| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 18 Apr 2017 12:46:36 +0800
From: kernel test robot <fengguang.wu@...el.com>
To: "Anna-Maria Gleixner" <anna-maria@...utronix.de>
Cc: LKP <lkp@...org>, linux-kernel@...r.kernel.org,
Thomas Gleixner <tglx@...utronix.de>, wfg@...ux.intel.com
Subject: [timer] 6a3164fa4c: BUG: unable to handle kernel NULL pointer
dereference at 00000010
Greetings,
0day kernel testing robot got the below dmesg and the first bad commit is
https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git WIP.timers
commit 6a3164fa4cd35a587b5bb2e4bd86b75900af8286
Author: Anna-Maria Gleixner <anna-maria@...utronix.de>
AuthorDate: Mon Mar 20 10:34:20 2017 +0100
Commit: Thomas Gleixner <tglx@...utronix.de>
CommitDate: Mon Apr 17 20:04:48 2017 +0200
timer: Implement the hierarchical pull model
Placing timers at enqueue time on a target CPU based on dubious heuristics
does not make any sense:
1) Most timer wheel timers are canceled or rearmed before they expire.
2) The heuristics to predict which CPU will be busy when the timer expires
are wrong by definition.
So we waste precious cycles to place timers at enqueue time.
The proper solution to this problem is to always queue the timers on the
local CPU and allow the non pinned timers to be pulled onto a busy CPU at
expiry time.
To achieve this the timer storage has been split into local pinned and
global timers. Local pinned timers are always expired on the CPU on which
they have been queued. Global timers can be expired on any CPU.
As long as a CPU is busy it expires both local and global timers. When a
CPU goes idle it arms for the first expiring local timer. If the first
expiring pinned (local) timer is before the first expiring movable timer,
then no action is required because the CPU will wake up before the first
movable timer expires. If the first expiring movable timer is before the
first expiring pinned (local) timer, then this timer is queued into a idle
timerqueue and eventually expired by some other active CPU.
To avoid global locking the timerqueues are implemented as a hierarchy. The
lowest level of the hierarchy holds the CPUs. The CPUs are associated to
groups of 8, which are seperated per node. If more than one CPU group
exist, then a second level in the hierarchy collects the groups. Depending
on the size of the system more than 2 levels are required. Each group has a
"migrator" which checks the timerqueue during the tick for remote expirable
timers.
If the last CPU in a group goes idle it reports the first expiring event in
the group up to the next group(s) in the hierarchy. If the last CPU goes
idle it arms its timer for the first system wide expiring timer to ensure
that no timer event is missed.
Signed-off-by: Anna-Maria Gleixner <anna-maria@...utronix.de>
Signed-off-by: Thomas Gleixner <tglx@...utronix.de>
212ebf2ad5 tick/sched: Split out jiffies update helper function
6a3164fa4c timer: Implement the hierarchical pull model
c0b7a5dbb8 timer: Always queue timers on the local CPU
d36d99770e Merge branch 'timers/core'
+-----------------------------------------------------+------------+------------+------------+------------+
| | 212ebf2ad5 | 6a3164fa4c | c0b7a5dbb8 | d36d99770e |
+-----------------------------------------------------+------------+------------+------------+------------+
| boot_successes | 2 | 0 | 0 | 0 |
| boot_failures | 46 | 15 | 15 | 14 |
| WARNING:at_arch/x86/mm/dump_pagetables.c:#note_page | 46 | 0 | 0 | 12 |
| BUG:unable_to_handle_kernel | 0 | 15 | 15 | |
| Oops:#[##] | 0 | 15 | 15 | |
| EIP:tmigr_get_group | 0 | 15 | 15 | |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 15 | 15 | |
| WARNING:at_kernel/locking/lockdep.c:#lock_release | 0 | 0 | 0 | 14 |
| EIP:lock_release | 0 | 0 | 0 | 14 |
| EIP:note_page | 0 | 0 | 0 | 12 |
+-----------------------------------------------------+------------+------------+------------+------------+
[ 0.001000] RCU dyntick-idle grace-period acceleration is enabled.
[ 0.001000] RCU restricting CPUs from NR_CPUS=32 to nr_cpu_ids=1.
