216187 – [v4.19][idle][hrtimer] cpu idle boot hrtimer report null-pointer

Bug 216187 - [v4.19][idle][hrtimer] cpu idle boot hrtimer report null-pointer

Summary: [v4.19][idle][hrtimer] cpu idle boot hrtimer report null-pointer

Status:	NEW

Alias:	None

Product:	Timers
Classification:	Unclassified
Component:	Other (show other bugs)
Hardware:	ARM Linux

Importance:	P1 normal
Assignee:	john stultz

URL:
Keywords:

Depends on:
Blocks:

Reported:	2022-06-29 01:16 UTC by Bill_heyuegui
Modified:	2022-06-29 06:20 UTC (History)
CC List:	0 users

See Also:
Kernel Version:	4.19.219
Subsystem:
Regression:	No
Bisected commit-id:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Bill_heyuegui 2022-06-29 01:16:17 UTC

Hi Guys,

When using linux v4.19, keep restarting to test stability. I found two panic about hrtimer,

Panic1,
[   13.018610@0] Unable to handle kernel read from unreadable memory at virtual address 0000000000000000
[   13.022183@0] Mem abort info:
[   13.025108@0]   ESR = 0x96000005
[   13.028300@0]   Exception class = DABT (current EL), IL = 32 bits
[   13.034336@0]   SET = 0, FnV = 0
[   13.037527@0]   EA = 0, S1PTW = 0
[   13.040804@0] Data abort info:
[   13.043824@0]   ISV = 0, ISS = 0x00000005
[   13.047791@0]   CM = 0, WnR = 0
[   13.050901@0] user pgtable: 4k pages, 39-bit VAs, pgdp = 0000000052e4f0cf
[   13.057625@0] [0000000000000000] pgd=0000000000000000, pud=0000000000000000
[   13.064527@0] Internal error: Oops: 96000005 [#1] PREEMPT SMP
[   13.070217@0] Modules linked in:
[   13.073410@0] Process swapper/0 (pid: 0, stack limit = 0x000000000fd1f294)
[   13.080228@0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.19.219-gb454b369606f #1
[   13.087639@0] Hardware name: AML KKK B1 Board (DT)
[   13.092904@0] pstate: 60400085 (nZCv daIf +PAN -UAO)
[   13.097828@0] pc : rb_erase_cached+0x1c0/0x3dc
[   13.102229@0] lr : timerqueue_del+0x2c/0x50
[   13.106356@0] sp : ffffff8008b63de0
[   13.109805@0] x29: ffffff8008b63de0 x28: ffffffc01f796d80 
[   13.115239@0] x27: ffffff8008b6dc10 x26: 0000000000000001 
[   13.117534@1] android_work: sent uevent USB_STATE=CONNECTED
[   13.120672@0] x25: 0000000000000000 x24: 0000000000000000 
[   13.120679@0] x23: 000000031a692400 x22: 0000000000000000 
[   13.120686@0] x21: 0000000000000002 x20: ffffffc01f796de0 
[   13.120693@0] x19: ffffffc01f797298 x18: 000000000000000e 
[   13.120699@0] x17: 0000000000000000 x16: 0000000000000000 
[   13.120707@0] x15: 0000000000000000 x14: ffffffc01f797298 
[   13.120718@0] x13: ffffff8009853ca0 x12: ffffff8009853cb0 
[   13.120729@0] x11: ffffff8009853ca0 x10: 0000000000000000 
[   13.126318@1] aml_usb_notifier_func ...
[   13.131625@0] x9 : 0000000000000000 x8 : ffffff8009e73d80 
[   13.131632@0] x7 : 000001cf0416a0ec x6 : 00003489346b00d8 
[   13.131639@0] x5 : ffffff800a303d60 x4 : ffffffc01f796dc0 
[   13.131645@0] x3 : 0000000000000002 x2 : 0000000000000000 
[   13.138830@0] tsbuffer reset
[   13.195195@0] x1 : ffffffc01f796de0 x0 : ffffffc01f797298 
[   13.203472@0] Call trace:
**[   13.206070@0]  rb_erase_cached+0x1c0/0x3dc
[   13.210122@0]  __hrtimer_start_range_ns+0xb4/0x5a0
[   13.214862@0]  hrtimer_start_range_ns+0x9c/0xdc
[   13.219347@0]  tick_nohz_idle_stop_tick+0x178/0x228
[   13.224182@0]  do_idle+0xf4/0x2a4
[   13.227456@0]  cpu_startup_entry+0x20/0x24
[   13.231507@0]  rest_init+0xc8/0xd4
[   13.234872@0]  start_kernel+0x2e8/0x35c**
[   13.238674@0] Code: 540002e0 9100218b 14000015 f9400909 (3940012a) 
[   13.244879@0] ---[ end trace 9b672b6943545d30 ]---
[   13.259011@0] Kernel panic - not syncing: Fatal exception

