| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 25 Jun 2016 08:30:24 +0800
From: kernel test robot <fengguang.wu@...el.com>
To: Arnaldo Carvalho de Melo <acme@...hat.com>
Cc: LKP <lkp@...org>, netdev@...r.kernel.org,
linux-xtensa@...ux-xtensa.org, sparclinux@...r.kernel.org,
linuxppc-dev@...ts.ozlabs.org, linux-mips@...ux-mips.org,
linux-metag@...r.kernel.org, linux-arm-kernel@...ts.infradead.org,
linux-kernel@...r.kernel.org, linux-doc@...r.kernel.org,
Frederic Weisbecker <fweisbec@...il.com>, wfg@...ux.intel.com
Subject: [perf core] c5dfd78eb7: BUG: unable to handle kernel NULL
pointer dereference at 00000c40
Greetings,
0day kernel testing robot got the below dmesg and the first bad commit is
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
commit c5dfd78eb79851e278b7973031b9ca363da87a7e
Author: Arnaldo Carvalho de Melo <acme@...hat.com>
AuthorDate: Thu Apr 21 12:28:50 2016 -0300
Commit: Arnaldo Carvalho de Melo <acme@...hat.com>
CommitDate: Wed Apr 27 10:20:39 2016 -0300
perf core: Allow setting up max frame stack depth via sysctl
The default remains 127, which is good for most cases, and not even hit
most of the time, but then for some cases, as reported by Brendan, 1024+
deep frames are appearing on the radar for things like groovy, ruby.
And in some workloads putting a _lower_ cap on this may make sense. One
that is per event still needs to be put in place tho.
The new file is:
# cat /proc/sys/kernel/perf_event_max_stack
127
Chaging it:
# echo 256 > /proc/sys/kernel/perf_event_max_stack
# cat /proc/sys/kernel/perf_event_max_stack
256
But as soon as there is some event using callchains we get:
# echo 512 > /proc/sys/kernel/perf_event_max_stack
-bash: echo: write error: Device or resource busy
#
Because we only allocate the callchain percpu data structures when there
is a user, which allows for changing the max easily, its just a matter
of having no callchain users at that point.
Reported-and-Tested-by: Brendan Gregg <brendan.d.gregg@...il.com>
Reviewed-by: Frederic Weisbecker <fweisbec@...il.com>
Acked-by: Alexei Starovoitov <ast@...nel.org>
Acked-by: David Ahern <dsahern@...il.com>
Cc: Adrian Hunter <adrian.hunter@...el.com>
Cc: Alexander Shishkin <alexander.shishkin@...ux.intel.com>
Cc: He Kuang <hekuang@...wei.com>
Cc: Jiri Olsa <jolsa@...hat.com>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Masami Hiramatsu <mhiramat@...nel.org>
Cc: Milian Wolff <milian.wolff@...b.com>
Cc: Namhyung Kim <namhyung@...nel.org>
Cc: Peter Zijlstra <peterz@...radead.org>
Cc: Stephane Eranian <eranian@...gle.com>
Cc: Thomas Gleixner <tglx@...utronix.de>
Cc: Vince Weaver <vincent.weaver@...ne.edu>
Cc: Wang Nan <wangnan0@...wei.com>
Cc: Zefan Li <lizefan@...wei.com>
Link: http://lkml.kernel.org/r/20160426002928.GB16708@kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@...hat.com>
+-----------------------------------------------------------+------------+------------+-----------------+
| | c2a218c63b | c5dfd78eb7 | v4.7-rc4_062414 |
+-----------------------------------------------------------+------------+------------+-----------------+
| boot_successes | 910 | 305 | 67 |
| boot_failures | 0 | 5 | 53 |
| Oops | 0 | 5 | 2 |
| EIP_is_at_perf_prepare_sample | 0 | 5 | |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 5 | 2 |
| BUG:unable_to_handle_kernel | 0 | 4 | 1 |
| backtrace:iterate_dir | 0 | 1 | |
| backtrace:SyS_getdents64 | 0 | 1 | |
| EIP_is_at_get_perf_callchain | 0 | 0 | 2 |
| BUG:kernel_test_crashed | 0 | 0 | 7 |
| IP-Config:Auto-configuration_of_network_failed | 0 | 0 | 2 |
| WARNING:at_arch/x86/mm/extable.c:#ex_handler_rdmsr_unsafe | 0 | 0 | 42 |
| backtrace:native_calibrate_cpu | 0 | 0 | 42 |
| backtrace:tsc_init | 0 | 0 | 42 |
| backtrace:x86_late_time_init | 0 | 0 | 42 |
+-----------------------------------------------------------+------------+------------+-----------------+
[main] 375 sockets created based on info from socket cachefile.