[ 0.001000] RCU: Adjusting geometry for rcu_fanout_leaf=16, nr_cpu_ids=1
[ 0.001000] NR_IRQS:2304 nr_irqs:48 16
[ 0.001000] CPU 0 irqstacks, hard=d1c0e000 soft=d1c10000
[ 0.001000] BUG: unable to handle kernel NULL pointer dereference at 00000010
[ 0.001000] IP: tmigr_get_group+0x1f/0x120
[ 0.001000] *pdpt = 0000000000000000 *pde = f000ff53f000ff53
[ 0.001000]
[ 0.001000] Oops: 0000 [#1] PREEMPT SMP
[ 0.001000] Modules linked in:
[ 0.001000] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.11.0-rc7-00008-g6a3164f #1
[ 0.001000] task: cf3edbc0 task.stack: cf3e4000
[ 0.001000] EIP: tmigr_get_group+0x1f/0x120
[ 0.001000] EFLAGS: 00210002 CPU: 0
[ 0.001000] EAX: 00000000 EBX: 00000000 ECX: 00000010 EDX: 00000000
[ 0.001000] ESI: 00000000 EDI: 00000000 EBP: cf3e5ed4 ESP: cf3e5ec4
[ 0.001000] DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068
[ 0.001000] CR0: 80050033 CR2: 00000010 CR3: 0f64b000 CR4: 000006b0
[ 0.001000] Call Trace:
[ 0.001000] tmigr_cpu_online+0x58/0x1d0
[ 0.001000] cpuhp_invoke_callback+0x55/0x130
[ 0.001000] cpuhp_issue_call+0xab/0xe0
[ 0.001000] __cpuhp_setup_state+0xc7/0x150
[ 0.001000] tmigr_init+0x90/0x107
[ 0.001000] ? tmigr_cpu_activate+0x80/0x80
[ 0.001000] ? tmigr_set_cpu_active+0x90/0x90
[ 0.001000] init_timers+0x75/0x7a
[ 0.001000] start_kernel+0x1e5/0x351
[ 0.001000] i386_start_kernel+0x9c/0xa0
[ 0.001000] startup_32_smp+0x16b/0x16d
[ 0.001000] Code: 00 89 d8 e8 d4 30 08 00 5b 5d c3 90 55 89 e5 57 56 53 89 c7 8d 04 d5 00 00 00 00 89 d6 83 ec 04 8b 0d e4 3a 47 cf 89 45 f0 01 c1 <8b> 11 39 d1 74 35 8b 1d e8 3a 47 cf 8d 42 a4 66 90 39 de 73 05
[ 0.001000] EIP: tmigr_get_group+0x1f/0x120 SS:ESP: 0068:cf3e5ec4
[ 0.001000] CR2: 0000000000000010
[ 0.001000] ---[ end trace f68728a0d3053b52 ]---
[ 0.001000] Kernel panic - not syncing: Fatal exception
# HH:MM RESULT GOOD BAD GOOD_BUT_DIRTY DIRTY_NOT_BAD
git bisect start f63da9f79d9c74f9237d990f211e5963ae8a0425 4f7d029b9bf009fbee76bb10c0c4351a1870d2f3 --
git bisect good 4b2cdb5cc0cd5bc40242c857dd52f163137eea22 # 07:48 G 11 0 11 13 Merge 'linux-review/Vincent-Legoll/Make-DMABUF-a-menuconfig-to-ease-disabling-it-all/20170417-184053' into devel-spot-201704180434
git bisect good 8c78507b1b76114c75b53b4b7e76401eb86fae36 # 08:07 G 10 0 10 10 Merge 'tty/tty-testing' into devel-spot-201704180434
git bisect good 007ccfe45eee63230309a82b03f2f4ba612742c0 # 08:26 G 11 0 11 13 Merge 'opa/master' into devel-spot-201704180434
git bisect good f2a80162975e18f55a9281e945bb3aa4bf1314fd # 08:38 G 11 0 11 12 Merge 'jikos-livepatching/for-4.12/upstream' into devel-spot-201704180434
git bisect good 41b52e1e8b556fd3268da459122f637dad2feff6 # 09:28 G 10 0 10 14 Merge 'linux-review/Maciej-S-Szmigiero/watchdog-f71808e_wdt-Add-F71868-support/20170418-044159' into devel-spot-201704180434
git bisect bad 8e9ff23a44c97eb7a42a110eafcf86b2b7c484f3 # 09:48 B 0 6 17 0 Merge 'tip/WIP.timers' into devel-spot-201704180434
git bisect good 47257abd09938b107f29b6b03b3a8c1ad373c3c0 # 10:04 G 11 0 11 11 timer: Keep the pinned timers separate from the others
git bisect good 59a9e6d57304ffbaf670084d1040b290a1f2e3e0 # 10:22 G 11 0 11 11 timer: Restructure internal locking
git bisect bad 6a3164fa4cd35a587b5bb2e4bd86b75900af8286 # 10:47 B 0 2 14 1 timer: Implement the hierarchical pull model
git bisect good 212ebf2ad56301d4b0369f4275d0fd8e04868355 # 11:12 G 10 0 10 10 tick/sched: Split out jiffies update helper function
# first bad commit: [6a3164fa4cd35a587b5bb2e4bd86b75900af8286] timer: Implement the hierarchical pull model
git bisect good 212ebf2ad56301d4b0369f4275d0fd8e04868355 # 11:44 G 30 0 30 40 tick/sched: Split out jiffies update helper function
# extra tests with CONFIG_DEBUG_INFO_REDUCED
git bisect bad 6a3164fa4cd35a587b5bb2e4bd86b75900af8286 # 12:00 B 0 8 19 0 timer: Implement the hierarchical pull model
# extra tests on HEAD of linux-devel/devel-spot-201704180434
git bisect bad f63da9f79d9c74f9237d990f211e5963ae8a0425 # 12:01 B 0 23 41 4 0day head guard for 'devel-spot-201704180434'
# extra tests on tree/branch tip/WIP.timers
git bisect bad c0b7a5dbb870d1660aa5e566c5ce9972290a2bed # 12:21 B 0 3 14 0 timer: Always queue timers on the local CPU
# extra tests on tree/branch tip/master
git bisect good d36d99770e402abb6c1dc149be8602d9eb565c22 # 12:46 G 10 0 10 13 Merge branch 'timers/core'
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/lkp Intel Corporation
Download attachment "dmesg-yocto-lkp-nhm-dp1-8:20170418104731:i386-randconfig-h0-04180601:4.11.0-rc7-00008-g6a3164f:1.gz" of type "application/gzip" (4566 bytes)
Download attachment "dmesg-vm-vp-quantal-i386-31:20170418115114:i386-randconfig-h0-04180601:4.11.0-rc7-00007-g212ebf2:1.gz" of type "application/gzip" (29439 bytes)
View attachment "reproduce-yocto-lkp-nhm-dp1-8:20170418104731:i386-randconfig-h0-04180601:4.11.0-rc7-00008-g6a3164f:1" of type "text/plain" (733 bytes)
View attachment "config-4.11.0-rc7-00008-g6a3164f" of type "text/plain" (110502 bytes)
Powered by blists - more mailing lists