Panic2,

[   13.384038@0] Unable to handle kernel write to read-only memory at virtual address 0000000000000000
[   13.387440@0] Mem abort info:
[   13.390364@0]   ESR = 0x96000045
[   13.393557@0]   Exception class = DABT (current EL), IL = 32 bits
[   13.399598@0]   SET = 0, FnV = 0
[   13.402783@0]   EA = 0, S1PTW = 0
[   13.406060@0] Data abort info:
[   13.409080@0]   ISV = 0, ISS = 0x00000045
[   13.413047@0]   CM = 0, WnR = 1
[   13.416158@0] user pgtable: 4k pages, 39-bit VAs, pgdp = 000000003194421d
[   13.422881@0] [0000000000000000] pgd=0000000000000000, pud=0000000000000000
[   13.429783@0] Internal error: Oops: 96000045 [#1] PREEMPT SMP
[   13.435473@0] Modules linked in:
[   13.438665@0] Process iot_usb_dock (pid: 1497, stack limit = 0x0000000058adae90)
[   13.446005@0] CPU: 0 PID: 1497 Comm: iot_usb_dock Tainted: G        W         4.19.219-gb454b369606f #1
[   13.455311@0] Hardware name: AML KKK B1 Board (DT)
[   13.460575@0] pstate: 60400085 (nZCv daIf +PAN -UAO)
[   13.465500@0] pc : rb_erase_cached+0x1d8/0x3dc
[   13.469890@0] lr : timerqueue_del+0x2c/0x50
[   13.474027@0] sp : ffffff8009a6bc30
[   13.477477@0] x29: ffffff8009a6bc30 x28: ffffffc01dbba550 
[   13.482910@0] x27: ffffff80082370ec x26: 0000000000000000 
[   13.488344@0] x25: ffffff8009a6bd70 x24: ffffffc01f796d80 
[   13.493777@0] x23: ffffffc01f796d80 x22: ffffffc01f796d80 
[   13.499211@0] x21: ffffffc01f796dc0 x20: ffffffc01f796de0 
[   13.504645@0] x19: ffffff8009a6bca0 x18: 0000000000000000 
[   13.510079@0] x17: 0000000000000000 x16: 0000000000000000 
[   13.515512@0] x15: 0000000000000000 x14: 0000000000000400 
[   13.520946@0] x13: 000000000000029b x12: 0000000000000000 
[   13.526375@0] x11: ffffff8009e5bd81 x10: 0000000000000000 
[   13.531814@0] x9 : ffffff8008c8d798 x8 : ffffff8009e5bd80 
[   13.537247@0] x7 : 0000000000000000 x6 : 0000000000000000 
[   13.542681@0] x5 : 0000000000000000 x4 : ffffff8009ebbb94 
[   13.548115@0] x3 : ffffff8009a6bbd8 x2 : 0000000000000001 
[   13.553549@0] x1 : ffffffc01f796de0 x0 : ffffff8009a6bca0 
[   13.558982@0] Call trace:
[   13.561580@0]  rb_erase_cached+0x1d8/0x3dc
[   13.565635@0]  hrtimer_try_to_cancel+0x114/0x2ec
[   13.570203@0]  schedule_hrtimeout_range_clock+0x154/0x1a8
[   13.575548@0]  schedule_hrtimeout_range+0x10/0x18
[   13.580211@0]  ep_poll+0x2dc/0x344
[   13.583567@0]  __arm64_sys_epoll_pwait+0x144/0x1f8
[   13.588318@0]  el0_svc_common+0x94/0x108
[   13.592192@0]  el0_svc_handler+0x1c/0x24
[   13.596073@0]  el0_svc+0x8/0x14c
[   13.599274@0] Code: f940052a b240010b f900090a f9000528 (f900014b) 
[   13.605476@0] ---[ end trace 259fedd43300fb70 ]---
[   13.620193@0] Kernel panic - not syncing: Fatal exception

here https://web.eece.maine.edu/~vweaver/projects/perf_events/fuzzer/3.14-rc5.rbtree_hrtimer.html is similar issue, but I not found upstream any fix about this.


And https://lkml.org/lkml/2014/4/24/637 show that thread ever got resolved.


Any guys meet this issue?

Note You need to log in before you can comment on or make changes to this bug.