lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Mon, 14 Dec 2015 21:00:10 +0800
From:	Fengguang Wu <fengguang.wu@...el.com>
To:	Marc Zyngier <marc.zyngier@....com>
Cc:	lkp@...org, kernel test robot <ying.huang@...ux.intel.com>,
	LKML <linux-kernel@...r.kernel.org>
Subject: [hrtimer] BUG: unable to handle kernel NULL pointer dereference at
 00000010

Hi Marc,

FYI, this bisect shows commit f144b632 also has the problem.

https://git.kernel.org/pub/scm/linux/kernel/git/maz/arm-platforms.git hrtimer/monotonic-raw

commit f144b6329838b2996b64a070cb1b99dcf6f0bb30
Author:     Marc Zyngier <marc.zyngier@....com>
AuthorDate: Sun Dec 13 14:42:14 2015 +0000
Commit:     Marc Zyngier <marc.zyngier@....com>
CommitDate: Sun Dec 13 15:04:33 2015 +0000

    hrtimer: Add support for CLOCK_MONOTONIC_RAW
    
    The KVM/ARM timer implementation arms a hrtimer when a vcpu is
    blocked (usually because it is waiting for an interrupt)
    while its timer is going to kick in the future.
    
    It is essential that this timer doesn't get adjusted, or the
    guest will end up being woken-up at the wrong time (NTP seems
    to confuse the hell of some guests when running on the host).
    
    In order to allow this, let's add CLOCK_MONOTONIC_RAW support
    to hrtimer (it is so far only supported for userspace). It also
    has the (limited) benefit of fixing de0421d53bfb ("mac80211_hwsim:
    shuffle code to prepare for dynamic radios"), which already uses
    this functionnality without it being implemented (just being
    lucky...).
    
    Signed-off-by: Marc Zyngier <marc.zyngier@....com>

+------------------------------------------------+----------+------------+------------+
|                                                | v4.4-rc4 | f144b63298 | abb6cc75ee |
+------------------------------------------------+----------+------------+------------+
| boot_successes                                 | 644      | 152        | 0          |
| boot_failures                                  | 16       | 2          | 17         |
| BUG:kernel_boot_hang                           | 6        |            |            |
| IP-Config:Auto-configuration_of_network_failed | 10       |            |            |
| BUG:unable_to_handle_kernel                    | 0        | 2          | 17         |
| Oops                                           | 0        | 2          | 17         |
| EIP_is_at_hrtimer_get_next_event               | 0        | 2          | 17         |
| Kernel_panic-not_syncing:Fatal_exception       | 0        | 2          | 17         |
| backtrace:cpu_startup_entry                    | 0        | 2          | 17         |
+------------------------------------------------+----------+------------+------------+