[main] Generating file descriptors
[main] Added 889 filenames from /dev
[ 56.590952] BUG: unable to handle kernel NULL pointer dereference at 00000c40
[ 56.598975] IP: [<790e4f29>] perf_prepare_sample+0x229/0x330
[ 56.599783] *pde = 00000000
[ 56.601158] Oops: 0000 [#1] SMP
[ 56.604020] CPU: 1 PID: 398 Comm: trinity-main Not tainted 4.6.0-rc4-00181-gc5dfd78 #1
[ 56.607177] task: 83584200 ti: 83778000 task.ti: 83778000
[ 56.610893] EIP: 0060:[<790e4f29>] EFLAGS: 00010002 CPU: 1
[ 56.611717] EIP is at perf_prepare_sample+0x229/0x330
[ 56.613429] EAX: 00000c40 EBX: 83779d14 ECX: 00000008 EDX: 0000019d
[ 56.615646] ESI: 83779e00 EDI: 89d0e400 EBP: 83779cfc ESP: 83779ce4
[ 56.619967] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
[ 56.621607] CR0: 80050033 CR2: 00000c40 CR3: 12087000 CR4: 00000690
[ 56.622546] DR0: 6f062000 DR1: 00000000 DR2: 00000000 DR3: 00000000
[ 56.624617] DR6: ffff0ff0 DR7: 00000600
[ 56.625979] Stack:
[ 56.626276] 00000000 00000000 000307e6 89d0e400 83779e00 890e38c0 83779d40 790e5098
[ 56.630229] 890e38c0 00000000 00000000 790e5030 00000009 00480001 835846c0 83584200
[ 56.639146] 00000000 83779d70 79092d70 0002c018 00000007 89d0e400 00000000 83779d68
[ 56.642142] Call Trace:
[ 56.642528] [<790e5098>] perf_event_output_forward+0x68/0x130
[ 56.645403] [<790e5030>] ? perf_prepare_sample+0x330/0x330
[ 56.648553] [<79092d70>] ? __lock_acquire+0x4d0/0xbd0
[ 56.651322] [<790dd1b9>] __perf_event_overflow+0xa9/0x220
[ 56.653819] [<790e5a5f>] perf_swevent_overflow+0x4f/0x90
[ 56.654639] [<790e5b6d>] perf_swevent_event+0xcd/0x100
[ 56.658184] [<790e60cb>] ___perf_sw_event+0x26b/0x300
[ 56.660930] [<790e5e82>] ? ___perf_sw_event+0x22/0x300
[ 56.664053] [<79076260>] ? set_next_entity+0x4b0/0xcd0
[ 56.667992] [<7907e9fd>] ? pick_next_task_fair+0x6cd/0x700
[ 56.669659] [<796150a4>] ? __schedule+0xb4/0x830
[ 56.670383] [<7906afc0>] ? update_rq_clock+0x80/0xa0
[ 56.672287] [<7961537f>] __schedule+0x38f/0x830
[ 56.676127] [<79615871>] schedule+0x21/0x40
[ 56.677534] [<79000b9d>] exit_to_usermode_loop+0x7d/0xa0
[ 56.678284] [<7900100f>] do_int80_syscall_32+0xcf/0x150
[ 56.684207] [<7961a703>] entry_INT80_32+0x2f/0x2f
[ 56.686974] Code: f1 ff f6 45 f0 20 89 46 38 c7 46 3c 00 00 00 00 0f 84 4a fe ff ff 8b 55 08 89 f8 e8 32 4a 00 00 85 c0 89 46 68 0f 84 d7 00 00 00 <8b> 00 40 c1 e0 03 66 01 43 06 e9 26 fe ff ff 8b 45 08 8b 40 34
[ 56.695205] EIP: [<790e4f29>] perf_prepare_sample+0x229/0x330 SS:ESP 0068:83779ce4
[ 56.696421] CR2: 0000000000000c40
[ 56.698982] ---[ end trace 3c0cfd42bd35a255 ]---
[ 56.699680] Kernel panic - not syncing: Fatal exception
git bisect start 33688abb2802ff3a230bd2441f765477b94cc89e v4.6 --
git bisect bad 48dd7cefa010b704eb2532a2883798fd6d703a0e # 23:14 0- 1 Merge tag 'vfio-v4.7-rc1' of git://github.com/awilliam/linux-vfio
git bisect bad 676d9735cd010fc439566e2b6e9b6adc3e1179ef # 23:19 0- 1 Merge tag 'rpmsg-v4.7' of git://github.com/andersson/remoteproc
git bisect bad 7f427d3a6029331304f91ef4d7cf646f054216d2 # 23:27 110- 26 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
git bisect bad ce6a01c2d50e1d400cb6d492841f9b1932034fc2 # 23:32 9- 2 Merge tag 'metag-for-v4.7' of git://git.kernel.org/pub/scm/linux/kernel/git/jhogan/metag
git bisect bad 36db171cc733bc7b8c628ef21831467d1919decd # 23:46 0- 1 Merge branch 'perf-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
git bisect good 230e51f21101e49c8d73018d414adbd0d57459a1 # 23:57 310+ 4 Merge branch 'core-signals-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
git bisect good 1c19b68a279c58d6da4379bf8b6d679a300a1daf # 00:07 310+ 18 Merge branch 'locking-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
