, although not so large
    that NTP would adjust the clock to cause it to overflow.
    
    That said, nothing actually prohibits an overflow from occuring, its
    just that it "shouldn't" occur.
    
    So while very unlikely, and so far never observed, the value of
    (cs->mult+cs->maxadj) may have a chance to reach very near 0xFFFFFFFF,
    so there is a possibility it may overflow when doing NTP positive
    adjustment
    
    See the following detail: When NTP slewes the clock, kernel goes
    through update_wall_time()->...->timekeeping_apply_adjustment():
    	tk->tkr.mult += mult_adj;
    
    Since there is no guard against it, its possible tk->tkr.mult may
    overflow during this operation.
    
    This patch avoids any possible mult overflow by judging the overflow
    case before adding mult_adj to mult, also adds the WARNING message
    when capturing such case.
    
    Signed-off-by: pang.xunlei <pang.xunlei@...aro.org>
    [jstultz: Reworded commit message]
    Signed-off-by: John Stultz <john.stultz@...aro.org>

+----------------------------------------------------------+------------+------------+---------------+
|                                                          | fd866e2b11 | 6067dc5a8c | next-20141125 |
+----------------------------------------------------------+------------+------------+---------------+
| boot_successes                                           | 60         | 0          | 0             |
| boot_failures                                            | 0          | 20         | 12            |
| WARNING:at_kernel/time/timekeeping.c:#update_wall_time() | 0          | 20         | 12            |
| backtrace:acpi_get_devices                               | 0          | 19         | 12            |
| backtrace:pnpacpi_init                                   | 0          | 19         | 12            |
| backtrace:kernel_init_freeable                           | 0          | 20         | 12            |
| backtrace:pcibios_assign_resources                       | 0          | 1          |               |
+----------------------------------------------------------+------------+------------+---------------+

[    0.789871] IOAPIC[0]: Set routing entry (0-12 -> 0x3c -> IRQ 12 Mode:0 Active:0 Dest:1)
[    0.791002] ------------[ cut here ]------------
[    0.791002] ------------[ cut here ]------------
[    0.791002] WARNING: CPU: 0 PID: 1 at kernel/time/timekeeping.c:1337 update_wall_time+0x3a8/0x56f()
[    0.791002] WARNING: CPU: 0 PID: 1 at kernel/time/timekeeping.c:1337 update_wall_time+0x3a8/0x56f()
[    0.791002] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 3.18.0-rc2-g6067dc5 #280
[    0.791002] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 3.18.0-rc2-g6067dc5 #280
[    0.791002]  0000000000000009 ffff880013803e68 ffffffff81a5803b 0000000000000068