[    5.466489] init: Failed to create pty - disabling logging for job
[    5.473086] init: Failed to create pty - disabling logging for job
Kernel tests: Boot OK!
[   15.299670] BUG: unable to handle kernel NULL pointer dereference at 00000010
[   15.301386] IP: [<c110e4c8>] hrtimer_get_next_event+0xd8/0x1f0
[   15.302799] *pdpt = 0000000011cef001 *pde = 0000000000000000 
[   15.304228] Oops: 0000 [#1] 
[   15.305163] Modules linked in:
[   15.306124] CPU: 0 PID: 0 Comm: swapper Not tainted 4.4.0-rc4-00001-gf144b63 #1
[   15.308079] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Debian-1.8.2-1 04/01/2014
[   15.310269] task: c1c30140 ti: c1c28000 task.ti: c1c28000
[   15.311556] EIP: 0060:[<c110e4c8>] EFLAGS: 00210002 CPU: 0
[   15.312855] EIP is at hrtimer_get_next_event+0xd8/0x1f0
[   15.314105] EAX: 00000001 EBX: 00000003 ECX: 00000000 EDX: c1c70980
[   15.315570] ESI: 00000034 EDI: 00000000 EBP: c1c29e9c ESP: c1c29e70
[   15.316991]  DS: 007b ES: 007b FS: 0000 GS: 0000 SS: 0068
[   15.318295] CR0: 8005003b CR2: 00000010 CR3: 123d06c0 CR4: 000006f0
[   15.319748] Stack:
[   15.320497]  00200046 00000031 00000000 851f015e 00000002 00000000 01010000 00000003
[   15.323460]  fffba63f 78d31000 00000003 c1c29f64 c110c153 00000004 00000000 00000004
[   15.326289]  8e7f8ead 00000004 8d0d08ce 00000004 00000000 00000001 fffba63e c1c29ed8
[   15.328927] Call Trace:
[   15.329732]  [<c110c153>] get_next_timer_interrupt+0x243/0x9d0
[   15.331050]  [<c10718c2>] ? pvclock_clocksource_read+0xe2/0x2c0
[   15.333965]  [<c112b405>] ? tick_program_event+0xd5/0x130
[   15.335223]  [<c106f910>] ? kvm_sched_clock_read+0x30/0x70
[   15.336502]  [<c10144d7>] ? sched_clock+0x17/0x30
[   15.338044]  [<c10da449>] ? sched_clock_cpu+0x49/0x240
[   15.339727]  [<c112c1ca>] __tick_nohz_idle_enter+0x70a/0x840
[   15.341450]  [<c112cc0e>] tick_nohz_idle_enter+0x12e/0x1c0
[   15.342718]  [<c10e3759>] cpu_idle_loop+0xa9/0x780
[   15.343920]  [<c10e3e5e>] cpu_startup_entry+0x2e/0x30
[   15.345122]  [<c1a19c46>] rest_init+0xe6/0x100
[   15.346500]  [<c1df77fb>] start_kernel+0x9d8/0x9ed
[   15.347661]  [<c1df6344>] i386_start_kernel+0x10e/0x120
[   15.348877] Code: 09 c7 c1 89 4d dc eb 16 8d 76 00 83 45 e4 01 c6 45 ef 01 83 55 e8 00 83 c2 20 d1 e8 74 3e 83 c6 01 83 d7 00 a8 01 74 e3 8b 4a 10 <8b> 59 10 8b 49 0c 2b 4a 18 1b 5a 1c 3b 5d f0 7f db 7c 05 3b 4d
[   15.356618] EIP: [<c110e4c8>] hrtimer_get_next_event+0xd8/0x1f0 SS:ESP 0068:c1c29e70
[   15.358711] CR2: 0000000000000010
[   15.359634] ---[ end trace 06172c6b5101e6ea ]---
[   15.360765] Kernel panic - not syncing: Fatal exception