git bisect good 3469d261eac65912927dca13ee8f77c744ad7aa2 # 00:18 310+ 27 Merge branch 'locking-rwsem-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
git bisect good f56ebf20d0f535f5da7cfcf0000ab3e0af133f81 # 00:40 310+ 0 perf jit: memset() variable 'st' using the correct size
git bisect bad 5101ef20f0ef1de79091a1fdb6b1a7f07565545a # 00:44 0- 3 perf/arm: Special-case hetereogeneous CPUs
git bisect good 4bd112df3eea4db63fe90fb4e83c48d3f3bd6512 # 01:05 303+ 0 tools lib api fs: Add helper to read string from procfs file
git bisect bad 3dcc4436fa6f09ce093ff59bf8477c3059dc46df # 01:17 7- 1 perf tools: Introduce trigger class
git bisect bad 4cb93446c587d56e2a54f4f83113daba2c0b6dee # 01:22 3- 1 perf tools: Set the maximum allowed stack from /proc/sys/kernel/perf_event_max_stack
git bisect good c61fb959df898b994382d586046d7704476ff503 # 04:04 310+ 0 perf probe: Fix module probe issue if no dwarf support
git bisect good c2a218c63ba36946aca5943c0c8ebd3a42e3dc4b # 06:47 310+ 0 perf bench: Remove one more die() call
git bisect bad c5dfd78eb79851e278b7973031b9ca363da87a7e # 07:57 33- 2 perf core: Allow setting up max frame stack depth via sysctl
# first bad commit: [c5dfd78eb79851e278b7973031b9ca363da87a7e] perf core: Allow setting up max frame stack depth via sysctl
git bisect good c2a218c63ba36946aca5943c0c8ebd3a42e3dc4b # 08:06 910+ 0 perf bench: Remove one more die() call
# extra tests with CONFIG_DEBUG_INFO_REDUCED
git bisect bad c5dfd78eb79851e278b7973031b9ca363da87a7e # 08:10 0- 3 perf core: Allow setting up max frame stack depth via sysctl
# extra tests on HEAD of linux-devel/devel-hourly-2016062414
git bisect bad e8d665056895dafedd7882bfe250ff6cf7dfbc0d # 08:10 0- 53 0day head guard for 'devel-hourly-2016062414'
# extra tests on tree/branch linus/master
git bisect bad 63c04ee7d3b7c8d8e2726cb7c5f8a5f6fcc1e3b2 # 08:22 0- 3 Merge tag 'upstream-4.7-rc5' of git://git.infradead.org/linux-ubifs
# extra tests on tree/branch linus/master
git bisect bad 63c04ee7d3b7c8d8e2726cb7c5f8a5f6fcc1e3b2 # 08:23 0- 5 Merge tag 'upstream-4.7-rc5' of git://git.infradead.org/linux-ubifs
# extra tests on tree/branch linux-next/master
git bisect bad 2cf991dfda8b36d2878c249bcdf492366ec24c19 # 08:29 14- 1 Add linux-next specific files for 20160624
This script may reproduce the error.
----------------------------------------------------------------------------
#!/bin/bash
kernel=$1
initrd=quantal-core-i386.cgz
wget --no-clobber https://github.com/fengguang/reproduce-kernel-bug/raw/master/initrd/$initrd
kvm=(
qemu-system-x86_64
-enable-kvm
-cpu kvm64
-kernel $kernel
-initrd $initrd
-m 300
-smp 2
-device e1000,netdev=net0
-netdev user,id=net0
-boot order=nc
-no-reboot
-watchdog i6300esb
-rtc base=localtime
-serial stdio
-display none
-monitor null
)
append=(
hung_task_panic=1
earlyprintk=ttyS0,115200
systemd.log_level=err
debug
apic=debug
sysrq_always_enabled
rcupdate.rcu_cpu_stall_timeout=100
panic=-1
softlockup_panic=1
nmi_watchdog=panic
oops=panic
load_ramdisk=2
prompt_ramdisk=0
console=ttyS0,115200
console=tty0
vga=normal
root=/dev/ram0
rw
drbd.minor_count=8
)
"${kvm[@]}" --append "${append[*]}"
----------------------------------------------------------------------------
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/lkp Intel Corporation
Download attachment "dmesg-quantal-kbuild-53:20160625075710:i386-randconfig-h0-06242012:4.6.0-rc4-00181-gc5dfd78:1.gz" of type "application/gzip" (16435 bytes)
View attachment "config-4.6.0-rc4-00181-gc5dfd78" of type "text/plain" (82565 bytes)
Powered by blists - more mailing lists