git bisect start 7cc2ecdb63cfae062aeadc7c575a02b6e9cc4dbb 5d01410fe4d92081f349b013a2e7a95429e4f2c9 --
git bisect good c9f4ffa0ef6c4c71735e10e20d363b9de90725ac  # 10:27     20+      0  Merge remote-tracking branch 'l2-mtd/master'
git bisect  bad 0ac890893dfd6c51841f35b9cada0a002ada075d  # 10:33      0-      7  Merge remote-tracking branch 'ftrace/for-next'
git bisect good 4e0bc872f2ddddc08c0c5f18c9de6ef058d8d4fd  # 10:59     20+      0  Merge remote-tracking branch 'battery/master'
git bisect good a86dc53b0ec5196141ee0552805e03e42ba315d2  # 11:05     20+      0  Merge remote-tracking branch 'trivial/for-next'
git bisect  bad 50fa5ed69f4656a571166eac72c5b9108d487e7c  # 11:09      0-      5  Merge remote-tracking branch 'tip/auto-latest'
git bisect good 709de16948ef4b4bdc92fa7bff3808367f184075  # 11:59     20+      0  Merge remote-tracking branch 'devicetree/devicetree/next'
git bisect good daef792655bde9319bdfe5ba04ff42767d7622b4  # 12:05     20+      0  Merge remote-tracking branch 'spi/for-next'
git bisect  bad 0a2b9eac5a4567ca85c5a0daf96196563414765f  # 12:15      0-      3  Merge branch 'timers/core'
git bisect good 4e6e311e596eadba30d4f56f64eae7d45611a01c  # 12:17     20+      0  Merge tag 'perf-core-for-mingo' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux into perf/core
git bisect good 36ce98818a4df66c8134c31fd6e768b4119c7a90  # 12:24     20+      0  sched/deadline: Introduce start_hrtick_dl() for !CONFIG_SCHED_HRTICK
git bisect good 9ea6c5885681e3d9ce9844ba9dc57371a5cfc6d2  # 12:32     20+      0  Merge branches 'torture.2014.11.03a', 'cpu.2014.11.03a', 'doc.2014.11.13a', 'fixes.2014.11.13a', 'signal.2014.10.29a' and 'rt.2014.10.29a' into HEAD
git bisect  bad 21b6c0512e8aca75ce76365e1aef9fb16e007100  # 12:36      0-     18  time: Remove timekeeping_inject_sleeptime()
git bisect  bad 90b6ce9c4066e0b2098dff65e52e6e7df1a51079  # 12:39      0-      1  time: Provide y2038 safe mktime() replacement
git bisect  bad 659bc17b80c692e0ccda757e207fc4666d9b3e71  # 12:55      0-     19  time: Complete NTP adjustment threshold judging conditions
git bisect  bad 6067dc5a8c2b1b57e67eaf1125db1d63c1ed6361  # 12:58      0-     20  time: Avoid possible NTP adjustment mult overflow.
git bisect good fd866e2b116b01d42428491899fe9925c42c121c  # 13:06     20+      0  time: Rename udelay_test.c to test_udelay.c
# first bad commit: [6067dc5a8c2b1b57e67eaf1125db1d63c1ed6361] time: Avoid possible NTP adjustment mult overflow.
git bisect good fd866e2b116b01d42428491899fe9925c42c121c  # 13:09     60+      0  time: Rename udelay_test.c to test_udelay.c
# extra tests on HEAD of next/master
git bisect  bad 7cc2ecdb63cfae062aeadc7c575a02b6e9cc4dbb  # 13:09      0-     12  Add linux-next specific files for 20141125
# extra tests on tree/branch next/master
git bisect  bad 7cc2ecdb63cfae062aeadc7c575a02b6e9cc4dbb  # 13:09      0-     12  Add linux-next specific files for 20141125
# extra tests on tree/branch linus/master
git bisect good b914c5b2130239fd378d1a719ab3c53f0c782be9  # 13:16     60+      0  Merge branch 'for-3.18' of git://linux-nfs.org/~bfields/linux
# extra tests on tree/branch next/master
git bisect  bad 7cc2ecdb63cfae062aeadc7c575a02b6e9cc4dbb  # 13:16      0-     12  Add linux-next specific files for 20141125


This script may reproduce the error.

----------------------------------------------------------------------------
#!/bin/bash

kernel=$1
initrd=yocto-minimal-x86_64.cgz

wget --no-clobber https://github.com/fengguang/reproduce-kernel-bug/raw/master/initrd/$initrd

kvm=(
	qemu-system-x86_64
	-enable-kvm
	-cpu Haswell,+smep,+smap
	-kernel $kernel
	-initrd $initrd
	-m 320
	-smp 1
	-net nic,vlan=1,model=e1000
	-net user,vlan=1
	-boot order=nc
	-no-reboot
	-watchdog i6300esb
	-rtc base=localtime
	-serial stdio
	-display none
	-monitor null 
)

append=(
	hung_task_panic=1
	earlyprintk=ttyS0,115200
	debug
	apic=debug
	sysrq_always_enabled
	rcupdate.rcu_cpu_stall_timeout=100
	panic=-1
	softlockup_panic=1
	nmi_watchdog=panic
	oops=panic
	load_ramdisk=2
	prompt_ramdisk=0
	console=ttyS0,115200
	console=tty0
	vga=normal
	root=/dev/ram0
	rw
	drbd.minor_count=8
)

"${kvm[@]}" --append "${append[*]}"
----------------------------------------------------------------------------

Thanks,
Fengguang

View attachment "dmesg-yocto-kbuild-20:20141126125541:x86_64-randconfig-ha2-1124:3.18.0-rc2-g6067dc5:280" of type "text/plain" (96360 bytes)

View attachment "config-3.18.0-rc2-g6067dc5" of type "text/plain" (88583 bytes)

_______________________________________________
LKP mailing list
LKP@...ux.intel.com

Powered by blists - more mailing lists