git bisect start abb6cc75eeed7e929d106d3bb331fbea62b75421 527e9316f8ec44bd53d90fb9f611fa7ffff52bb9 --
git bisect  bad 7704041cff9ed96df680e5c286c97d8b0b1ee164  # 01:38      0-     44  Merge 'linux-review/Paul-Gortmaker/drivers-pci-avoid-module_init-in-non-modular-host-pci/20151213-094811' into devel-spot-201512132342
git bisect  bad b8d3a14e5074c9c67216a0c892828927bc2fba73  # 01:38      0-      4  Merge 'drm-exynos/exynos-drm-next' into devel-spot-201512132342
git bisect  bad d630073ad2301da0a11521746b5911ee0ecc3980  # 01:38      0-      3  Merge 'linux-review/Yoshihiro-Kaneko/ravb-Remove-clear-unhandled-interrupt/20151213-232031' into devel-spot-201512132342
git bisect  bad 12fdbff8a5fdecfd75c4d4974f5a0f9366fdc3cb  # 01:46      0-      8  Merge 'arm-platforms/hrtimer/monotonic-raw' into devel-spot-201512132342
git bisect good 2346da3a815459d7f049802688b885a2bd4095e0  # 01:54    148+      2  0day base guard for 'devel-spot-201512132342'
git bisect good 01440bcdb89558614980818ca10c8562d4fa9d13  # 02:05    147+      0  Merge 'linux-review/Wang-Zhi-A/mm-mempool-Factor-out-mempool_refill/20151213-233708' into devel-spot-201512132342
git bisect  bad 512d7dce5e97b2242cd50032ae7cf56c63342f2c  # 02:16      0-      5  hrtimer: Catch illegal clockids
git bisect  bad f144b6329838b2996b64a070cb1b99dcf6f0bb30  # 02:31      4-      1  hrtimer: Add support for CLOCK_MONOTONIC_RAW
# first bad commit: [f144b6329838b2996b64a070cb1b99dcf6f0bb30] hrtimer: Add support for CLOCK_MONOTONIC_RAW
git bisect good 527e9316f8ec44bd53d90fb9f611fa7ffff52bb9  # 02:43    421+     15  Linux 4.4-rc4
# extra tests with DEBUG_INFO
git bisect  bad f144b6329838b2996b64a070cb1b99dcf6f0bb30  # 02:54     67-      1  hrtimer: Add support for CLOCK_MONOTONIC_RAW
# extra tests on HEAD of linux-devel/devel-spot-201512132342
git bisect  bad abb6cc75eeed7e929d106d3bb331fbea62b75421  # 02:54      0-     17  0day head guard for 'devel-spot-201512132342'
# extra tests on tree/branch arm-platforms/hrtimer/monotonic-raw
git bisect  bad 770b0e16b97493b02d358e882630cda9fd2bb2ed  # 03:03      0-     19  KVM: arm/arm64: timer: Switch to CLOCK_MONOTONIC_RAW
# extra tests with first bad commit reverted
git bisect  bad 4d33ba53a9e70d2a5ea670c44b2e0cfe70993083  # 03:17      0-     58  Revert "hrtimer: Add support for CLOCK_MONOTONIC_RAW"
# extra tests on tree/branch linus/master
git bisect good 097b285d32c7cb22dd4af2286ba61668a6c367ef  # 03:28    427+      2  Merge tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc
# extra tests on tree/branch linux-next/master
git bisect  bad 9379b045413ee30c88965e81d376af989ec32cf3  # 03:30      0-      5  Add linux-next specific files for 20151211


This script may reproduce the error.

----------------------------------------------------------------------------
#!/bin/bash

kernel=$1
initrd=quantal-core-i386.cgz

wget --no-clobber https://github.com/fengguang/reproduce-kernel-bug/raw/master/initrd/$initrd

kvm=(
	qemu-system-x86_64
	-enable-kvm
	-cpu kvm64
	-kernel $kernel
	-initrd $initrd
	-m 300
	-smp 2
	-device e1000,netdev=net0
	-netdev user,id=net0
	-boot order=nc
	-no-reboot
	-watchdog i6300esb
	-rtc base=localtime
	-serial stdio
	-display none
	-monitor null 
)

append=(
	hung_task_panic=1
	earlyprintk=ttyS0,115200
	systemd.log_level=err
	debug
	apic=debug
	sysrq_always_enabled
	rcupdate.rcu_cpu_stall_timeout=100
	panic=-1
	softlockup_panic=1
	nmi_watchdog=panic
	oops=panic
	load_ramdisk=2
	prompt_ramdisk=0
	console=ttyS0,115200
	console=tty0
	vga=normal
	root=/dev/ram0
	rw
	drbd.minor_count=8
)

"${kvm[@]}" --append "${append[*]}"
----------------------------------------------------------------------------

---
0-DAY kernel test infrastructure                Open Source Technology Center
https://lists.01.org/pipermail/lkp                          Intel Corporation

View attachment "dmesg-quantal-ivb41-10:20151214022727:i386-randconfig-c0-12132352:4.4.0-rc4-00001-gf144b63:1" of type "text/plain" (46647 bytes)

View attachment "dmesg-quantal-intel12-1:20151214014244:i386-randconfig-c0-12132352:4.4.0-rc4:41" of type "text/plain" (35020 bytes)

View attachment "config-4.4.0-rc4-00001-gf144b63" of type "text/plain" (81902 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